Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

had xp restorer still have tdds rootkit i think


  • This topic is locked This topic is locked
1 reply to this topic

#1 MOCCONSULTING

MOCCONSULTING

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 23 June 2011 - 11:02 AM

i had a xp restorer infection had an old version of java installed since removed i followed instructions for removing the xp restorer infection. booted to safemode networking ran combofix it updated and ran tried torun tdsskiller and it would not start. combofix did remove several dozen files and system seems to run much better if you type in a url it goes to that web address. but if you do a google search it redirects you to any number of places from the yellow pages to unrelated site the only thing i see consistently is references to scour.com. I believe i have the variant that includes a tdss rootkit i run malware bytes antimalware and it finds nothing.

this is the most recent combofix log it overwrote the older one that had more entries


ComboFix 11-06-22.05 - mark 06/23/2011 10:51:03.3.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2029.1705 [GMT -4:00]
Running from: c:\spywarefixes\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\mark\Start Menu\Programs\Windows XP Repair
c:\documents and settings\mark\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
c:\documents and settings\mark\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
.
----- BITS: Possible infected sites -----
.
hxxp://ppc.thomson.com.edgesuite.net
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 14:41 . 2011-06-23 14:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 14:36 . 2011-06-23 14:36 -------- d-----w- c:\documents and settings\mark\Application Data\WinPatrol
2011-06-23 14:35 . 2011-06-23 14:36 -------- d-----w- c:\program files\BillP Studios
2011-06-23 14:35 . 2011-06-23 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2011-06-20 20:57 . 2008-12-09 01:45 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-06-20 20:40 . 2011-06-20 20:40 -------- d-----w- c:\documents and settings\administrator.KSCCPA\Local Settings\Application Data\assembly
2011-06-20 20:40 . 2011-06-20 20:40 -------- d-----w- c:\documents and settings\administrator.KSCCPA\Local Settings\Application Data\Deployment
2011-06-20 19:48 . 2011-06-20 19:48 -------- d-----w- c:\documents and settings\administrator.KSCCPA\Local Settings\Application Data\Temp
2011-06-20 19:21 . 2011-06-20 19:21 -------- d-----w- c:\documents and settings\administrator.KSCCPA\Application Data\Malwarebytes
2011-06-20 19:09 . 2011-06-20 19:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-20 19:04 . 2011-06-20 19:04 58640 ----a-r- c:\documents and settings\administrator.KSCCPA\Application Data\Microsoft\Installer\{23811A55-1914-4870-8F77-BC515331C8B2}\ARPPRODUCTICON.exe
2011-06-20 19:04 . 2011-06-20 19:04 -------- d-----w- c:\documents and settings\administrator.KSCCPA\Local Settings\Application Data\Downloaded Installations
2011-06-20 18:32 . 2011-06-23 14:48 -------- d-----w- C:\spywarefixes
2011-06-20 17:46 . 2011-06-20 17:46 -------- d-----w- C:\Test folder
2011-06-20 17:44 . 2011-06-20 17:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-06-20 17:44 . 2011-06-20 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\CEZEO software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 19:09 . 2009-07-11 23:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-29 13:11 . 2011-01-07 18:16 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-20_18.52.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 01:15 . 2008-10-25 01:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 07:08 . 2006-12-02 07:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 07:26 . 2006-12-02 07:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 07:25 . 2006-12-02 07:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-12-02 05:56 . 2006-12-02 05:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2008-08-26 02:50 . 2008-08-26 02:50 40960 c:\windows\system32\VBAME.DLL
- 2006-07-24 17:50 . 2006-07-24 17:50 39728 c:\windows\system32\SCP32.DLL
+ 2006-07-24 14:50 . 2006-07-24 14:50 39728 c:\windows\system32\SCP32.DLL
+ 2008-10-21 18:09 . 2008-10-21 18:09 70264 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2006-10-26 18:10 . 2006-10-26 18:10 33088 c:\windows\system32\FM20ENU.DLL
- 2006-10-26 21:10 . 2006-10-26 21:10 33088 c:\windows\system32\FM20ENU.DLL
+ 2008-12-09 01:43 . 2008-12-09 01:43 42312 c:\windows\system32\drivers\WPSDRVnt.sys
+ 2008-10-14 15:24 . 2008-10-14 15:24 49536 c:\windows\system32\drivers\Teefer2.sys
+ 2008-11-18 22:17 . 2008-11-18 22:17 23888 c:\windows\system32\drivers\COH_Mon.sys
- 2009-12-10 21:35 . 2011-06-06 21:05 25214 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Distiller.exe
+ 2009-12-10 21:35 . 2011-06-20 20:55 25214 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Distiller.exe
