Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BankerFox.A No internet connection


  • This topic is locked This topic is locked
22 replies to this topic

#1 KathysKomputer

KathysKomputer

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baldwin Park CA
  • Local time:01:41 PM

Posted 19 April 2011 - 01:31 PM

I have a virus on my home pc Bankerfox.A. I was able to restart in "safemode with network". but I can't establish internet conection. "The Proxy server is refusing connections".
How can I upload your log program? I'm thinking on a usb scandisk?
Please advise. Thank you!!
_Kathryn

Edited by KathysKomputer, 19 April 2011 - 01:44 PM.

Kathryn Rau   :flowers: 

 

KathrynRauPhotography@hotmail.com

 


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 29 April 2011 - 06:41 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 KathysKomputer

KathysKomputer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baldwin Park CA
  • Local time:01:41 PM

Posted 30 April 2011 - 10:30 AM

Hi mOLe.
Thank you for your help. I have been able to restore internet and ran a scan using Malewarebytes.
Should I post the log in this forum?
Kathryn

Kathryn Rau   :flowers: 

 

KathrynRauPhotography@hotmail.com

 


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 30 April 2011 - 01:50 PM

Yes, let's see an OTL log please

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 KathysKomputer

KathysKomputer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baldwin Park CA
  • Local time:01:41 PM

Posted 30 April 2011 - 02:55 PM

OTL logfile created on: 4/30/2011 12:48:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 409.76 Gb Total Space | 138.22 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
Drive D: | 19.71 Gb Total Space | 12.04 Gb Free Space | 61.10% Space Free | Partition Type: FAT32
Drive E: | 128.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JIMSTOWING | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 12:46:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(2).exe
PRC - [2011/04/06 13:43:07 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/03/25 14:39:24 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/03/25 11:41:32 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/10 21:28:54 | 005,993,984 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/01/12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/14 22:02:00 | 000,175,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTFJA.EXE
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/04/11 17:40:16 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/09/20 19:10:04 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
PRC - [2005/09/20 19:08:44 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
PRC - [2003/05/21 15:30:52 | 000,045,056 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2003/04/07 18:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2002/07/03 01:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/06/18 00:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/04/17 18:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 18:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/10/29 02:26:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent.exe
PRC - [1999/12/02 16:55:32 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtmngr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 12:46:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(2).exe
MOD - [2011/04/06 13:43:33 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011/01/11 10:59:44 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/25 09:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/25 09:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PCToolsFirewallPlus)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/25 14:39:24 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/22 13:21:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/04/11 17:40:16 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2006/04/11 17:40:16 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/31 06:47:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/06 22:46:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/06 22:46:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/21 18:27:04 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/04/21 18:27:04 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/04/21 18:27:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/10 11:57:01 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/03/10 11:56:52 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/18 20:39:30 | 000,993,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/11/21 08:10:40 | 000,082,784 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/09/23 10:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/12/17 02:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/10/23 12:48:09 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/08/28 21:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/07/03 06:39:49 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/06/09 10:53:22 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/06/09 10:52:50 | 000,024,192 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/06/09 10:43:38 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/06/09 10:40:00 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/06/09 10:38:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/06/09 10:27:06 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/04/14 16:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/10/30 16:32:10 | 001,000,864 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/10/28 00:01:48 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/29 21:49:00 | 000,195,324 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/08/29 20:12:30 | 000,837,468 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/31 07:45:48 | 000,012,658 | R--- | M] (SonicBlue Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RioS30.sys -- (RioS30)
DRV - [2002/07/19 18:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 18:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 18:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 18:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/06/04 15:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000/03/23 06:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1999/12/17 09:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [1999/09/10 04:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 ED 95 61 3F 02 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: FirefoxAddon@myfacebook.com:1.8
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: afterthedeadline@afterthedeadline.com:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 06:06:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/10 19:40:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/06 13:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:43:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:43:41 | 000,000,000 | ---D | M]

[2010/03/16 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/03/16 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/11 19:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/29 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions
[2010/12/06 07:40:18 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/07 19:15:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/14 08:30:01 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/06 07:40:18 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/08/12 13:59:33 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\afterthedeadline@afterthedeadline.com
[2010/12/07 09:55:38 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/06/28 07:55:12 | 000,000,000 | ---D | M] (My Facebook) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\FirefoxAddon@myfacebook.com
[2011/04/29 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/30 12:43:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 17:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010/04/06 09:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/04/21 20:38:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/14 06:37:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/06 13:43:34 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/03/10 19:40:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/30 12:43:38 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/04/30 12:43:38 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2011/04/30 12:43:39 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/06/19 12:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/04/06 13:43:26 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/04/06 13:43:51 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/04/06 13:43:15 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/09/14 14:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 14:09:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/14 14:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 14:09:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/14 14:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 14:09:10 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/14 14:09:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/14 14:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/16 19:19:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00PCTFW] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: bleepingcomputer.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: malwarebytes.org ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.bc.edu/schools/law/lawreviews/meta-elements/journals/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab (Walt Disney Internet Group Hardware Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games Buddy Invite)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab41096.cab (ZPA_DMNO Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://aolsvc.aol.com/onlinegames/free-trial-zenerchi/ZenerchiWeb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://www.imgag.com/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games Game Communicator)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} https://music.msn.com/client/msnmusax2116.cab (MsnMusicAx Class)
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} http://webchat.geopia.com/activeX/GeoStart.cab (ChatModule Control)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (DigWebHelper Class)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab (CheckersZPA Object)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab (ZPA_Backgammon Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 10:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/09 17:14:02 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/09 16:14:04 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/06/02 15:43:20 | 000,172,032 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/09/14 11:52:43 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7c89c05c-85ea-11de-a2ed-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7c89c05c-85ea-11de-a2ed-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c89c05c-85ea-11de-a2ed-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 15:43:20 | 000,172,032 | R--- | M] ()
O33 - MountPoints2\{d6854878-71a9-11df-827f-00248c7511e1}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{d6854878-71a9-11df-827f-00248c7511e1}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 15:43:20 | 000,172,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 19:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jenna & Brooktini 2011 Easter
[2011/04/23 22:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Castro's Anniversary
[2011/04/19 21:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/19 21:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/19 21:23:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 12:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Writewood 2011
[2011/04/14 20:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MUMBO JUMBO
[2011/04/13 15:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011/04/11 18:56:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Copy of My Pictures
[2011/04/11 17:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Companion
[2011/04/11 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011/04/11 17:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2011/04/11 17:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2011/04/11 17:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FrostWire
[2011/04/11 17:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2011/04/11 17:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
[2011/04/11 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/04/11 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\FrostWire
[2011/04/11 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/04/11 17:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/11 17:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/11 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/10 21:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jr photos Sunday fb favs
[2011/04/10 20:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jr photos Sunday 4-10-11
[2011/04/10 20:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Junior Video Race 4 2011
[2011/04/09 21:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Big Cars & Jr 2011 Video race 3
[2011/04/09 21:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Big cars & jr's 2011
[2011/04/09 11:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Lorraine O'Brien
[2011/04/07 18:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FAVS 2011 PHOTO & VIDEO
[2011/04/06 14:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Legals 2-5-11edit
[2011/04/06 14:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street legals to Mark
[2011/04/06 13:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2006/10/20 19:14:52 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\YidFa.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\xueGCOBV.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\wQvmh.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\wmrat.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\WdCcdC.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vVEwnOs.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\VdQoH.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uHsuX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\ueaAXUg.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\TwNVUgAN.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\ToOMF.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\sNTFX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\RqEYAByX.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\PwXKX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\PUVCf.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\OAVBp.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\NrboIlsB.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\lfWRGSwu.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\lfDkwsM.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\khfGudDL.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\JiUgLh.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\jETid.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\JcaLxAAnA.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\IDlLeQda.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\hIyYHhImd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\GYljd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\GTFeU.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GkxcoNHm.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\GCvEUOXG.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\FXSLiGI.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\FgUwkMdrO.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\EJKxEd.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\ECqDWcy.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\CwSmSve.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\CgCkd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\BEKfiYUh.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\aWJACC.dll
[2004/07/20 19:47:23 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[36 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 12:48:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2094700345-2452418879-86319907-1003.job
[2011/04/30 12:48:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2094700345-2452418879-86319907-1003.job
[2011/04/30 12:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 09:13:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5ADDC43B-8380-45BD-9D8E-295692934D71}.job
[2011/04/30 07:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 23:40:35 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/27 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/27 15:36:30 | 000,079,121 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/04/23 15:11:25 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 06:20:38 | 000,447,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 06:20:38 | 000,073,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/21 06:17:06 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 06:16:50 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/21 06:16:50 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/04/21 06:15:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/21 06:15:52 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 21:23:13 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 15:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011/04/13 03:25:44 | 002,409,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 03:08:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 18:01:18 | 000,001,303 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Folder.jpg
[2011/04/11 18:01:18 | 000,000,727 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArtSmall.jpg
[2011/04/11 17:53:20 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2011/04/11 17:52:23 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/11 17:52:23 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.5.lnk
[2011/04/11 17:46:39 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/11 17:42:52 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/04/11 17:42:52 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\8EA4A0
[2011/04/11 17:41:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/11 17:41:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/11 17:33:40 | 000,133,816 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/06 19:44:46 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/04/06 13:43:46 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/06 13:43:27 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/04/06 13:43:13 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/04/06 13:43:13 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/04/06 13:43:09 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[36 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 15:36:30 | 000,079,121 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/04/19 22:43:13 | 3220,230,144 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/19 21:23:13 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 17:53:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2011/04/11 17:52:23 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/11 17:52:23 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.5.lnk
[2011/04/11 17:46:39 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/06 13:43:46 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/03/08 11:12:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/03/06 22:27:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 16:17:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/01/31 16:14:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/10 19:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/12/09 14:46:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/12/09 14:46:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/12/09 14:46:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/12/09 14:46:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/12/09 14:46:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/12/09 14:46:19 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/12/09 14:46:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/12/09 14:46:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/12/09 14:46:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/12/09 14:46:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/12/09 14:46:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/12/09 14:46:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/12/09 14:46:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/12/09 14:46:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/12/09 14:46:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/12/09 14:46:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/09 14:45:14 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EPWF610.ini
[2009/12/01 13:04:29 | 000,079,726 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/12/01 13:04:29 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/11/29 00:03:03 | 000,133,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/28 13:48:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/26 15:09:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/10 21:14:13 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/08/10 21:14:13 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/08/10 21:14:10 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/08/10 21:14:10 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/08/10 21:13:04 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/10 21:12:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/10 21:12:19 | 000,037,217 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/10 21:12:18 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/13 20:07:23 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/19 18:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/16 12:57:41 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kodakpcd.ini
[2008/12/25 09:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/25 09:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/25 09:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/25 09:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/25 09:08:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\YuqGyLCQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\yNWoQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\yFOgjCGMu.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\xyewa.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\XvLEwY.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\WXVqcqVvd.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\WVsOdnnlQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\wCWKe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\VYMwOYG.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\VJeqbB.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\VHhuHlqj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\vBioDLBig.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uVWIGNtQJ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\uOpjKo.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\UlEjFi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uHjRA.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uDtGsG.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\uCReCPAX.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ToRAWdFJV.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\tLdbI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\THSlBI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ThDYO.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\sTuhylW.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\sKlgKY.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\sHCDgFSC.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\seDfEt.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\Rxxww.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RuaQcWi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\RsonyMR.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RPoWL.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RIiLeBcw.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\rHMvX.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RHkDwnw.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RgFBlU.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\qMwWiHx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\qFyFV.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\QFSBybKef.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\QeMAP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\pswMoGQR.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\pSUxHbpR.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\PeaVGy.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\PbFjKc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\oxrTq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OwXgkda.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\OotUvTdhs.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OMEkuBTnA.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OlfwSWQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\Ojlnyhr.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OiiLcac.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ofEUgkfiX.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nXAJv.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nWxwvWasd.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\NVXMQiMc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nSkeEcLLj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\nmbJUr.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nJyix.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nfLEuEx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MtGpNsGB.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrEsqQn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpRbNJS.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\mpbonc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\mOxDdqbh.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MNWNgUq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mhCkuoa.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAwbe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mAegsv.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\lVsoAS.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\lmTfo.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\LITInm.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\licVPtHT.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\lBEkh.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\kwYyXwdBY.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\krLyHhHH.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\kpUkDF.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\KNCYuq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmUUCxie.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\jPqUI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\JnKGc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\JHYLHRKm.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\JGMdka.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\iUKLDe.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\IhvHUCf.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hXQFJA.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\HCXfv.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVMNViQj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\goiSDW.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\GLTEUeML.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\gkDsxnef.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\gJUYLHO.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\GHSJqOwxP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\gGmMuyuQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\gEjhUTtD.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GBLwmPRwW.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fURHbe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\fUdlxn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\FlVDNk.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fJbTk.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\feIIR.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\eQEbocb.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\EoHJyS.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ejVMTI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\Ehwkvba.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ebKtLRi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\dtffYP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\CxSnNTbs.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cVlDhC.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\cteOqM.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\cSnpKkrk.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cqtQAbx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\cduGyOspn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\bnVYKd.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\BmQmQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\axOfCsWgO.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\atQkoTJlp.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\aRjeVe.exe
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/04 22:29:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/02/27 13:39:52 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\EventStore.xml
[2008/02/27 13:39:52 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CampaignStore.xml
[2008/02/27 13:39:52 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\UpdateStore.xml
[2008/02/26 11:17:52 | 000,001,291 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SoftwarePackageStore.xml
[2008/02/26 11:17:52 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2008/02/26 11:17:52 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ConfigurationStore.xml
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/24 14:18:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/13 20:16:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\JpegEx.dll
[2006/10/29 20:05:13 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/29 20:05:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/08 12:09:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msn.ini
[2006/01/19 15:08:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/01/16 16:31:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/21 03:36:46 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/12/07 20:52:09 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/30 14:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2005/11/11 16:35:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/11/11 16:35:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/11/11 15:40:04 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/11 15:40:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/29 06:49:29 | 000,000,534 | ---- | C] () -- C:\WINDOWS\System32\nt68rrtr12.sys
[2005/09/17 16:46:24 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\nt86rptr12.sys
[2005/09/17 16:45:56 | 000,128,488 | ---- | C] () -- C:\WINDOWS\System32\tkquv3hb.dat
[2005/09/17 16:45:56 | 000,035,600 | ---- | C] () -- C:\WINDOWS\System32\bfr4hu9u.dat
[2005/09/17 16:45:56 | 000,012,744 | ---- | C] () -- C:\WINDOWS\System32\75sgllr5.dat
[2005/09/17 16:45:56 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\para3q2i.dat
[2005/09/17 16:45:56 | 000,002,723 | ---- | C] () -- C:\WINDOWS\System32\l0tn7hkp.dat
[2005/09/17 16:45:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\lu435h21.ini
[2005/09/17 16:45:50 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\4cunjp6m.ini
[2005/08/28 13:21:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/08/24 16:40:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/19 17:30:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/05/03 12:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 12:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/27 11:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/03/31 17:02:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\GeoUpdate.exe
[2005/03/03 17:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/01/02 01:56:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/12 19:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/09/01 17:29:16 | 000,001,165 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2004/08/26 08:53:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\IA.ini
[2004/08/25 13:24:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2004/08/12 08:44:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2004/08/12 08:44:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2004/08/07 07:36:01 | 000,000,070 | ---- | C] () -- C:\WINDOWS\7FE51859.ini
[2004/08/05 23:05:32 | 000,104,060 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 17:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/02 17:18:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/07/25 20:17:36 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/24 09:58:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/23 14:17:41 | 000,047,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/20 21:16:11 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/07/20 21:00:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/07/20 21:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/07/20 21:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/07/20 20:10:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2004/07/20 20:10:09 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2004/07/20 20:06:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000002-80691102}.dat
[2004/07/20 20:06:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000009-00001102-00000002-80691102}.dat
[2004/07/20 19:47:33 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/07/20 19:47:33 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/07/20 19:47:24 | 000,037,729 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/07/20 19:47:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/20 19:47:23 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2004/07/20 19:47:23 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2004/07/20 19:47:23 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2004/07/20 19:47:23 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2004/07/20 19:47:23 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2004/07/20 19:47:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/07/20 19:47:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2004/07/20 19:47:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2004/07/20 19:47:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/07/20 19:47:17 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/28 15:48:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/28 12:31:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2002/10/28 12:30:01 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.153.exe
[2002/10/28 12:29:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/10/28 12:29:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2002/10/28 12:18:04 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/28 12:17:57 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/28 11:42:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/28 11:37:38 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2002/10/28 11:37:37 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2002/10/28 11:37:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002/10/28 11:34:32 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/10/28 11:31:05 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2002/10/28 11:23:47 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/10/28 11:23:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/10/28 11:23:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/10/28 10:40:15 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/28 10:38:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/10/28 10:33:19 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/10/28 09:23:12 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/28 09:22:57 | 000,447,270 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/10/28 09:22:57 | 000,073,882 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/10/28 02:28:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/10/28 02:27:21 | 002,409,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/24 00:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/05/24 20:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/05/24 20:44:48 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/01/23 02:42:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/14 14:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/08/31 23:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 19:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/06/13 23:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2004/07/20 20:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2009/06/01 14:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/12/09 14:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/04/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/06/06 13:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/05/16 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2007/05/04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2004/08/05 23:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/04/06 12:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2007/10/05 19:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/04/26 15:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/04/28 14:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/01/25 13:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2006/02/21 19:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2006/07/08 12:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/02/15 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2008/02/08 17:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/06/01 14:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/11/08 11:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/04/02 10:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/04/02 10:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2009/04/02 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2005/06/10 22:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/09/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/03/23 17:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/03/10 17:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/10/08 18:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2006/10/06 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/11/13 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/04/02 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2007/10/04 21:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Super X Studios
[2010/03/19 17:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/03/25 19:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/19 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2008/01/06 18:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/19 19:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/07 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/28 23:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/26 22:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/06/23 22:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2006/04/26 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2006/10/06 17:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Balloon Express
[2007/07/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2008/04/04 18:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2009/06/15 17:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/05/14 10:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/01 14:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/01/27 11:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Epson
[2008/05/16 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2007/05/04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FloodLightGames
[2004/08/06 09:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2011/04/11 22:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2004/11/09 20:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2011/04/27 15:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/11/03 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iLike
[2010/04/26 15:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2009/03/17 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio
[2007/02/25 12:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/03/26 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWinArcade
[2008/06/02 16:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero
[2006/01/19 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/04/11 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2006/04/25 15:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Match
[2006/02/21 20:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN Search Toolbar
[2007/11/10 12:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2007/09/21 11:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mysteryville2
[2010/11/08 11:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2011/04/11 17:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/03/16 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2010/11/08 11:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Photodex
[2008/03/02 12:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pirateville
[2008/09/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2008/10/20 13:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2009/10/05 19:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reg Tool
[2009/01/02 17:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2002/10/28 12:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/09/11 08:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shutterfly
[2009/02/16 18:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2008/02/26 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftwareDetectionScripts
[2008/02/14 20:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Super-Cow
[2010/03/19 17:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
[2011/04/11 21:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2004/08/02 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2009/06/08 11:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio
[2009/01/17 17:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
[2008/10/08 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2011/04/30 09:13:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5ADDC43B-8380-45BD-9D8E-295692934D71}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\Summit Banquet 2010.exe:SummaryInformation
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1CCF2C1
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E4A69E
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07B14078
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11201333
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618BF152
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:426796C0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D0CEAB7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB45745
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ECC1364
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D47A6274
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE5EBE9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E9307D7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BBA8A83
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDFF58FE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7617B2BB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24AB14E7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A330F4B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940EEA60
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2785F3BB
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45

< End of report >

OTL logfile created on: 4/30/2011 12:48:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 409.76 Gb Total Space | 138.22 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
Drive D: | 19.71 Gb Total Space | 12.04 Gb Free Space | 61.10% Space Free | Partition Type: FAT32
Drive E: | 128.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JIMSTOWING | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 12:46:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(2).exe
PRC - [2011/04/06 13:43:07 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/03/25 14:39:24 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/03/25 11:41:32 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/10 21:28:54 | 005,993,984 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/01/12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/14 22:02:00 | 000,175,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTFJA.EXE
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/04/11 17:40:16 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/09/20 19:10:04 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
PRC - [2005/09/20 19:08:44 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
PRC - [2003/05/21 15:30:52 | 000,045,056 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2003/04/07 18:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2002/07/03 01:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/06/18 00:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/04/17 18:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 18:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/10/29 02:26:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent.exe
PRC - [1999/12/02 16:55:32 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtmngr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 12:46:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(2).exe
MOD - [2011/04/06 13:43:33 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011/01/11 10:59:44 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/25 09:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/25 09:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PCToolsFirewallPlus)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/25 14:39:24 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/22 13:21:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/04/11 17:40:16 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2006/04/11 17:40:16 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/31 06:47:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/06 22:46:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/06 22:46:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/21 18:27:04 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/04/21 18:27:04 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/04/21 18:27:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/10 11:57:01 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/03/10 11:56:52 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/18 20:39:30 | 000,993,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/11/21 08:10:40 | 000,082,784 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/09/23 10:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/12/17 02:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/10/23 12:48:09 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/08/28 21:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/07/03 06:39:49 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/06/09 10:53:22 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/06/09 10:52:50 | 000,024,192 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/06/09 10:43:38 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/06/09 10:40:00 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/06/09 10:38:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/06/09 10:27:06 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/04/14 16:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/10/30 16:32:10 | 001,000,864 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/10/28 00:01:48 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/29 21:49:00 | 000,195,324 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/08/29 20:12:30 | 000,837,468 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/31 07:45:48 | 000,012,658 | R--- | M] (SonicBlue Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RioS30.sys -- (RioS30)
DRV - [2002/07/19 18:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 18:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 18:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 18:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/06/04 15:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000/03/23 06:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1999/12/17 09:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [1999/09/10 04:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 ED 95 61 3F 02 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: FirefoxAddon@myfacebook.com:1.8
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: afterthedeadline@afterthedeadline.com:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 06:06:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/10 19:40:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/06 13:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:43:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:43:41 | 000,000,000 | ---D | M]