- 2009-12-10 21:35 . 2011-06-06 21:05 25214 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat_Standard.exe
+ 2009-12-10 21:35 . 2011-06-20 20:55 25214 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat_Standard.exe
+ 2009-12-10 21:35 . 2011-06-20 20:55 25214 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe
- 2009-12-10 21:35 . 2011-06-06 21:05 25214 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe
- 2009-07-11 23:34 . 2010-03-04 19:55 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-11 23:34 . 2010-03-04 19:55 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-07-11 23:34 . 2010-03-04 19:55 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-05-23 13:13 . 2011-05-23 13:13 50448 c:\windows\Installer\{341FCF4E-EBD4-4237-9CCC-99AD39BC027E}\ARPPRODUCTICON.exe
+ 2011-06-20 19:04 . 2011-06-20 19:04 50448 c:\windows\Installer\{341FCF4E-EBD4-4237-9CCC-99AD39BC027E}\ARPPRODUCTICON.exe
+ 2009-04-02 17:02 . 2009-04-02 17:02 14720 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\SMARTTAGINSTALL.EXE
+ 2009-03-06 10:04 . 2009-03-06 10:04 33152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\SETLANG.EXE
+ 2009-03-06 09:04 . 2009-03-06 09:04 39464 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\REFIEBAR.DLL
+ 2008-11-04 08:29 . 2008-11-04 08:29 39248 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\REFEDIT.DLL
+ 2009-04-02 17:02 . 2009-04-02 17:02 45968 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OSETUPPS.DLL
+ 2009-04-02 17:02 . 2009-04-02 17:02 17792 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OPHPROXY.DLL
+ 2009-04-02 17:02 . 2009-04-02 17:02 15760 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OMUOPTINPS.DLL
+ 2009-03-06 09:23 . 2009-03-06 09:23 22432 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OISCTRL.DLL
+ 2008-11-04 07:02 . 2008-11-04 07:02 54744 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OFFRHD.DLL
+ 2009-03-06 09:04 . 2009-03-06 09:04 64872 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\NAME.DLL
+ 2009-04-02 17:01 . 2009-04-02 17:01 42864 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSSH.DLL
+ 2009-04-03 23:46 . 2009-04-03 23:46 34200 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSOSTYLE.DLL
+ 2008-11-04 08:49 . 2008-11-04 08:49 66424 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSOMSE.DLL
+ 2008-11-10 15:50 . 2008-11-10 15:50 68472 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSOHTMED.EXE
+ 2008-11-10 15:50 . 2008-11-10 15:50 76664 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSOHEV.DLL
+ 2008-11-10 16:38 . 2008-11-10 16:38 27000 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSOEURO.DLL
+ 2008-11-04 04:39 . 2008-11-04 04:39 14728 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSOCFU.DLL
+ 2009-04-02 17:01 . 2009-04-02 17:01 18816 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSMH.DLL
+ 2009-03-06 10:10 . 2009-03-06 10:10 47472 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSE7.EXE
+ 2008-10-26 11:26 . 2008-10-26 11:26 66944 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSAEXP30.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 89464 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\METCONV.DLL
+ 2009-04-02 17:01 . 2009-04-02 17:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\EXP_XPS.DLL
+ 2009-04-03 23:46 . 2009-04-03 23:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\EXP_PDF.DLL
+ 2008-10-26 10:42 . 2008-10-26 10:42 65376 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\COLLIMP.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 54152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\AUTHZAX.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 55152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACERCLR.DLL
+ 2008-10-25 10:31 . 2008-10-25 10:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEODTXT.DLL
+ 2008-10-25 10:31 . 2008-10-25 10:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEODPDX.DLL
+ 2008-10-25 10:31 . 2008-10-25 10:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEODEXL.DLL
+ 2008-10-25 10:31 . 2008-10-25 10:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEODDBS.DLL
+ 2009-03-06 07:47 . 2009-03-06 07:47 47008 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEERR.DLL
+ 2008-11-21 07:02 . 2008-11-21 07:02 94592 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACCOLK.DLL
+ 2011-06-20 19:05 . 2011-06-20 19:05 45056 c:\windows\assembly\GAC_MSIL\PTWSPrxy\1.0.0.0__42dd8d8387f1f24a\PTWSPRXY.DLL
- 2011-05-23 13:14 . 2011-05-23 13:14 45056 c:\windows\assembly\GAC_MSIL\PTWSPrxy\1.0.0.0__42dd8d8387f1f24a\PTWSPRXY.DLL
+ 2011-06-20 19:05 . 2011-06-20 19:05 24576 c:\windows\assembly\GAC_MSIL\DocWpr10\1.0.0.0__26f72892819e8c24\DOCWPR10.DLL
- 2011-05-23 13:14 . 2011-05-23 13:14 24576 c:\windows\assembly\GAC_MSIL\DocWpr10\1.0.0.0__26f72892819e8c24\DOCWPR10.DLL
- 2011-05-23 13:14 . 2011-05-23 13:14 24576 c:\windows\assembly\GAC_MSIL\DocWpr09\1.0.0.0__26f72892819e8c24\DOCWPR09.DLL
+ 2011-06-20 19:05 . 2011-06-20 19:05 24576 c:\windows\assembly\GAC_MSIL\DocWpr09\1.0.0.0__26f72892819e8c24\DOCWPR09.DLL
- 2011-05-23 13:14 . 2011-05-23 13:14 24576 c:\windows\assembly\GAC_MSIL\DocWpr08\1.0.0.0__26f72892819e8c24\DOCWPR08.DLL
+ 2011-06-20 19:05 . 2011-06-20 19:05 24576 c:\windows\assembly\GAC_MSIL\DocWpr08\1.0.0.0__26f72892819e8c24\DOCWPR08.DLL
- 2011-05-23 13:14 . 2011-05-23 13:14 24576 c:\windows\assembly\GAC_MSIL\DocWpr07\1.0.0.0__26f72892819e8c24\DOCWPR07.DLL
+ 2011-06-20 19:05 . 2011-06-20 19:05 24576 c:\windows\assembly\GAC_MSIL\DocWpr07\1.0.0.0__26f72892819e8c24\DOCWPR07.DLL
- 2011-05-23 13:14 . 2011-05-23 13:14 24576 c:\windows\assembly\GAC_MSIL\DocWpr06\1.0.0.0__26f72892819e8c24\DOCWPR06.DLL
+ 2011-06-20 19:05 . 2011-06-20 19:05 24576 c:\windows\assembly\GAC_MSIL\DocWpr06\1.0.0.0__26f72892819e8c24\DOCWPR06.DLL
+ 2009-12-10 21:35 . 2011-06-20 20:55 7278 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_ELEMENTS_DT.exe
- 2009-12-10 21:35 . 2011-06-06 21:05 7278 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_ELEMENTS_DT.exe
- 2006-12-02 02:54 . 2006-12-02 02:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 02:54 . 2006-12-02 02:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 02:54 . 2006-12-02 02:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-10-26 20:45 . 2006-10-26 20:45 293376 c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 17:45 . 2006-10-26 17:45 293376 c:\windows\system32\WISPTIS.EXE
+ 2008-12-09 01:43 . 2008-12-09 01:43 357704 c:\windows\system32\sysfer.dll
+ 2006-04-25 17:43 . 2011-06-23 14:51 668410 c:\windows\system32\perfh009.dat
+ 2006-04-25 17:43 . 2011-06-23 14:51 150728 c:\windows\system32\perfc009.dat
+ 2008-03-25 04:21 . 2008-03-25 04:21 218496 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2011-06-23 14:41 . 2011-06-23 14:41 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
+ 2011-06-23 14:41 . 2011-06-23 14:41 321184 c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.dll
+ 2011-06-20 19:09 . 2011-06-20 19:09 157472 c:\windows\system32\javaws.exe
+ 2011-06-20 19:09 . 2011-06-20 19:09 145184 c:\windows\system32\javaw.exe
+ 2011-06-20 19:09 . 2011-06-20 19:09 145184 c:\windows\system32\java.exe
+ 2006-10-26 17:45 . 2006-10-26 17:45 207360 c:\windows\system32\INKED.DLL
- 2006-10-26 20:45 . 2006-10-26 20:45 207360 c:\windows\system32\INKED.DLL
+ 2006-04-25 17:39 . 2011-06-20 21:47 324320 c:\windows\system32\FNTCACHE.DAT
- 2006-04-25 17:39 . 2011-04-03 15:04 324320 c:\windows\system32\FNTCACHE.DAT
+ 2008-06-20 03:12 . 2010-09-11 02:32 167936 c:\windows\system32\drivers\WpsHelper.sys
+ 2011-06-20 19:17 . 2011-06-20 19:17 203776 c:\windows\Installer\5a21c.msi
+ 2011-06-20 19:09 . 2011-06-20 19:09 675840 c:\windows\Installer\5a216.msi
+ 2011-06-20 19:04 . 2011-06-20 19:04 419840 c:\windows\Installer\5a20e.msi
- 2009-07-11 23:34 . 2010-03-04 19:55 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2009-07-11 23:34 . 2010-03-04 19:55 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2009-07-11 23:34 . 2010-03-04 19:55 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-11 23:34 . 2010-03-04 19:55 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-11 23:34 . 2010-03-04 19:55 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-10 22:16 . 2009-12-10 22:16 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-06-20 21:36 . 2011-06-20 21:36 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-04-03 22:57 . 2009-04-03 22:57 509256 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\WRD12CVR.DLL
+ 2009-03-06 07:37 . 2009-03-06 07:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\SOA.DLL
+ 2009-04-02 18:06 . 2009-04-02 18:06 439160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\SETUP.EXE
+ 2008-10-25 11:19 . 2008-10-25 11:19 503688 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\SELFCERT.EXE
+ 2009-04-02 19:35 . 2009-04-02 19:35 368520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PPSLAX.DLL
+ 2008-10-26 10:42 . 2008-10-26 10:42 482656 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PORTCONN.DLL
+ 2008-11-04 06:24 . 2008-11-04 06:24 285576 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OISGRAPH.DLL
+ 2008-11-04 06:24 . 2008-11-04 06:24 998784 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OISAPP.DLL
+ 2008-11-04 06:24 . 2008-11-04 06:24 274808 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OIS.EXE
+ 2008-03-19 11:27 . 2008-03-19 11:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OGALEGIT.DLL
+ 2009-04-02 18:06 . 2009-04-02 18:06 231848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ODEPLOY.EXE
+ 2009-03-06 10:16 . 2009-03-06 10:16 538968 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSTORES.DLL