[2010/03/16 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/03/16 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/11 19:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/29 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions
[2010/12/06 07:40:18 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/07 19:15:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/14 08:30:01 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/06 07:40:18 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/08/12 13:59:33 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\afterthedeadline@afterthedeadline.com
[2010/12/07 09:55:38 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/06/28 07:55:12 | 000,000,000 | ---D | M] (My Facebook) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\FirefoxAddon@myfacebook.com
[2011/04/29 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/30 12:43:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 17:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010/04/06 09:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/04/21 20:38:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/14 06:37:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/06 13:43:34 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/03/10 19:40:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/30 12:43:38 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/04/30 12:43:38 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2011/04/30 12:43:39 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/06/19 12:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/04/06 13:43:26 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/04/06 13:43:51 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/04/06 13:43:15 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/09/14 14:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 14:09:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/14 14:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 14:09:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/14 14:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 14:09:10 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/14 14:09:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/14 14:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/16 19:19:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00PCTFW] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: bleepingcomputer.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: malwarebytes.org ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.bc.edu/schools/law/lawreviews/meta-elements/journals/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab (Walt Disney Internet Group Hardware Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games Buddy Invite)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab41096.cab (ZPA_DMNO Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://aolsvc.aol.com/onlinegames/free-trial-zenerchi/ZenerchiWeb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://www.imgag.com/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games Game Communicator)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} https://music.msn.com/client/msnmusax2116.cab (MsnMusicAx Class)
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} http://webchat.geopia.com/activeX/GeoStart.cab (ChatModule Control)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (DigWebHelper Class)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab (CheckersZPA Object)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab (ZPA_Backgammon Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 10:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/09 17:14:02 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/09 16:14:04 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/06/02 15:43:20 | 000,172,032 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/09/14 11:52:43 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7c89c05c-85ea-11de-a2ed-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7c89c05c-85ea-11de-a2ed-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c89c05c-85ea-11de-a2ed-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 15:43:20 | 000,172,032 | R--- | M] ()
O33 - MountPoints2\{d6854878-71a9-11df-827f-00248c7511e1}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{d6854878-71a9-11df-827f-00248c7511e1}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 15:43:20 | 000,172,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 19:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jenna & Brooktini 2011 Easter
[2011/04/23 22:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Castro's Anniversary
[2011/04/19 21:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/19 21:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/19 21:23:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 12:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Writewood 2011
[2011/04/14 20:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MUMBO JUMBO
[2011/04/13 15:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011/04/11 18:56:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Copy of My Pictures
[2011/04/11 17:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Companion
[2011/04/11 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011/04/11 17:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2011/04/11 17:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2011/04/11 17:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FrostWire
[2011/04/11 17:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2011/04/11 17:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
[2011/04/11 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/04/11 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\FrostWire
[2011/04/11 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/04/11 17:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/11 17:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/11 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/10 21:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jr photos Sunday fb favs
[2011/04/10 20:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jr photos Sunday 4-10-11
[2011/04/10 20:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Junior Video Race 4 2011
[2011/04/09 21:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Big Cars & Jr 2011 Video race 3
[2011/04/09 21:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Big cars & jr's 2011
[2011/04/09 11:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Lorraine O'Brien
[2011/04/07 18:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FAVS 2011 PHOTO & VIDEO
[2011/04/06 14:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Legals 2-5-11edit
[2011/04/06 14:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street legals to Mark
[2011/04/06 13:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2006/10/20 19:14:52 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\YidFa.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\xueGCOBV.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\wQvmh.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\wmrat.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\WdCcdC.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vVEwnOs.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\VdQoH.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uHsuX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\ueaAXUg.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\TwNVUgAN.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\ToOMF.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\sNTFX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\RqEYAByX.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\PwXKX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\PUVCf.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\OAVBp.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\NrboIlsB.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\lfWRGSwu.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\lfDkwsM.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\khfGudDL.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\JiUgLh.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\jETid.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\JcaLxAAnA.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\IDlLeQda.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\hIyYHhImd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\GYljd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\GTFeU.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GkxcoNHm.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\GCvEUOXG.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\FXSLiGI.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\FgUwkMdrO.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\EJKxEd.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\ECqDWcy.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\CwSmSve.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\CgCkd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\BEKfiYUh.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\aWJACC.dll
[2004/07/20 19:47:23 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[36 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 12:48:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2094700345-2452418879-86319907-1003.job
[2011/04/30 12:48:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2094700345-2452418879-86319907-1003.job
[2011/04/30 12:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 09:13:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5ADDC43B-8380-45BD-9D8E-295692934D71}.job
[2011/04/30 07:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 23:40:35 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/27 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/27 15:36:30 | 000,079,121 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/04/23 15:11:25 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 06:20:38 | 000,447,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 06:20:38 | 000,073,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/21 06:17:06 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 06:16:50 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/21 06:16:50 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/04/21 06:15:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/21 06:15:52 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 21:23:13 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 15:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011/04/13 03:25:44 | 002,409,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 03:08:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 18:01:18 | 000,001,303 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Folder.jpg
[2011/04/11 18:01:18 | 000,000,727 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArtSmall.jpg
[2011/04/11 17:53:20 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2011/04/11 17:52:23 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/11 17:52:23 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.5.lnk
[2011/04/11 17:46:39 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/11 17:42:52 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/04/11 17:42:52 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\8EA4A0
[2011/04/11 17:41:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/11 17:41:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/11 17:33:40 | 000,133,816 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/06 19:44:46 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/04/06 13:43:46 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/06 13:43:27 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/04/06 13:43:13 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/04/06 13:43:13 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/04/06 13:43:09 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[36 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 15:36:30 | 000,079,121 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/04/19 22:43:13 | 3220,230,144 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/19 21:23:13 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 17:53:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2011/04/11 17:52:23 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/11 17:52:23 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.5.lnk
[2011/04/11 17:46:39 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/06 13:43:46 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/03/08 11:12:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/03/06 22:27:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 16:17:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/01/31 16:14:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/10 19:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/12/09 14:46:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/12/09 14:46:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/12/09 14:46:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/12/09 14:46:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/12/09 14:46:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/12/09 14:46:19 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/12/09 14:46:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/12/09 14:46:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/12/09 14:46:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/12/09 14:46:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/12/09 14:46:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/12/09 14:46:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/12/09 14:46:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/12/09 14:46:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/12/09 14:46:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/12/09 14:46:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/09 14:45:14 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EPWF610.ini
[2009/12/01 13:04:29 | 000,079,726 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/12/01 13:04:29 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/11/29 00:03:03 | 000,133,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/28 13:48:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/26 15:09:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/10 21:14:13 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/08/10 21:14:13 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/08/10 21:14:10 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/08/10 21:14:10 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/08/10 21:13:04 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/10 21:12:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/10 21:12:19 | 000,037,217 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/10 21:12:18 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/13 20:07:23 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/19 18:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/16 12:57:41 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kodakpcd.ini
[2008/12/25 09:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/25 09:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/25 09:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/25 09:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/25 09:08:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\YuqGyLCQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\yNWoQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\yFOgjCGMu.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\xyewa.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\XvLEwY.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\WXVqcqVvd.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\WVsOdnnlQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\wCWKe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\VYMwOYG.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\VJeqbB.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\VHhuHlqj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\vBioDLBig.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uVWIGNtQJ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\uOpjKo.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\UlEjFi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uHjRA.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uDtGsG.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\uCReCPAX.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ToRAWdFJV.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\tLdbI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\THSlBI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ThDYO.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\sTuhylW.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\sKlgKY.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\sHCDgFSC.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\seDfEt.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\Rxxww.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RuaQcWi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\RsonyMR.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RPoWL.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RIiLeBcw.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\rHMvX.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RHkDwnw.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RgFBlU.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\qMwWiHx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\qFyFV.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\QFSBybKef.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\QeMAP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\pswMoGQR.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\pSUxHbpR.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\PeaVGy.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\PbFjKc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\oxrTq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OwXgkda.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\OotUvTdhs.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OMEkuBTnA.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OlfwSWQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\Ojlnyhr.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OiiLcac.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ofEUgkfiX.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nXAJv.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nWxwvWasd.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\NVXMQiMc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nSkeEcLLj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\nmbJUr.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nJyix.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nfLEuEx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MtGpNsGB.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrEsqQn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpRbNJS.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\mpbonc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\mOxDdqbh.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MNWNgUq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mhCkuoa.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAwbe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mAegsv.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\lVsoAS.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\lmTfo.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\LITInm.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\licVPtHT.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\lBEkh.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\kwYyXwdBY.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\krLyHhHH.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\kpUkDF.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\KNCYuq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmUUCxie.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\jPqUI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\JnKGc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\JHYLHRKm.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\JGMdka.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\iUKLDe.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\IhvHUCf.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hXQFJA.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\HCXfv.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVMNViQj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\goiSDW.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\GLTEUeML.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\gkDsxnef.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\gJUYLHO.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\GHSJqOwxP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\gGmMuyuQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\gEjhUTtD.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GBLwmPRwW.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fURHbe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\fUdlxn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\FlVDNk.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fJbTk.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\feIIR.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\eQEbocb.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\EoHJyS.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ejVMTI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\Ehwkvba.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ebKtLRi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\dtffYP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\CxSnNTbs.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cVlDhC.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\cteOqM.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\cSnpKkrk.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cqtQAbx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\cduGyOspn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\bnVYKd.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\BmQmQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\axOfCsWgO.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\atQkoTJlp.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\aRjeVe.exe
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/04 22:29:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/02/27 13:39:52 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\EventStore.xml
[2008/02/27 13:39:52 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CampaignStore.xml
[2008/02/27 13:39:52 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\UpdateStore.xml
[2008/02/26 11:17:52 | 000,001,291 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SoftwarePackageStore.xml
[2008/02/26 11:17:52 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2008/02/26 11:17:52 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ConfigurationStore.xml
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/24 14:18:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/13 20:16:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\JpegEx.dll
[2006/10/29 20:05:13 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/29 20:05:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/08 12:09:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msn.ini
[2006/01/19 15:08:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/01/16 16:31:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/21 03:36:46 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/12/07 20:52:09 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/30 14:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2005/11/11 16:35:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/11/11 16:35:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/11/11 15:40:04 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/11 15:40:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/29 06:49:29 | 000,000,534 | ---- | C] () -- C:\WINDOWS\System32\nt68rrtr12.sys
[2005/09/17 16:46:24 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\nt86rptr12.sys
[2005/09/17 16:45:56 | 000,128,488 | ---- | C] () -- C:\WINDOWS\System32\tkquv3hb.dat
[2005/09/17 16:45:56 | 000,035,600 | ---- | C] () -- C:\WINDOWS\System32\bfr4hu9u.dat
[2005/09/17 16:45:56 | 000,012,744 | ---- | C] () -- C:\WINDOWS\System32\75sgllr5.dat
[2005/09/17 16:45:56 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\para3q2i.dat
[2005/09/17 16:45:56 | 000,002,723 | ---- | C] () -- C:\WINDOWS\System32\l0tn7hkp.dat
[2005/09/17 16:45:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\lu435h21.ini
[2005/09/17 16:45:50 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\4cunjp6m.ini
[2005/08/28 13:21:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/08/24 16:40:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/19 17:30:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/05/03 12:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 12:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/27 11:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/03/31 17:02:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\GeoUpdate.exe
[2005/03/03 17:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/01/02 01:56:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/12 19:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/09/01 17:29:16 | 000,001,165 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2004/08/26 08:53:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\IA.ini
[2004/08/25 13:24:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2004/08/12 08:44:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2004/08/12 08:44:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2004/08/07 07:36:01 | 000,000,070 | ---- | C] () -- C:\WINDOWS\7FE51859.ini
[2004/08/05 23:05:32 | 000,104,060 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 17:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/02 17:18:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/07/25 20:17:36 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/24 09:58:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/23 14:17:41 | 000,047,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/20 21:16:11 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/07/20 21:00:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/07/20 21:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/07/20 21:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/07/20 20:10:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2004/07/20 20:10:09 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2004/07/20 20:06:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000002-80691102}.dat
[2004/07/20 20:06:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000009-00001102-00000002-80691102}.dat
[2004/07/20 19:47:33 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/07/20 19:47:33 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/07/20 19:47:24 | 000,037,729 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/07/20 19:47:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/20 19:47:23 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2004/07/20 19:47:23 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2004/07/20 19:47:23 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2004/07/20 19:47:23 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2004/07/20 19:47:23 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2004/07/20 19:47:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/07/20 19:47:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2004/07/20 19:47:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2004/07/20 19:47:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/07/20 19:47:17 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/28 15:48:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/28 12:31:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2002/10/28 12:30:01 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.153.exe
[2002/10/28 12:29:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/10/28 12:29:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2002/10/28 12:18:04 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/28 12:17:57 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/28 11:42:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/28 11:37:38 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2002/10/28 11:37:37 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2002/10/28 11:37:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002/10/28 11:34:32 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/10/28 11:31:05 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2002/10/28 11:23:47 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/10/28 11:23:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/10/28 11:23:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/10/28 10:40:15 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/28 10:38:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/10/28 10:33:19 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/10/28 09:23:12 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/28 09:22:57 | 000,447,270 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/10/28 09:22:57 | 000,073,882 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/10/28 02:28:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/10/28 02:27:21 | 002,409,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/24 00:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/05/24 20:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/05/24 20:44:48 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/01/23 02:42:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/14 14:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/08/31 23:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 19:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/06/13 23:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2004/07/20 20:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2009/06/01 14:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/12/09 14:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/04/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/06/06 13:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/05/16 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2007/05/04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2004/08/05 23:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/04/06 12:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2007/10/05 19:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/04/26 15:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/04/28 14:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/01/25 13:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2006/02/21 19:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2006/07/08 12:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/02/15 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2008/02/08 17:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/06/01 14:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/11/08 11:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/04/02 10:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/04/02 10:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2009/04/02 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2005/06/10 22:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/09/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/03/23 17:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/03/10 17:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/10/08 18:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2006/10/06 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/11/13 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/04/02 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2007/10/04 21:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Super X Studios
[2010/03/19 17:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/03/25 19:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/19 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2008/01/06 18:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/19 19:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/07 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/28 23:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/26 22:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/06/23 22:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2006/04/26 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2006/10/06 17:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Balloon Express
[2007/07/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2008/04/04 18:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2009/06/15 17:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/05/14 10:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/01 14:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/01/27 11:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Epson
[2008/05/16 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2007/05/04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FloodLightGames
[2004/08/06 09:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2011/04/11 22:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2004/11/09 20:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2011/04/27 15:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/11/03 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iLike
[2010/04/26 15:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2009/03/17 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio
[2007/02/25 12:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/03/26 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWinArcade
[2008/06/02 16:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero
[2006/01/19 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/04/11 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2006/04/25 15:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Match
[2006/02/21 20:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN Search Toolbar
[2007/11/10 12:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2007/09/21 11:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mysteryville2
[2010/11/08 11:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2011/04/11 17:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/03/16 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2010/11/08 11:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Photodex
[2008/03/02 12:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pirateville
[2008/09/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2008/10/20 13:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2009/10/05 19:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reg Tool
[2009/01/02 17:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2002/10/28 12:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/09/11 08:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shutterfly
[2009/02/16 18:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2008/02/26 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftwareDetectionScripts
[2008/02/14 20:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Super-Cow
[2010/03/19 17:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
[2011/04/11 21:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2004/08/02 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2009/06/08 11:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio
[2009/01/17 17:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
[2008/10/08 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2011/04/30 09:13:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5ADDC43B-8380-45BD-9D8E-295692934D71}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\Summit Banquet 2010.exe:SummaryInformation
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1CCF2C1
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E4A69E
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07B14078
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11201333
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618BF152
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:426796C0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D0CEAB7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB45745
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ECC1364
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D47A6274
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE5EBE9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E9307D7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BBA8A83
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDFF58FE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7617B2BB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24AB14E7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A330F4B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940EEA60
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2785F3BB
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45