+ 2009-03-06 10:16 . 2009-03-06 10:16 144728 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSTORE.EXE
+ 2009-03-06 10:16 . 2009-03-06 10:16 832344 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSTORDB.EXE
+ 2008-10-25 03:21 . 2008-10-25 03:21 505192 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSSOAP30.DLL
+ 2009-03-06 10:05 . 2009-03-06 10:05 671072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSQRY32.EXE
+ 2008-11-21 04:42 . 2008-11-21 04:42 732504 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSPROOF6.DLL
+ 2008-10-25 03:50 . 2008-10-25 03:50 436584 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSORUN.DLL
+ 2009-03-06 09:04 . 2009-03-06 09:04 427848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSODCW.DLL
+ 2009-03-06 08:31 . 2009-03-06 08:31 160616 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSOCF.DLL
+ 2008-11-04 09:13 . 2008-11-04 09:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2008-10-25 18:39 . 2008-10-25 18:39 290632 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSCDM.DLL
+ 2008-11-04 08:49 . 2008-11-04 08:49 460680 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MODHELP.DLL
+ 2008-11-04 08:49 . 2008-11-04 08:49 829280 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MEDCAT.DLL
+ 2009-04-02 17:01 . 2009-04-02 17:01 177520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\IETAG.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\IEAWSDC.DLL
+ 2008-11-25 03:17 . 2008-11-25 03:17 983944 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\FPWEC.DLL
+ 2008-11-04 06:44 . 2008-11-04 06:44 435096 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\DWTRIG20.EXE
+ 2008-11-04 06:44 . 2008-11-04 06:44 439632 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\DWDCW20.DLL
+ 2009-03-06 09:04 . 2009-03-06 09:04 105856 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\DSSM.EXE
+ 2008-11-21 05:02 . 2008-11-21 05:02 189816 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\CONTACTPICKER.DLL
+ 2008-11-04 08:47 . 2008-11-04 08:47 205680 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\CLVIEW.EXE
+ 2008-11-04 09:21 . 2008-11-04 09:21 400208 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\CDLMSO.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 370608 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEXBE.DLL
+ 2008-11-04 09:06 . 2008-11-04 09:06 208816 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEWSS.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 223152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACETXT.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 550840 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEREP.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 288688 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACER3X.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 255920 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACER2X.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 391096 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEPDE.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 387000 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEOLEDB.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 278912 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEODBC.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 206776 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACELTS.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 628656 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEEXCL.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 337832 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEEXCH.DLL
+ 2009-03-06 07:47 . 2009-03-06 07:47 190400 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEES.DLL
+ 2009-03-06 07:47 . 2009-03-06 07:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACEDAO.DLL
+ 2008-10-26 11:26 . 2008-10-26 11:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACCWIZ.DLL
+ 2009-03-06 07:47 . 2009-03-06 07:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACACEDAO.DLL
+ 2008-10-25 01:15 . 2008-10-25 01:15 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 07:25 . 2006-12-02 07:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 07:25 . 2006-12-02 07:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2008-03-25 04:21 . 2008-03-25 04:21 2889088 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-08-18 03:33 . 2009-08-18 03:33 1193832 c:\windows\system32\FM20.DLL
- 2009-08-18 04:33 . 2009-08-18 04:33 1193832 c:\windows\system32\FM20.DLL
- 2009-07-11 23:34 . 2010-03-04 19:55 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-11 23:34 . 2011-06-20 21:43 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-10 22:28 . 2010-03-04 19:55 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-10 22:28 . 2011-06-20 21:43 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-08-26 03:50 . 2008-08-26 03:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2009-03-06 08:01 . 2009-03-06 08:01 2335648 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\STSLIST.DLL
+ 2008-11-10 07:41 . 2008-11-10 07:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2009-04-02 18:07 . 2009-04-02 18:07 6540120 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OSETUP.DLL
+ 2009-03-06 09:55 . 2009-03-06 09:55 7036800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OFFOWC.DLL
+ 2009-04-03 23:21 . 2009-04-03 23:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2008-10-25 04:45 . 2008-10-25 04:45 1518504 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\NLSD0000.DLL
+ 2009-04-02 17:01 . 2009-04-02 17:01 6637936 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSORES.DLL
+ 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2008-10-25 08:38 . 2008-10-25 08:38 1682800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\FPSRVUTL.DLL
+ 2009-03-06 07:47 . 2009-03-06 07:47 1759136 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ACECORE.DLL
+ 2009-04-03 23:21 . 2009-04-03 23:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OART.DLL
+ 2009-04-03 23:46 . 2009-04-03 23:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-03-06 07:37 . 2009-03-06 07:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSACCESS.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-11-13 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-19 773144]
"WatchDog"="c:\program files\InterVideo\DVD8SESD\DVDCheck.exe" [2009-03-05 200848]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"CNG.Safe.Filer"="c:\program files\CNG\CNG-SAFE\CNG.Safe.Filer.exe" [2010-10-12 93184]
"CNG-SAFE virtual printer agent"="c:\program files\CNG\CNG-SAFE\Printer\cngsagent.exe" [2007-11-26 94208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"PfuSsSct.exe"="c:\program files\PFU\ScanSnap\PfuSsSct.exe" [2003-12-22 110592]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"LanTalk.NET"="c:\program files\CEZEO software\LanTalk NET\LanTalk.exe" [2009-11-26 364224]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe [2009-12-10 36864]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe [2009-12-10 36864]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5803864]
PfxPDFConvertService.exe.lnk - c:\pfx engagement\WM\PfxPDFConvertService.exe [2008-11-14 173568]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2009-12-10 991232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-28 00:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-28 00:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CEZEO software\\LanTalk NET\\LanTalk.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 6:14 AM 24064]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [6/4/2010 11:35 AM 911680]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [7/11/2009 7:12 PM 149600]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 5:46 AM 44800]
S1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2/20/2009 7:04 PM 195456]
S2 0252821257794782mcinstcleanup;McAfee Application Installer Cleanup (0252821257794782);c:\docume~1\ADMINI~1\LOCALS~1\Temp\025282~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\025282~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [11/27/2007 8:42 PM 185896]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [6/4/2010 11:35 AM 2480048]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [10/3/2008 4:33 PM 1185016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 MSSQL$PROFXENGAGEMENT;SQL Server (PROFXENGAGEMENT);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [5/27/2009 4:27 AM 29262680]
S2 MSSQL$TOCTTARGPPC05;SQL Server (TOCTTARGPPC05);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [5/27/2009 4:27 AM 29262680]
S2 PFXEngDesktopService;PFXEngDesktopService;c:\pfx engagement\Common\PFXEngDesktopService.exe [11/14/2008 4:34 PM 428032]
S2 PFXSYNPFTService;PFXSYNPFTService;c:\pfx engagement\Common\PFXSYNPFTService.exe [11/14/2008 4:32 PM 436736]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 2:02 PM 1251840]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 11:09 PM 11032]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [7/11/2009 7:29 PM 2054680]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [6/4/2010 11:35 AM 160704]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/13/2011 9:44 AM 105592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8074
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.114.11
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 10:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
Completion time: 2011-06-23 10:57:35
ComboFix-quarantined-files.txt 2011-06-23 14:57
ComboFix2.txt 2011-06-20 18:55
.
Pre-Run: 252,487,495,680 bytes free
Post-Run: 252,943,044,608 bytes free
.
- - End Of File - - B4C3F662E93D125D9B621DE6E51E29ED