< End of report >

Kathryn Rau   :flowers: 

 

KathrynRauPhotography@hotmail.com

 


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 30 April 2011 - 03:58 PM

We have quite a lot to remove and our chosen tool might not be able to cope. Let's see.

Please rerun OTL, as shown below

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00PCTFW] File not found
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\YidFa.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\xueGCOBV.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\wQvmh.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\wmrat.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\WdCcdC.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vVEwnOs.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\VdQoH.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uHsuX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\ueaAXUg.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\TwNVUgAN.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\ToOMF.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\sNTFX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\RqEYAByX.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\PwXKX.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\PUVCf.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\OAVBp.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\NrboIlsB.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\lfWRGSwu.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\lfDkwsM.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\khfGudDL.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\JiUgLh.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\jETid.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\JcaLxAAnA.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\IDlLeQda.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\hIyYHhImd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\GYljd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\GTFeU.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GkxcoNHm.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\GCvEUOXG.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\FXSLiGI.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\FgUwkMdrO.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\EJKxEd.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\ECqDWcy.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\CwSmSve.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\CgCkd.dll
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\BEKfiYUh.exe
[2004/07/20 19:47:23 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\aWJACC.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\YuqGyLCQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\yNWoQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\yFOgjCGMu.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\xyewa.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\XvLEwY.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\WXVqcqVvd.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\WVsOdnnlQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\wCWKe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\VYMwOYG.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\VJeqbB.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\VHhuHlqj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\vBioDLBig.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uVWIGNtQJ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\uOpjKo.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\UlEjFi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uHjRA.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uDtGsG.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\uCReCPAX.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ToRAWdFJV.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\tLdbI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\THSlBI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ThDYO.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\sTuhylW.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\sKlgKY.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\sHCDgFSC.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\seDfEt.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\Rxxww.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RuaQcWi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\RsonyMR.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RPoWL.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RIiLeBcw.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\rHMvX.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\RHkDwnw.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RgFBlU.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\qMwWiHx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\qFyFV.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\QFSBybKef.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\QeMAP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\pswMoGQR.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\pSUxHbpR.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\PeaVGy.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\PbFjKc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\oxrTq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OwXgkda.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\OotUvTdhs.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OMEkuBTnA.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OlfwSWQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\Ojlnyhr.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\OiiLcac.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ofEUgkfiX.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nXAJv.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nWxwvWasd.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\NVXMQiMc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nSkeEcLLj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\nmbJUr.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nJyix.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nfLEuEx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MtGpNsGB.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrEsqQn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpRbNJS.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\mpbonc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\mOxDdqbh.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MNWNgUq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mhCkuoa.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\MAwbe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mAegsv.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\lVsoAS.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\lmTfo.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\LITInm.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\licVPtHT.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\lBEkh.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\kwYyXwdBY.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\krLyHhHH.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\kpUkDF.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\KNCYuq.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmUUCxie.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\jPqUI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\JnKGc.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\JHYLHRKm.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\JGMdka.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\iUKLDe.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\IhvHUCf.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hXQFJA.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\HCXfv.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVMNViQj.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\goiSDW.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\GLTEUeML.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\gkDsxnef.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\gJUYLHO.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\GHSJqOwxP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\gGmMuyuQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\gEjhUTtD.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GBLwmPRwW.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fURHbe.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\fUdlxn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\FlVDNk.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fJbTk.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\feIIR.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\eQEbocb.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\EoHJyS.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ejVMTI.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\Ehwkvba.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\ebKtLRi.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\dtffYP.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\CxSnNTbs.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cVlDhC.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\cteOqM.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\cSnpKkrk.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cqtQAbx.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\cduGyOspn.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\bnVYKd.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\BmQmQ.exe
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\axOfCsWgO.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\atQkoTJlp.dll
[2008/10/07 09:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\aRjeVe.exe
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1CCF2C1
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E4A69E
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07B14078
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11201333
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618BF152
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:426796C0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D0CEAB7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB45745
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ECC1364
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D47A6274
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE5EBE9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E9307D7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BBA8A83
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDFF58FE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7617B2BB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24AB14E7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A330F4B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940EEA60
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2785F3BB
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Commands
[EmptyTemp]

Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#7 KathysKomputer

KathysKomputer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baldwin Park CA
  • Local time:01:41 PM

Posted 30 April 2011 - 04:35 PM

Thank you. A reboot was necessary.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
File C:\Program Files\MyWebSearch\bar\3.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\00PCTFW deleted successfully.
C:\WINDOWS\system32\drivers\YidFa.dll moved successfully.
C:\WINDOWS\system32\xueGCOBV.dll moved successfully.
C:\WINDOWS\system32\drivers\wQvmh.dll moved successfully.
C:\WINDOWS\wmrat.dll moved successfully.
C:\WINDOWS\WdCcdC.dll moved successfully.
C:\WINDOWS\vVEwnOs.exe moved successfully.
C:\WINDOWS\system32\VdQoH.dll moved successfully.
C:\WINDOWS\system32\drivers\uHsuX.exe moved successfully.
C:\WINDOWS\system32\ueaAXUg.exe moved successfully.
C:\WINDOWS\system32\TwNVUgAN.exe moved successfully.
C:\WINDOWS\ToOMF.dll moved successfully.
C:\WINDOWS\system32\sNTFX.exe moved successfully.
C:\WINDOWS\system32\RqEYAByX.dll moved successfully.
C:\WINDOWS\system32\drivers\PwXKX.exe moved successfully.
C:\WINDOWS\system32\PUVCf.dll moved successfully.
C:\WINDOWS\system32\drivers\OAVBp.dll moved successfully.
C:\WINDOWS\system32\drivers\NrboIlsB.exe moved successfully.
C:\WINDOWS\system32\lfWRGSwu.exe moved successfully.
C:\WINDOWS\system32\drivers\lfDkwsM.exe moved successfully.
C:\WINDOWS\khfGudDL.dll moved successfully.
C:\WINDOWS\system32\drivers\JiUgLh.exe moved successfully.
C:\WINDOWS\system32\jETid.dll moved successfully.
C:\WINDOWS\system32\drivers\JcaLxAAnA.dll moved successfully.
C:\WINDOWS\system32\drivers\IDlLeQda.exe moved successfully.
C:\WINDOWS\system32\drivers\hIyYHhImd.dll moved successfully.
C:\WINDOWS\GYljd.dll moved successfully.
C:\WINDOWS\system32\GTFeU.exe moved successfully.
C:\WINDOWS\system32\drivers\GkxcoNHm.dll moved successfully.
C:\WINDOWS\GCvEUOXG.exe moved successfully.
C:\WINDOWS\system32\FXSLiGI.exe moved successfully.
C:\WINDOWS\system32\FgUwkMdrO.exe moved successfully.
C:\WINDOWS\system32\EJKxEd.exe moved successfully.
C:\WINDOWS\system32\ECqDWcy.dll moved successfully.
C:\WINDOWS\system32\CwSmSve.dll moved successfully.
C:\WINDOWS\system32\CgCkd.dll moved successfully.
C:\WINDOWS\system32\drivers\BEKfiYUh.exe moved successfully.
C:\WINDOWS\system32\aWJACC.dll moved successfully.
C:\WINDOWS\YuqGyLCQ.exe moved successfully.
C:\WINDOWS\system32\yNWoQ.exe moved successfully.
C:\WINDOWS\yFOgjCGMu.exe moved successfully.
C:\WINDOWS\system32\xyewa.exe moved successfully.
C:\WINDOWS\system32\drivers\XvLEwY.exe moved successfully.
C:\WINDOWS\WXVqcqVvd.exe moved successfully.
C:\WINDOWS\WVsOdnnlQ.exe moved successfully.
C:\WINDOWS\wCWKe.exe moved successfully.
C:\WINDOWS\VYMwOYG.exe moved successfully.
C:\WINDOWS\VJeqbB.exe moved successfully.
C:\WINDOWS\system32\VHhuHlqj.exe moved successfully.
C:\WINDOWS\system32\vBioDLBig.exe moved successfully.
C:\WINDOWS\system32\drivers\uVWIGNtQJ.exe moved successfully.
C:\WINDOWS\uOpjKo.exe moved successfully.
C:\WINDOWS\system32\UlEjFi.exe moved successfully.
C:\WINDOWS\system32\drivers\uHjRA.dll moved successfully.
C:\WINDOWS\system32\drivers\uDtGsG.dll moved successfully.
C:\WINDOWS\system32\uCReCPAX.exe moved successfully.
C:\WINDOWS\system32\drivers\ToRAWdFJV.exe moved successfully.
C:\WINDOWS\tLdbI.exe moved successfully.
C:\WINDOWS\system32\drivers\THSlBI.exe moved successfully.
C:\WINDOWS\system32\drivers\ThDYO.dll moved successfully.
C:\WINDOWS\system32\drivers\sTuhylW.dll moved successfully.
C:\WINDOWS\system32\sKlgKY.exe moved successfully.
C:\WINDOWS\sHCDgFSC.exe moved successfully.
C:\WINDOWS\system32\drivers\seDfEt.dll moved successfully.
C:\WINDOWS\system32\drivers\Rxxww.exe moved successfully.
C:\WINDOWS\system32\RuaQcWi.exe moved successfully.
C:\WINDOWS\RsonyMR.exe moved successfully.
C:\WINDOWS\system32\drivers\RPoWL.exe moved successfully.
C:\WINDOWS\system32\drivers\RIiLeBcw.exe moved successfully.
C:\WINDOWS\system32\drivers\rHMvX.dll moved successfully.
C:\WINDOWS\system32\drivers\RHkDwnw.dll moved successfully.
C:\WINDOWS\system32\RgFBlU.exe moved successfully.
C:\WINDOWS\system32\drivers\qMwWiHx.exe moved successfully.
C:\WINDOWS\qFyFV.exe moved successfully.
C:\WINDOWS\system32\drivers\QFSBybKef.exe moved successfully.
C:\WINDOWS\system32\QeMAP.exe moved successfully.
C:\WINDOWS\system32\drivers\pswMoGQR.dll moved successfully.
C:\WINDOWS\system32\drivers\pSUxHbpR.exe moved successfully.
C:\WINDOWS\PeaVGy.exe moved successfully.
C:\WINDOWS\PbFjKc.exe moved successfully.
C:\WINDOWS\system32\oxrTq.exe moved successfully.
C:\WINDOWS\system32\drivers\OwXgkda.exe moved successfully.
C:\WINDOWS\OotUvTdhs.exe moved successfully.
C:\WINDOWS\system32\drivers\OMEkuBTnA.exe moved successfully.
C:\WINDOWS\system32\OlfwSWQ.exe moved successfully.
C:\WINDOWS\Ojlnyhr.exe moved successfully.
C:\WINDOWS\system32\drivers\OiiLcac.exe moved successfully.
C:\WINDOWS\system32\ofEUgkfiX.exe moved successfully.
C:\WINDOWS\system32\drivers\nXAJv.exe moved successfully.
C:\WINDOWS\system32\drivers\nWxwvWasd.dll moved successfully.
C:\WINDOWS\NVXMQiMc.exe moved successfully.
C:\WINDOWS\nSkeEcLLj.exe moved successfully.
C:\WINDOWS\system32\nmbJUr.exe moved successfully.
C:\WINDOWS\nJyix.exe moved successfully.
C:\WINDOWS\nfLEuEx.exe moved successfully.
C:\WINDOWS\system32\drivers\MtGpNsGB.dll moved successfully.
C:\WINDOWS\system32\drivers\mrEsqQn.exe moved successfully.
C:\WINDOWS\system32\drivers\mpRbNJS.dll moved successfully.
C:\WINDOWS\mpbonc.exe moved successfully.
C:\WINDOWS\system32\mOxDdqbh.exe moved successfully.
C:\WINDOWS\system32\drivers\MNWNgUq.exe moved successfully.
C:\WINDOWS\system32\drivers\mhCkuoa.dll moved successfully.
C:\WINDOWS\system32\drivers\MAwbe.exe moved successfully.
C:\WINDOWS\system32\drivers\mAegsv.dll moved successfully.
C:\WINDOWS\system32\drivers\lVsoAS.dll moved successfully.
C:\WINDOWS\lmTfo.exe moved successfully.
C:\WINDOWS\system32\drivers\LITInm.dll moved successfully.
C:\WINDOWS\licVPtHT.exe moved successfully.
C:\WINDOWS\lBEkh.exe moved successfully.
C:\WINDOWS\system32\drivers\kwYyXwdBY.dll moved successfully.
C:\WINDOWS\system32\krLyHhHH.exe moved successfully.
C:\WINDOWS\kpUkDF.exe moved successfully.
C:\WINDOWS\system32\KNCYuq.exe moved successfully.
C:\WINDOWS\system32\drivers\kmUUCxie.exe moved successfully.
C:\WINDOWS\system32\drivers\jPqUI.exe moved successfully.
C:\WINDOWS\system32\drivers\JnKGc.exe moved successfully.
C:\WINDOWS\system32\JHYLHRKm.exe moved successfully.
C:\WINDOWS\system32\JGMdka.exe moved successfully.
C:\WINDOWS\system32\drivers\iUKLDe.dll moved successfully.
C:\WINDOWS\system32\IhvHUCf.exe moved successfully.
C:\WINDOWS\system32\hXQFJA.exe moved successfully.
C:\WINDOWS\HCXfv.exe moved successfully.
C:\WINDOWS\system32\drivers\GVMNViQj.exe moved successfully.
C:\WINDOWS\system32\drivers\goiSDW.dll moved successfully.
C:\WINDOWS\system32\GLTEUeML.exe moved successfully.
C:\WINDOWS\system32\drivers\gkDsxnef.dll moved successfully.
C:\WINDOWS\system32\gJUYLHO.exe moved successfully.
C:\WINDOWS\GHSJqOwxP.exe moved successfully.
C:\WINDOWS\system32\gGmMuyuQ.exe moved successfully.
C:\WINDOWS\system32\drivers\gEjhUTtD.exe moved successfully.
C:\WINDOWS\system32\drivers\GBLwmPRwW.exe moved successfully.
C:\WINDOWS\system32\fURHbe.exe moved successfully.
C:\WINDOWS\system32\drivers\fUdlxn.exe moved successfully.
C:\WINDOWS\FlVDNk.exe moved successfully.
C:\WINDOWS\system32\fJbTk.exe moved successfully.
C:\WINDOWS\system32\drivers\feIIR.dll moved successfully.
C:\WINDOWS\system32\drivers\eQEbocb.dll moved successfully.
C:\WINDOWS\EoHJyS.exe moved successfully.
C:\WINDOWS\system32\ejVMTI.exe moved successfully.
C:\WINDOWS\Ehwkvba.exe moved successfully.
C:\WINDOWS\system32\drivers\ebKtLRi.exe moved successfully.
C:\WINDOWS\system32\dtffYP.exe moved successfully.
C:\WINDOWS\system32\CxSnNTbs.exe moved successfully.
C:\WINDOWS\system32\cVlDhC.exe moved successfully.
C:\WINDOWS\cteOqM.exe moved successfully.
C:\WINDOWS\system32\drivers\cSnpKkrk.dll moved successfully.
C:\WINDOWS\system32\cqtQAbx.exe moved successfully.
C:\WINDOWS\system32\drivers\cduGyOspn.exe moved successfully.
C:\WINDOWS\system32\drivers\bnVYKd.exe moved successfully.
C:\WINDOWS\BmQmQ.exe moved successfully.
C:\WINDOWS\system32\drivers\axOfCsWgO.dll moved successfully.
C:\WINDOWS\system32\drivers\atQkoTJlp.dll moved successfully.
C:\WINDOWS\system32\drivers\aRjeVe.exe moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3214A283 deleted successfully.
ADS C:\Documents and Settings\All Users\DRM:مهندسة deleted successfully.
ADS C:\Documents and Settings\All Users\DRM:مايكروسوفت deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C1CCF2C1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B212553 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1E4A69E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:861A898F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E3BDDC4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07B14078 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:11201333 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:618BF152 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:426796C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D0CEAB7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FAB45745 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3ECC1364 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D47A6274 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4EE5EBE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4E9307D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4BBA8A83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CDFF58FE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7617B2BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:54997B77 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A696643D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:24AB14E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A330F4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:940EEA60 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2785F3BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 297392 bytes
->FireFox cache emptied: 3967290 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 187740446 bytes