this is a current rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as mark on 06/23/2011 at 10:40:40.


Processes terminated by Rkill or while it was running:




Rkill completed on 06/23/2011 at 10:40:46.


this is a hijack log run from winpatrol

Log created by WinPatrol [FREE Edition] version 20.5.2011.0:20.5.2011.0
Scan saved at 11:37:37 AM, on 6/23/2011
Platform: Windows XP SP3 Service Pack 3 (Build 2600)
MSIE: Internet Explorer (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRAM FILES\FINGERPRINT SENSOR\ATSERVICE.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\Symantec\SYMANTEC ENDPOINT PROTECTION\Smc.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\accoca.exe
C:\PROGRAM FILES\COMMON FILES\Acronis\SCHEDULE2\schedul2.exe
C:\PROGRAM FILES\COMMON FILES\Acronis\CDP\afcdpsrv.exe
C:\PROGRAM FILES\MICROSOFT SMALL BUSINESS\BUSINESS CONTACT MANAGER\BCMSQLSTARTUPSVC.EXE
C:\PROGRAM FILES\COMMON FILES\INTERVIDEO\RegMgr\IVIREGMGR.EXE
C:\PROGRAM FILES\Intel\AMT\LMS.exe
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\PFX ENGAGEMENT\Common\PFXENGDESKTOPSERVICE.EXE
C:\PFX ENGAGEMENT\Common\PFXSYNPFTSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\Protexis\LICENSE SERVICE\PSISERVICE_2.EXE
C:\PROGRAM FILES\COMMON FILES\Intuit\QUICKBOOKS\QBCFMONITORSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\Intuit\DATAPROTECT\QBIDPSERVICE.EXE
C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\Shared\SQLWRITER.EXE
C:\PROGRAM FILES\Symantec\SYMANTEC ENDPOINT PROTECTION\Rtvscan.exe
C:\PROGRAM FILES\COMMON FILES\Intel\PRIVACY ICON\UNS\UNS.exe
C:\WINDOWS\system32\SEARCHINDEXER.EXE
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\Symantec\SYMANTEC ENDPOINT PROTECTION\SmcGui.exe
C:\PROGRAM FILES\ANALOG DEVICES\Core\smax4pnp.exe
C:\PROGRAM FILES\COMMON FILES\Intel\PRIVACY ICON\PRIVACYICONCLIENT.EXE
C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\accrdsub.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccApp.exe
C:\PROGRAM FILES\CNG\CNG-SAFE\CNG.SAFE.FILER.EXE
C:\PROGRAM FILES\CNG\CNG-SAFE\Printer\CNGSAGENT.EXE
C:\PROGRAM FILES\Adobe\ACROBAT 7.0\Distillr\acrotray.exe
C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\acevents.exe
C:\PROGRAM FILES\PFU\ScanSnap\PfuSsSct.exe
C:\PROGRAM FILES\Acronis\TRUEIMAGEHOME\TRUEIMAGEMONITOR.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\PFU\ScanSnap\CARDMINDER V3.0\CARDLAUNCHER.EXE
C:\PFX ENGAGEMENT\WM\PFXPDFCONVERTSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\Intuit\QUICKBOOKS\QBUpdate\qbupdate.exe
C:\PROGRAM FILES\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: - {0BF43445-2F28-4351-9252-17FE6E806AA0} -
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA]C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP]C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [picon]C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe -startup
O4 - HKLM\..\Run: [WatchDog]C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe
O4 - HKLM\..\Run: [accrdsub]C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
O4 - HKLM\..\Run: [SetRefresh]C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard]C:\WINDOWS\SMINST\Recguard.exe
O4 - HKLM\..\Run: [Reminder]C:\WINDOWS\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [ccApp]C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [CNG.Safe.Filer]C:\Program Files\CNG\CNG-SAFE\CNG.Safe.Filer.exe
O4 - HKLM\..\Run: [CNG-SAFE virtual printer agent]C:\Program Files\CNG\CNG-SAFE\Printer\cngsagent.exe
O4 - HKLM\..\Run: [StartCCC]C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0]C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
O4 - HKLM\..\Run: [PfuSsSct.exe]C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [Intuit SyncManager]C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [TrueImageMonitor.exe]C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [LanTalk.NET]C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
O4 - HKLM\..\Run: [Synchronization Manager]%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe ARM]C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [WinPatrol [FREE Edition]]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Task Catcher]C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe
O4 - HKCU\..\Run: [updateMgr]c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe AcStd7_1_0 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CardMinder Viewer.lnk=C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk=C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe
O4 - Global Startup: Intuit Data Protect.lnk=C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: PfxPDFConvertService.exe.lnk=C:\Pfx Engagement\WM\PfxPDFConvertService.exe
O4 - Global Startup: QuickBooks Update Agent.lnk=C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk=C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
O4 - Global Startup: ScanSnap Manager.lnk=C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260221802635
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260221899506
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KSCCPA.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KSCCPA.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KSCCPA.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = KSCCPA.local
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0252821257794782) - - C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\025282~1.EXE
O23 - Service: ActivClient Middleware Service - ActivIdentity - C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\accoca.exe
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\PROGRAM FILES\COMMON FILES\Acronis\SCHEDULE2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service - Acronis - C:\PROGRAM FILES\COMMON FILES\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service - AuthenTec, Inc. - C:\PROGRAM FILES\FINGERPRINT SENSOR\ATSERVICE.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccSvcHst.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\PROGRAM FILES\COMMON FILES\INTERVIDEO\RegMgr\IVIREGMGR.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
O23 - Service: Intel® Active Management Technology Local Management Service - Intel Corporation - C:\PROGRAM FILES\Intel\AMT\LMS.exe
O23 - Service: PC Angel - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PFXEngDesktopService - CCH Tax and Accounting - C:\PFX ENGAGEMENT\Common\PFXENGDESKTOPSERVICE.EXE
O23 - Service: PFXSYNPFTService - CCH Tax and Accounting - C:\PFX ENGAGEMENT\Common\PFXSYNPFTSERVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
O23 - Service: Protexis Licensing V2 - Protexis Inc. - C:\PROGRAM FILES\COMMON FILES\Protexis\LICENSE SERVICE\PSISERVICE_2.EXE
O23 - Service: QBCFMonitorService - Intuit - C:\PROGRAM FILES\COMMON FILES\Intuit\QUICKBOOKS\QBCFMONITORSERVICE.EXE
O23 - Service: Intuit QuickBooks FCS - Intuit Inc. - C:\PROGRAM FILES\COMMON FILES\Intuit\QUICKBOOKS\FCS\INTUIT.QUICKBOOKS.FCS.EXE
O23 - Service: QBIDPService - - C:\PROGRAM FILES\COMMON FILES\Intuit\DATAPROTECT\QBIDPSERVICE.EXE
O23 - Service: Symantec Management Client - Symantec Corporation - C:\PROGRAM FILES\Symantec\SYMANTEC ENDPOINT PROTECTION\Smc.exe
O23 - Service: Symantec Network Access Control - Symantec Corporation - C:\PROGRAM FILES\Symantec\SYMANTEC ENDPOINT PROTECTION\SNAC.EXE
O23 - Service: Symantec Endpoint Protection - Symantec Corporation - C:\PROGRAM FILES\Symantec\SYMANTEC ENDPOINT PROTECTION\Rtvscan.exe
O23 - Service: Intel® Active Management Technology User Notification Service - Intel Corporation - C:\PROGRAM FILES\COMMON FILES\Intel\PRIVACY ICON\UNS\UNS.exe