User: Owner
->Temp folder emptied: 1721577357 bytes
->Temporary Internet Files folder emptied: 198766833 bytes
->Java cache emptied: 353547 bytes
->FireFox cache emptied: 117310273 bytes
->Google Chrome cache emptied: 399009505 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2092702 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2568440 bytes
%systemroot%\System32 .tmp files removed: 5552657 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64724162 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 41999513 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4290910171 bytes

Total Files Cleaned = 6,711.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04302011_142946

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Kathryn Rau   :flowers: 

 

KathrynRauPhotography@hotmail.com

 


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 30 April 2011 - 04:44 PM

Please run OTL as you did first of all, scan only and post the log :)
Posted Image
m0le is a proud member of UNITE

#9 KathysKomputer

KathysKomputer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baldwin Park CA
  • Local time:01:41 PM

Posted 30 April 2011 - 05:17 PM

OTL logfile created on: 4/30/2011 3:11:36 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 409.76 Gb Total Space | 144.66 Gb Free Space | 35.30% Space Free | Partition Type: NTFS
Drive D: | 19.71 Gb Total Space | 12.04 Gb Free Space | 61.10% Space Free | Partition Type: FAT32
Drive E: | 128.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JIMSTOWING | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 12:46:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(2).exe
PRC - [2011/04/30 12:43:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/06 13:43:07 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/03/25 14:39:24 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/03/25 11:41:32 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/10 21:28:54 | 005,993,984 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/02/06 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/01/12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/04/11 17:40:16 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/09/20 19:10:04 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
PRC - [2005/09/20 19:08:44 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/05/21 15:30:52 | 000,045,056 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2003/04/07 18:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2002/07/03 01:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/06/18 00:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/04/17 18:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 18:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/10/29 02:26:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent.exe
PRC - [1999/12/02 16:55:32 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtmngr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 12:46:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(2).exe
MOD - [2011/04/06 13:43:33 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011/01/11 10:59:44 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/25 09:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/25 09:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PCToolsFirewallPlus)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/25 14:39:24 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/22 13:21:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/04/11 17:40:16 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2006/04/11 17:40:16 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/31 06:47:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/06 22:46:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/06 22:46:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/21 18:27:04 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/04/21 18:27:04 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/04/21 18:27:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/10 11:57:01 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/03/10 11:56:52 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/18 20:39:30 | 000,993,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/11/21 08:10:40 | 000,082,784 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/09/23 10:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/12/17 02:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/10/23 12:48:09 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/08/28 21:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/07/03 06:39:49 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/06/09 10:53:22 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/06/09 10:52:50 | 000,024,192 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/06/09 10:43:38 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/06/09 10:40:00 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/06/09 10:38:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/06/09 10:27:06 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/04/14 16:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/10/30 16:32:10 | 001,000,864 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/10/28 00:01:48 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/29 21:49:00 | 000,195,324 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/08/29 20:12:30 | 000,837,468 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/31 07:45:48 | 000,012,658 | R--- | M] (SonicBlue Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RioS30.sys -- (RioS30)
DRV - [2002/07/19 18:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 18:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 18:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 18:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/06/04 15:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000/03/23 06:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1999/12/17 09:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [1999/09/10 04:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 ED 95 61 3F 02 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: FirefoxAddon@myfacebook.com:1.8
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: afterthedeadline@afterthedeadline.com:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 06:06:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/10 19:40:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/06 13:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:43:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:43:41 | 000,000,000 | ---D | M]

[2010/03/16 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/03/16 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/11 19:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/29 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions
[2010/12/06 07:40:18 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/07 19:15:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/14 08:30:01 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/06 07:40:18 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/08/12 13:59:33 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\afterthedeadline@afterthedeadline.com
[2010/12/07 09:55:38 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/06/28 07:55:12 | 000,000,000 | ---D | M] (My Facebook) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\FirefoxAddon@myfacebook.com
[2011/04/29 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/30 12:43:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 17:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010/04/06 09:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/04/21 20:38:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/14 06:37:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/06 13:43:34 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/03/10 19:40:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/30 12:43:38 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/04/30 12:43:38 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2011/04/30 12:43:39 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/06/19 12:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/04/06 13:43:26 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/04/06 13:43:51 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/04/06 13:43:15 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/09/14 14:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 14:09:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/14 14:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 14:09:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/14 14:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 14:09:10 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/14 14:09:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/14 14:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/16 19:19:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: bleepingcomputer.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: malwarebytes.org ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.bc.edu/schools/law/lawreviews/meta-elements/journals/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab (Walt Disney Internet Group Hardware Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games Buddy Invite)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab41096.cab (ZPA_DMNO Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://aolsvc.aol.com/onlinegames/free-trial-zenerchi/ZenerchiWeb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://www.imgag.com/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games Game Communicator)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} https://music.msn.com/client/msnmusax2116.cab (MsnMusicAx Class)
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} http://webchat.geopia.com/activeX/GeoStart.cab (ChatModule Control)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (DigWebHelper Class)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab (CheckersZPA Object)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab (ZPA_Backgammon Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 10:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/09 17:14:02 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/09 16:14:04 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/06/02 15:43:20 | 000,172,032 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/09/14 11:52:43 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d6854878-71a9-11df-827f-00248c7511e1}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{d6854878-71a9-11df-827f-00248c7511e1}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 15:43:20 | 000,172,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 14:29:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/24 19:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jenna & Brooktini 2011 Easter
[2011/04/23 22:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Castro's Anniversary
[2011/04/19 21:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/19 21:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/19 21:23:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 12:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Writewood 2011
[2011/04/14 20:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MUMBO JUMBO
[2011/04/13 15:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011/04/11 18:56:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Copy of My Pictures
[2011/04/11 17:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Companion
[2011/04/11 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011/04/11 17:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2011/04/11 17:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2011/04/11 17:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FrostWire
[2011/04/11 17:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2011/04/11 17:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
[2011/04/11 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/04/11 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\FrostWire
[2011/04/11 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/04/11 17:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/11 17:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/11 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/10 21:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jr photos Sunday fb favs
[2011/04/10 20:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jr photos Sunday 4-10-11
[2011/04/10 20:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Junior Video Race 4 2011
[2011/04/09 21:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Big Cars & Jr 2011 Video race 3
[2011/04/09 21:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Big cars & jr's 2011
[2011/04/09 11:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Lorraine O'Brien
[2011/04/07 18:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FAVS 2011 PHOTO & VIDEO
[2011/04/06 14:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Legals 2-5-11edit
[2011/04/06 14:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street legals to Mark
[2011/04/06 13:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2006/10/20 19:14:52 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/07/20 19:47:23 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[36 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 15:10:44 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2094700345-2452418879-86319907-1003.job
[2011/04/30 15:10:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2094700345-2452418879-86319907-1003.job
[2011/04/30 14:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 14:37:14 | 000,447,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 14:37:14 | 000,073,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 14:33:43 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 14:33:23 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/30 14:33:23 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/04/30 14:32:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 14:32:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 14:32:27 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 14:20:26 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5ADDC43B-8380-45BD-9D8E-295692934D71}.job
[2011/04/29 23:40:35 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/27 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/27 15:36:30 | 000,079,121 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/04/23 15:11:25 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 21:23:13 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 15:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011/04/13 03:25:44 | 002,409,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 03:08:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 18:01:18 | 000,001,303 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Folder.jpg
[2011/04/11 18:01:18 | 000,000,727 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArtSmall.jpg
[2011/04/11 17:53:20 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2011/04/11 17:52:23 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/11 17:52:23 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.5.lnk
[2011/04/11 17:46:39 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/11 17:42:52 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/04/11 17:42:52 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\8EA4A0
[2011/04/11 17:41:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/11 17:41:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/11 17:33:40 | 000,133,816 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/06 19:44:46 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/04/06 13:43:46 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/06 13:43:27 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/04/06 13:43:13 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/04/06 13:43:13 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/04/06 13:43:09 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[36 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 15:36:30 | 000,079,121 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/04/19 22:43:13 | 3220,230,144 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/19 21:23:13 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 17:53:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2011/04/11 17:52:23 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/11 17:52:23 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.5.lnk
[2011/04/11 17:46:39 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/06 13:43:46 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/03/08 11:12:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/03/06 22:27:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 16:17:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/01/31 16:14:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/10 19:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/12/09 14:46:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/12/09 14:46:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/12/09 14:46:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/12/09 14:46:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/12/09 14:46:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/12/09 14:46:19 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/12/09 14:46:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/12/09 14:46:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/12/09 14:46:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/12/09 14:46:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/12/09 14:46:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/12/09 14:46:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/12/09 14:46:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/12/09 14:46:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/12/09 14:46:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/12/09 14:46:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/09 14:45:14 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EPWF610.ini
[2009/12/01 13:04:29 | 000,079,726 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/12/01 13:04:29 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/11/29 00:03:03 | 000,133,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/28 13:48:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/26 15:09:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/10 21:14:13 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/08/10 21:14:13 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/08/10 21:14:10 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/08/10 21:14:10 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/08/10 21:13:04 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/10 21:12:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/10 21:12:19 | 000,037,217 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/10 21:12:18 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/13 20:07:23 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/19 18:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/16 12:57:41 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kodakpcd.ini
[2008/12/25 09:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/25 09:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/25 09:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/25 09:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/25 09:08:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/04 22:29:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/02/27 13:39:52 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\EventStore.xml
[2008/02/27 13:39:52 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CampaignStore.xml
[2008/02/27 13:39:52 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\UpdateStore.xml
[2008/02/26 11:17:52 | 000,001,291 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SoftwarePackageStore.xml
[2008/02/26 11:17:52 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2008/02/26 11:17:52 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ConfigurationStore.xml
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/24 14:18:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/13 20:16:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\JpegEx.dll
[2006/10/29 20:05:13 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/29 20:05:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/08 12:09:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msn.ini
[2006/01/19 15:08:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/01/16 16:31:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/21 03:36:46 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/12/07 20:52:09 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/30 14:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2005/11/11 16:35:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/11/11 16:35:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/11/11 15:40:04 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/11 15:40:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/29 06:49:29 | 000,000,534 | ---- | C] () -- C:\WINDOWS\System32\nt68rrtr12.sys
[2005/09/17 16:46:24 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\nt86rptr12.sys
[2005/09/17 16:45:56 | 000,128,488 | ---- | C] () -- C:\WINDOWS\System32\tkquv3hb.dat
[2005/09/17 16:45:56 | 000,035,600 | ---- | C] () -- C:\WINDOWS\System32\bfr4hu9u.dat
[2005/09/17 16:45:56 | 000,012,744 | ---- | C] () -- C:\WINDOWS\System32\75sgllr5.dat
[2005/09/17 16:45:56 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\para3q2i.dat
[2005/09/17 16:45:56 | 000,002,723 | ---- | C] () -- C:\WINDOWS\System32\l0tn7hkp.dat
[2005/09/17 16:45:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\lu435h21.ini
[2005/09/17 16:45:50 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\4cunjp6m.ini
[2005/08/28 13:21:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/08/24 16:40:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/19 17:30:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/05/03 12:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 12:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/27 11:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/03/31 17:02:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\GeoUpdate.exe
[2005/03/03 17:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/01/02 01:56:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/12 19:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/09/01 17:29:16 | 000,001,165 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2004/08/26 08:53:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\IA.ini
[2004/08/25 13:24:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2004/08/12 08:44:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2004/08/12 08:44:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2004/08/07 07:36:01 | 000,000,070 | ---- | C] () -- C:\WINDOWS\7FE51859.ini
[2004/08/05 23:05:32 | 000,104,060 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 17:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/02 17:18:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/07/25 20:17:36 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/24 09:58:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/23 14:17:41 | 000,047,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/20 21:16:11 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/07/20 21:00:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/07/20 21:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/07/20 21:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/07/20 20:10:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2004/07/20 20:10:09 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2004/07/20 20:06:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000002-80691102}.dat
[2004/07/20 20:06:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000009-00001102-00000002-80691102}.dat
[2004/07/20 19:47:33 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/07/20 19:47:33 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/07/20 19:47:24 | 000,037,729 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/07/20 19:47:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/20 19:47:23 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2004/07/20 19:47:23 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2004/07/20 19:47:23 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2004/07/20 19:47:23 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2004/07/20 19:47:23 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2004/07/20 19:47:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/07/20 19:47:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2004/07/20 19:47:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2004/07/20 19:47:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/07/20 19:47:17 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/28 15:48:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/28 12:31:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2002/10/28 12:30:01 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.153.exe
[2002/10/28 12:29:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/10/28 12:29:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2002/10/28 12:18:04 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/28 12:17:57 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/28 11:42:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/28 11:37:38 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2002/10/28 11:37:37 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2002/10/28 11:37:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002/10/28 11:34:32 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/10/28 11:31:05 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2002/10/28 11:23:47 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/10/28 11:23:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/10/28 11:23:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/10/28 10:40:15 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/28 10:38:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/10/28 10:33:19 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/10/28 09:23:12 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/28 09:22:57 | 000,447,270 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/10/28 09:22:57 | 000,073,882 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/10/28 02:28:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/10/28 02:27:21 | 002,409,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/24 00:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/05/24 20:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/05/24 20:44:48 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/01/23 02:42:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/14 14:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/08/31 23:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 19:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/06/13 23:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2004/07/20 20:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2009/06/01 14:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/12/09 14:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/04/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/06/06 13:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/05/16 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2007/05/04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2004/08/05 23:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/04/06 12:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2007/10/05 19:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/04/26 15:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/04/28 14:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/01/25 13:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2006/02/21 19:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2006/07/08 12:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/02/15 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2008/02/08 17:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/06/01 14:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/11/08 11:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/04/02 10:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/04/02 10:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2009/04/02 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2005/06/10 22:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/09/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/03/23 17:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/03/10 17:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/10/08 18:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2006/10/06 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/11/13 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/04/02 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2007/10/04 21:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Super X Studios
[2010/03/19 17:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/03/25 19:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/19 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2008/01/06 18:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/19 19:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/07 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/28 23:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/26 22:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/06/23 22:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2006/04/26 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2006/10/06 17:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Balloon Express
[2007/07/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2008/04/04 18:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2009/06/15 17:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/05/14 10:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/01 14:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/01/27 11:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Epson
[2008/05/16 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2007/05/04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FloodLightGames
[2004/08/06 09:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2011/04/11 22:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2004/11/09 20:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2011/04/27 15:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/11/03 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iLike
[2010/04/26 15:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2009/03/17 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio
[2007/02/25 12:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/03/26 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWinArcade
[2008/06/02 16:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero
[2006/01/19 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/04/11 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2006/04/25 15:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Match
[2006/02/21 20:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN Search Toolbar
[2007/11/10 12:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2007/09/21 11:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mysteryville2
[2010/11/08 11:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2011/04/11 17:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/03/16 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2010/11/08 11:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Photodex
[2008/03/02 12:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pirateville
[2008/09/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2008/10/20 13:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2009/10/05 19:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reg Tool
[2009/01/02 17:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2002/10/28 12:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/09/11 08:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shutterfly
[2009/02/16 18:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2008/02/26 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftwareDetectionScripts
[2008/02/14 20:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Super-Cow
[2010/03/19 17:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
[2011/04/11 21:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2004/08/02 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2009/06/08 11:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio
[2009/01/17 17:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
[2008/10/08 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2011/04/30 14:20:26 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5ADDC43B-8380-45BD-9D8E-295692934D71}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\Summit Banquet 2010.exe:SummaryInformation

< End of report >

Kathryn Rau   :flowers: 

 

KathrynRauPhotography@hotmail.com

 


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 30 April 2011 - 05:51 PM

Just a few more to go. Please rerun OTL

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2005/09/29 06:49:29 | 000,000,534 | ---- | C] () -- C:\WINDOWS\System32\nt68rrtr12.sys
[2005/09/17 16:46:24 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\nt86rptr12.sys
[2005/09/17 16:45:56 | 000,128,488 | ---- | C] () -- C:\WINDOWS\System32\tkquv3hb.dat
[2005/09/17 16:45:56 | 000,035,600 | ---- | C] () -- C:\WINDOWS\System32\bfr4hu9u.dat
[2005/09/17 16:45:56 | 000,012,744 | ---- | C] () -- C:\WINDOWS\System32\75sgllr5.dat
[2005/09/17 16:45:56 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\para3q2i.dat
[2005/09/17 16:45:56 | 000,002,723 | ---- | C] () -- C:\WINDOWS\System32\l0tn7hkp.dat
[2005/09/17 16:45:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\lu435h21.ini
[2005/09/17 16:45:50 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\4cunjp6m.ini
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next run ATF to empty your temp files

Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

NB: If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.



Then run ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#11 KathysKomputer

KathysKomputer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baldwin Park CA
  • Local time:01:41 PM

Posted 30 April 2011 - 07:43 PM

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0059087.dll a variant of Win32/Kryptik.RQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP446\A0052017.dll a variant of Win32/Kryptik.RQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D6CCB294-324E-4FD9-85D0-5528B36F348F}\RP223\A0059031.exe probably a variant of Win32/Agent.FXHSRAR trojan cleaned by deleting - quarantined
C:\Virtual Villagers The Secret City\corupt.exe probably a variant of Win32/Agent.IHJZZCT trojan cleaned by deleting - quarantined
C:\WINDOWS\aCuXQJv.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\AfeuCPgP.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\aqWbumeS.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\AUSKldQgT.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\aWYck.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\BFJJENk.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\boGaYHFTS.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\bomNJ.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\bPOcsOmoC.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\bTOxOToB.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\CeXIP.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\ciLnl.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\clywPCbn.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\COCOy.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\CPWLT.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\dAqCe.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\DpwQKxj.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\dtbLO.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\EbKamAGoF.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\EESXxj.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\ervrASiC.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\erwIwPUrn.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\eUHCohBm.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\eUPKH.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\fFaQKs.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\fQSBbv.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\fskAPbfJ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\FtjgKTRxx.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\GahXsndK.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\GaUGYi.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\GeUCK.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\GfkYFs.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\GjInnfa.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\GjllMpj.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\gJYLUJpN.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\gLALaN.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\GNtglxPnJ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\gQjYPf.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\GtROkXl.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\hDteF.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\HoJPqXDr.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\HpScx.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\hTcMjN.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\HtMiXD.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\hvjjUb.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\hxSug.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\ICYJcmUIc.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\iiaJP.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\JeYGfBe.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\JMWte.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\jntQoLR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\JsIuS.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\KAgFvNYEF.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\kedcXxHC.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\kGwOHJQ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\KNxFaCk.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\kpwaOeR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\ktwBUG.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\KuNRBVTrQ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\lgkSBF.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\LteVBUv.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\lurMegNoK.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\MALuiccWp.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\mGlqpFQl.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\moWqTkyIQ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\NAEJo.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\NGXDEiR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\NjyHL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\NlfueYxG.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\nmJAeP.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\OBsdpsGfX.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\OmJis.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\ONwBsL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\OonjI.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\ORyREDM.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\OTYeuRV.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\OUemFHIfV.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\oYIkFtO.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\pBrtojP.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\pCsTMwowd.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\PhIpPKxLy.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\pIROoNED.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\PmkIEog.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\PTMFfSS.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\PtRKUjIEI.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\QaNPq.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\qflxWmTwi.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\qQBdww.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\qyXsgqhCP.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\RLllNHRaB.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\shqvUkdAg.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\SHUQmcyx.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\SOKBbESQx.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\SRQHI.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\STboDio.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\sufRx.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\SvinKSY.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\svSgPUT.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\tCKyfSq.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\TeYXF.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\tHQlR.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\tImFO.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\tLnVaxuTK.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\tRUFVkn.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\uciCVUi.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\udvCeIgcj.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\uinLXoL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\UtiEx.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\VepjrAGN.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\vhyapV.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\vlpkpkEf.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\VMlBV.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\VqdBeWya.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\WalNp.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\XclvbudIM.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\XdQlVRf.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\YAPigG.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\ycoxMXKf.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\ydkTFYM.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\YobFjL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\yPTOBOAW.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\yqBLSb.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\AAAJVj.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\aAGOWm.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\AcTfFxaTA.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\aDGPq.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\aFWBF.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\arfnPtu.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\ArYjcnE.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\AUBQg.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\awbwP.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\BARoefF.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\bCqlM.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\BTqGfI.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\CkrqQ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\CNGyhcGs.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\DaqbdAM.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\DEpWNMr.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\dhBciW.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\DLHUpNCb.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\dTbYw.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\dyTRmyM.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\ebBGrXQn.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\eKPNleH.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\emIxPEwN.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\EmoKQ.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\enlYpo.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\EOHApjWV.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\EVfKc.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\fcxnKUc.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\fhIvIM.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\fMMerI.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\fRlyrFcc.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\FSEyyNcF.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\fuElXu.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\FyxPP.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\gcHTDwOQo.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\glvNl.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\gnchGfs.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\GnYMylkCl.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\HcnhgDbj.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\HLlEaNpKk.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\hOUSioGL.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\hTQRWe.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\hvuqyR.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\HyemyHbrp.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\iAvnjeb.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\iEoHE.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\ImCfqyjC.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\Inrmmx.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\iqcDpb.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\iqpBOYTUR.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\IQUAOuIMu.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\JFAKiUg.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\jNjYonI.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\JwcQU.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\KGXKBpV.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\KKaemx.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\KmsDSvJT.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\KqtgsCEHm.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\kSUARY.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\kTiQf.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\LCpyUKoaL.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\lLknFDSqw.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\lNOAfST.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\meAPsoSa.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\MfigbI.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\MhlgPc.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\MKWGM.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\MMhgKB.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\mWjMl.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\ndkNAGK.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\NeCgddAIU.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\nLFoWn.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\nPnSKp.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\NvUOohG.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\OByVox.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\OGYMMA.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\oLiyHSa.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\oQckXqm.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\orlUB.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\oYFPlc.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\oYkjvx.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\ppaqffO.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\pSAEii.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\PUStUo.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\qfgRa.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\qObEjbauS.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\QOjHmpy.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\QQjGCm.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\qSuHMjuu.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\qUvEyiM.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\qvOthkeL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\QxsvGO.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\rAXPjD.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\RcinEyyOQ.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\rEyJn.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\rknQsAUQd.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\RlaNexnph.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\ROagXOBsi.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\RrbdevGLh.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\sBHxnN.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\Sbrbye.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\sBXeE.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\sgRLSn.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\taJNXOvf.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\TjJTHmyb.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\TJSXFX.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\tQvpRRHD.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\tUVSowpT.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\tyVpoqwb.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\UJtnU.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\UlWINw.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\uNHjTE.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\UNNoMqh.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\UudfIqyGr.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\uYkOUGRC.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\VeAkFN.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\vhMSYuq.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\vhyStX.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\vNfJp.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\VoOhuagXI.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\vphqQE.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\VTobbsBB.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\VUOOPe.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\VVEFFiOJk.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\VwpHvF.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\vyrAva.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\wcWRwmMx.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\WFgwdgr.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\wHxmw.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\wNDYIG.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\WNhvnnAfa.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\XCAaTbs.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\xCgOY.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\XCjpFRoF.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\xECCN.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\XHJPb.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\xHtClT.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\xmEteH.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\xmOYUL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\xNpDQNABJ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\Xpasyw.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\yGiRnYlc.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\YtkkGC.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\yUMKyunk.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\YumtIQL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\adiuLvF.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\aEfEotjg.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\AObFPvxvp.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\aqpBdG.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\AuPAYTFJ.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\bKHoM.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\BmPDqxgO.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\bPCpKBH.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\BqkfohnJ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\BSbbeIJO.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\caQtIp.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ceKISTE.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\CHeYQHxOn.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\CisdQO.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\CKWof.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ClqFjxM.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\cPEvpDqD.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\daRNDREyW.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\daVtnsGL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\DbvOxTEE.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\DjkAR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\DkMQctWY.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\dqnDWT.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\dRNTq.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\DRrwaKYvJ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\dsOUHYkb.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\DtBVdwAWf.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\eHDxIt.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\eHlPvULFW.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\eKtIew.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ESDlXm.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\eTCjWMo.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\etXWIGN.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\EtyuGuHmR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ExTbA.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\fCkfu.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\fcrNQKt.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\fGOgjr.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\FJynlc.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\frSoQDr.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\fwlfPp.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\fyiLwXEgN.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\fyVNCKk.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\gbvHu.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\GdIGj.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\gDkauC.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\gnvOoM.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\GRyHQ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\GvlApirML.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\haeCuJG.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\hiqjvrRi.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\HyWKaPLS.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\iawPwBCN.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\IEYhugAOd.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\IhBLPWCn.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\IHCMODNT.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\InlICoY.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ioBsOdOk.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ITRiwq.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\IVxSoPy.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\jdQnhCLI.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\jfUgyP.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\jHGRA.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\jJCltvj.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\jMqFodj.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\JmsCofn.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\jqAekgHI.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\JThDSd.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\jXXHIBrWs.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\JyGXJhHt.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\JyxNRoa.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\KcHmPX.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\KhDhpVexE.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\LaYELQ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\lBeJBoOQD.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\lciup.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\lcwnFMKk.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\LEmTe.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\lLUxGXmxt.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\lmEiQx.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\LTQCpPckK.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\maXFpDuy.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\mbmrrig.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\mcYVPiSr.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\MrFpTRYSq.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\mTktbyNo.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\MtlnNPLj.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\naGGtMb.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\NEtJorMaC.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\NiuACboqs.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\NMajLU.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\NrEHwW.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\nuKLRx.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ODFmNpH.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\OjJnM.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\okdgRh.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ooOPnCr.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\oRaYRcCR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\oTxoIL.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\OuEBdp.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\OXYtX.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\PdETYBM.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\pEcplY.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\PiBOBQf.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\pQdvScDkA.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\PQEvR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\PrIVPFYv.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ptgWaC.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\PXoJSa.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\QbQqDoIEJ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\qIGYQ.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\qioBbk.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\qjdERMUH.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\QjRFxKy.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\qpjEutaV.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\qqJHG.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\rfjeJvB.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\rKBVASxLF.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\RkDqNe.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\rMDqlID.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\ROxiyAfl.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\rueGRL.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\rXOiqDHxO.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\SNddHJSJ.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\sPopeSp.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\sVwwQ.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\TcpNcAmGP.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\tcrDFHeYA.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\TGgwNQRV.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\UASavKxf.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\uIAQL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\UnrVuHqt.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\VDCsSR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\VmtiUt.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\vvIPl.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\VYHfCvjx.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\wCAxXTWsB.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\wFGHlD.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\WGftjxsS.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\wlefeh.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\wuIBdeoBI.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\WUuRE.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\WwAqiKTU.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\XCgEEny.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\xDPeUCJF.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\xDQDFu.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\XHVGlIU.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\xsHlpKwFu.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\XsLRGcQ.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\xXreCWoxP.exe Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\YDNUDbkDa.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\yOCTR.dll Win32/Patched.EH trojan cleaned - quarantined
C:\WINDOWS\system32\drivers\yyTEgUrwh.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\GCvEUOXG.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\GYljd.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\khfGudDL.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\ToOMF.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\vVEwnOs.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\WdCcdC.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\wmrat.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\aWJACC.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\CgCkd.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\CwSmSve.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\ECqDWcy.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\EJKxEd.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\FgUwkMdrO.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\FXSLiGI.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\GTFeU.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\jETid.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\lfWRGSwu.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\PUVCf.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\RqEYAByX.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\sNTFX.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\TwNVUgAN.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\ueaAXUg.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\VdQoH.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\xueGCOBV.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\BEKfiYUh.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\GkxcoNHm.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\hIyYHhImd.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\IDlLeQda.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\JcaLxAAnA.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\JiUgLh.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\lfDkwsM.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\NrboIlsB.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\OAVBp.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\PwXKX.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\uHsuX.exe Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\wQvmh.dll Win32/Patched.EH trojan cleaned - quarantined
C:\_OTL\MovedFiles\04302011_142946\C_WINDOWS\system32\drivers\YidFa.dll Win32/Patched.EH trojan cleaned - quarantined

Kathryn Rau   :flowers: 

 

KathrynRauPhotography@hotmail.com

 


#12 KathysKomputer

KathysKomputer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baldwin Park CA
  • Local time:01:41 PM

Posted 30 April 2011 - 07:47 PM

Eset Scan is attached.

Kathryn Rau   :flowers: 

 

KathrynRauPhotography@hotmail.com

 


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 30 April 2011 - 07:56 PM

The ESET log was posted but I haven't seen the OTL log.
Posted Image
m0le is a proud member of UNITE

#14 KathysKomputer

KathysKomputer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Baldwin Park CA
  • Local time:01:41 PM

Posted 30 April 2011 - 08:05 PM

OTL logfile created on: 4/30/2011 6:00:37 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 409.76 Gb Total Space | 144.45 Gb Free Space | 35.25% Space Free | Partition Type: NTFS
Drive D: | 19.71 Gb Total Space | 12.04 Gb Free Space | 61.10% Space Free | Partition Type: FAT32
Drive E: | 128.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JIMSTOWING | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 12:46:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(2).exe
PRC - [2011/04/30 12:43:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/06 13:43:07 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/03/25 14:39:24 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/03/25 11:41:32 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/10 21:28:54 | 005,993,984 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/02/06 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/01/12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/04/11 17:40:16 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/09/20 19:10:04 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
PRC - [2005/09/20 19:08:44 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/05/21 15:30:52 | 000,045,056 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2003/04/07 18:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2002/07/03 01:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/06/18 00:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/04/17 18:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 18:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/10/29 02:26:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent.exe
PRC - [1999/12/02 16:55:32 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtmngr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 12:46:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL(2).exe
MOD - [2011/04/06 13:43:33 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011/01/11 10:59:44 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/25 09:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/25 09:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PCToolsFirewallPlus)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/25 14:39:24 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/22 13:21:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/04/11 17:40:16 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2006/04/11 17:40:16 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/31 06:47:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/06 22:46:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/06 22:46:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/21 18:27:04 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/04/21 18:27:04 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/04/21 18:27:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/10 11:57:01 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/03/10 11:56:52 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/18 20:39:30 | 000,993,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/11/21 08:10:40 | 000,082,784 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/09/23 10:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/12/17 02:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/10/23 12:48:09 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/08/28 21:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/07/03 06:39:49 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/06/09 10:53:22 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/06/09 10:52:50 | 000,024,192 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/06/09 10:43:38 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/06/09 10:40:00 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/06/09 10:38:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/06/09 10:27:06 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/04/14 16:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/10/30 16:32:10 | 001,000,864 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/10/28 00:01:48 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/29 21:49:00 | 000,195,324 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/08/29 20:12:30 | 000,837,468 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/31 07:45:48 | 000,012,658 | R--- | M] (SonicBlue Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RioS30.sys -- (RioS30)
DRV - [2002/07/19 18:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 18:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 18:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 18:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/06/04 15:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2000/03/23 06:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1999/12/17 09:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [1999/09/10 04:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 ED 95 61 3F 02 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: FirefoxAddon@myfacebook.com:1.8
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: afterthedeadline@afterthedeadline.com:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 06:06:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/10 19:40:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/06 13:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:43:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:43:41 | 000,000,000 | ---D | M]

[2010/03/16 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/03/16 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/11 19:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/29 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions
[2010/12/06 07:40:18 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/07 19:15:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/14 08:30:01 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/06 07:40:18 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/08/12 13:59:33 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\afterthedeadline@afterthedeadline.com
[2010/12/07 09:55:38 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/06/28 07:55:12 | 000,000,000 | ---D | M] (My Facebook) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmwqn0hu.default\extensions\FirefoxAddon@myfacebook.com
[2011/04/29 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/30 12:43:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 17:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010/04/06 09:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/04/21 20:38:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/14 06:37:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/06 13:43:34 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/03/10 19:40:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/30 12:43:38 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/04/30 12:43:38 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2011/04/30 12:43:39 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/06/19 12:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/04/06 13:43:26 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/04/11 18:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/04/06 13:43:51 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/04/06 13:43:15 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/09/14 14:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 14:09:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/14 14:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 14:09:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/14 14:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 14:09:10 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/14 14:09:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/14 14:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/16 19:19:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: bleepingcomputer.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: malwarebytes.org ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.bc.edu/schools/law/lawreviews/meta-elements/journals/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab (Walt Disney Internet Group Hardware Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games Buddy Invite)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab41096.cab (ZPA_DMNO Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://aolsvc.aol.com/onlinegames/free-trial-zenerchi/ZenerchiWeb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://www.imgag.com/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games Game Communicator)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} https://music.msn.com/client/msnmusax2116.cab (MsnMusicAx Class)
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} http://webchat.geopia.com/activeX/GeoStart.cab (ChatModule Control)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (DigWebHelper Class)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab (CheckersZPA Object)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab (ZPA_Backgammon Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 10:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/09 17:14:02 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/09 16:14:04 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/06/02 15:43:20 | 000,172,032 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/09/14 11:52:43 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d6854878-71a9-11df-827f-00248c7511e1}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{d6854878-71a9-11df-827f-00248c7511e1}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 15:43:20 | 000,172,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/30 14:29:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/24 19:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jenna & Brooktini 2011 Easter
[2011/04/23 22:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Castro's Anniversary
[2011/04/19 21:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/19 21:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/19 21:23:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 12:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Writewood 2011
[2011/04/14 20:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MUMBO JUMBO
[2011/04/13 15:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011/04/11 18:56:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Copy of My Pictures
[2011/04/11 17:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Companion
[2011/04/11 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011/04/11 17:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2011/04/11 17:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2011/04/11 17:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FrostWire
[2011/04/11 17:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2011/04/11 17:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
[2011/04/11 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/04/11 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\FrostWire
[2011/04/11 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/04/11 17:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/11 17:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/11 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/10 21:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jr photos Sunday fb favs
[2011/04/10 20:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jr photos Sunday 4-10-11
[2011/04/10 20:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Junior Video Race 4 2011
[2011/04/09 21:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Big Cars & Jr 2011 Video race 3
[2011/04/09 21:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Big cars & jr's 2011
[2011/04/09 11:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Lorraine O'Brien
[2011/04/07 18:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FAVS 2011 PHOTO & VIDEO
[2011/04/06 14:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Legals 2-5-11edit
[2011/04/06 14:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street legals to Mark
[2011/04/06 13:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2006/10/20 19:14:52 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/07/20 19:47:23 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[36 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 18:01:20 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2094700345-2452418879-86319907-1003.job
[2011/04/30 18:01:20 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2094700345-2452418879-86319907-1003.job
[2011/04/30 17:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 14:37:14 | 000,447,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 14:37:14 | 000,073,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 14:33:43 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 14:33:23 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/30 14:33:23 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/04/30 14:32:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 14:32:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 14:32:27 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 14:20:26 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5ADDC43B-8380-45BD-9D8E-295692934D71}.job
[2011/04/29 23:40:35 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/27 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/27 15:36:30 | 000,079,121 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/04/23 15:11:25 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 21:23:13 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 15:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2011/04/13 03:25:44 | 002,409,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 03:08:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 18:01:18 | 000,001,303 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Folder.jpg
[2011/04/11 18:01:18 | 000,000,727 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\AlbumArtSmall.jpg
[2011/04/11 17:53:20 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2011/04/11 17:52:23 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/11 17:52:23 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.5.lnk
[2011/04/11 17:46:39 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/11 17:42:52 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/04/11 17:42:52 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\8EA4A0
[2011/04/11 17:41:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/11 17:41:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/11 17:33:40 | 000,133,816 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/06 19:44:46 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/04/06 13:43:46 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/06 13:43:27 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/04/06 13:43:13 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/04/06 13:43:13 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/04/06 13:43:09 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[36 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 15:36:30 | 000,079,121 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/04/19 22:43:13 | 3220,230,144 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/19 21:23:13 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 17:53:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2011/04/11 17:52:23 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/04/11 17:52:23 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.5.lnk
[2011/04/11 17:46:39 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/06 13:43:46 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/03/08 11:12:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/03/06 22:27:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 16:17:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/01/31 16:14:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/10 19:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/12/09 14:46:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/12/09 14:46:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/12/09 14:46:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/12/09 14:46:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/12/09 14:46:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/12/09 14:46:19 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/12/09 14:46:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/12/09 14:46:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/12/09 14:46:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/12/09 14:46:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/12/09 14:46:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/12/09 14:46:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/12/09 14:46:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/12/09 14:46:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/12/09 14:46:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/12/09 14:46:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/09 14:45:14 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EPWF610.ini
[2009/12/01 13:04:29 | 000,079,726 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/12/01 13:04:29 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/11/29 00:03:03 | 000,133,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/28 13:48:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/26 15:09:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/10 21:14:13 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/08/10 21:14:13 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/08/10 21:14:10 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/08/10 21:14:10 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/08/10 21:13:04 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/10 21:12:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/10 21:12:19 | 000,037,217 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/10 21:12:18 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/13 20:07:23 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/19 18:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/16 12:57:41 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kodakpcd.ini
[2008/12/25 09:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/25 09:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/25 09:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/25 09:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/25 09:08:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/04 22:29:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/02/27 13:39:52 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\EventStore.xml
[2008/02/27 13:39:52 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CampaignStore.xml
[2008/02/27 13:39:52 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\UpdateStore.xml
[2008/02/26 11:17:52 | 000,001,291 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SoftwarePackageStore.xml
[2008/02/26 11:17:52 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2008/02/26 11:17:52 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ConfigurationStore.xml
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/24 14:18:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/13 20:16:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\JpegEx.dll
[2006/10/29 20:05:13 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/29 20:05:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/08 12:09:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msn.ini
[2006/01/19 15:08:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/01/16 16:31:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/21 03:36:46 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/12/07 20:52:09 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/30 14:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2005/11/11 16:35:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/11/11 16:35:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/11/11 15:40:04 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/11 15:40:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/08/28 13:21:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/08/24 16:40:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/19 17:30:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/05/03 12:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 12:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/27 11:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/03/31 17:02:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\GeoUpdate.exe
[2005/03/03 17:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/01/02 01:56:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/12 19:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2004/09/01 17:29:16 | 000,001,165 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2004/08/26 08:53:30 | 000,000,350 | ---- | C] () -- C:\WINDOWS\IA.ini
[2004/08/25 13:24:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2004/08/12 08:44:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2004/08/12 08:44:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2004/08/07 07:36:01 | 000,000,070 | ---- | C] () -- C:\WINDOWS\7FE51859.ini
[2004/08/05 23:05:32 | 000,104,060 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 17:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/02 17:18:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/07/25 20:17:36 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/24 09:58:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/23 14:17:41 | 000,047,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/20 21:16:11 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/07/20 21:00:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/07/20 21:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/07/20 21:00:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/07/20 20:10:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2004/07/20 20:10:09 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2004/07/20 20:06:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000002-80691102}.dat
[2004/07/20 20:06:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000009-00001102-00000002-80691102}.dat
[2004/07/20 19:47:33 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/07/20 19:47:33 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/07/20 19:47:24 | 000,037,729 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/07/20 19:47:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/20 19:47:23 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2004/07/20 19:47:23 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2004/07/20 19:47:23 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2004/07/20 19:47:23 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2004/07/20 19:47:23 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2004/07/20 19:47:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004/07/20 19:47:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2004/07/20 19:47:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2004/07/20 19:47:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/07/20 19:47:17 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/28 15:48:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/28 12:31:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2002/10/28 12:30:01 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.153.exe
[2002/10/28 12:29:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/10/28 12:29:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2002/10/28 12:18:04 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/28 12:17:57 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/28 11:42:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/28 11:37:38 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2002/10/28 11:37:37 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2002/10/28 11:37:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002/10/28 11:34:32 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/10/28 11:31:05 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2002/10/28 11:23:47 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/10/28 11:23:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/10/28 11:23:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/10/28 10:40:15 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/28 10:38:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/10/28 10:33:19 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/10/28 09:23:12 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/28 09:22:57 | 000,447,270 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/10/28 09:22:57 | 000,073,882 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/10/28 02:28:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/10/28 02:27:21 | 002,409,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/24 00:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/05/24 20:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/05/24 20:44:48 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/01/23 02:42:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/14 14:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/08/31 23:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 19:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/06/13 23:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2004/07/20 20:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2009/06/01 14:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/12/09 14:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/04/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/06/06 13:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/05/16 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2007/05/04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2004/08/05 23:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2008/04/06 12:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2007/10/05 19:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/04/26 15:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/04/28 14:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/01/25 13:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2006/02/21 19:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2006/07/08 12:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/02/15 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2008/02/08 17:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/06/01 14:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/11/08 11:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/04/02 10:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/04/02 10:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2009/04/02 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2005/06/10 22:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/09/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/03/23 17:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/03/10 17:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/10/08 18:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2006/10/06 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/11/13 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/04/02 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2007/10/04 21:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Super X Studios
[2010/03/19 17:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/03/25 19:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/19 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 17:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2008/01/06 18:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/19 19:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/07 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/28 23:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/26 22:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/06/23 22:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2006/04/26 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2006/10/06 17:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Balloon Express
[2007/07/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2008/04/04 18:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2009/06/15 17:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/05/14 10:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/01 14:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/01/27 11:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Epson
[2008/05/16 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2007/05/04 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FloodLightGames
[2004/08/06 09:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2011/04/11 22:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2004/11/09 20:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2011/04/27 15:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/11/03 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iLike
[2010/04/26 15:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2009/03/17 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio
[2007/02/25 12:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/03/26 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWinArcade
[2008/06/02 16:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero
[2006/01/19 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/04/11 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2006/04/25 15:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Match
[2006/02/21 20:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN Search Toolbar
[2007/11/10 12:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2007/09/21 11:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mysteryville2
[2010/11/08 11:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2011/04/11 17:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/03/16 16:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2010/11/08 11:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Photodex
[2008/03/02 12:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pirateville
[2008/09/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2008/10/20 13:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2009/10/05 19:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reg Tool
[2009/01/02 17:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2002/10/28 12:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/09/11 08:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shutterfly
[2009/02/16 18:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2008/02/26 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftwareDetectionScripts
[2008/02/14 20:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Super-Cow
[2010/03/19 17:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
[2011/04/11 21:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUpMedia
[2004/08/02 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2009/06/08 11:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio
[2009/01/17 17:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
[2008/10/08 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2011/04/30 14:20:26 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5ADDC43B-8380-45BD-9D8E-295692934D71}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\Summit Banquet 2010.exe:SummaryInformation

< End of report >



Kathryn Rau   :flowers: 

 

KathrynRauPhotography@hotmail.com

 


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:41 PM

Posted 30 April 2011 - 08:16 PM

Just to check, you did run ATF, right?

Please now run MBAM and SAS

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And SAS

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users