--- Additional WinPatrol Info ---
Default Browser: Windows« Internet Explorer - Internet Explorer version 8.00.6001.18702
MSIE: Internet Explorer (8.00.6001.18702)
0 IE Cookies in Folder: C:\Documents and Settings\mark\Cookies\
296 Mozilla Cookies in Folder: C:\Documents and Settings\mark\Application Data\Mozilla\FireFox\Profiles\pglh8jp0.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 1:Turn off Automatic Updates.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://


WP16 - ActiveX: {00000000-0000-0000-0000-000000000000} [QBOBJPROXY] C:\PROGRAM FILES\COMMON FILES\Intuit\QUICKBOOKS\QBOBJPROXY.DLL 21.0D R4
WP16 - ActiveX: {0468C085-CA5B-11D0-AF08-00609797F0E0} [Outlook Today's Data-binding control] C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL 1.9.0040.0
WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\WINDOWS\system32\icardie.dll 8.00.6001.18702
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5268
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\WINDOWS\system32\mshtml.dll 8.00.6001.18876
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {2933BF94-7B36-11D2-B20E-00C04F983E60} [XSL Template] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx 6.01.9247
WP16 - ActiveX: {38481807-CA0E-42D2-BF39-B33AF135CC4D} [IETag Factory] C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL 12.0.6425.1000
WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {4E430174-1673-4FF3-BF28-A3B37F6573E7} [Windows Desktop Search Combo Control] C:\PROGRAM FILES\WINDOWS DESKTOP SEARCH\wdsShell.dll 7.0.6001.16503
WP16 - ActiveX: {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18266
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18876
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.4.7600.226
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 11.0.5721.5268
WP16 - ActiveX: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [MUWebControl Class] C:\WINDOWS\system32\muweb.dll 7.4.7600.226
WP16 - ActiveX: {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18266
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18876
WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9876.0
WP16 - ActiveX: {88D969C5-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] C:\WINDOWS\system32\msxml4.dll 4.20.9876.0
WP16 - ActiveX: {88D969EA-F192-11D4-A65F-0040963251E5} [XML HTTP 5.0] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\msxml5.dll 5.20.1087.0
WP16 - ActiveX: {88D96A05-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1103.0
WP16 - ActiveX: {88D96A06-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1103.0
WP16 - ActiveX: {88D96A08-F192-11D4-A65F-0040963251E5} [XSL Template 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1103.0
WP16 - ActiveX: {88D96A0A-F192-11D4-A65F-0040963251E5} [XML HTTP 6.0] C:\WINDOWS\system32\msxml6.dll 6.20.1103.0
WP16 - ActiveX: {9203C2CB-1DC1-482D-967E-597AFF270F0D} [SharePoint OpenDocuments Class] C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL 12.0.6423.1000
WP16 - ActiveX: {C9712B19-838B-45A5-ABF2-9A315DDDED50} [Microsoft Office 12 Authorization Control] C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL 12.0.6413.1000
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll 10.1.0.534
WP16 - ActiveX: {CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [Deployment Toolkit] C:\WINDOWS\system32\DEPLOYJAVA1.DLL 6.0.260.3
WP16 - ActiveX: {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] C:\WINDOWS\system32\wmp.dll 11.0.5721.5268
WP16 - ActiveX: {CD3AFA84-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] C:\WINDOWS\system32\wmp.dll 11.0.5721.5268
WP16 - ActiveX: {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] C:\WINDOWS\system32\wmp.dll 11.0.5721.5268
WP16 - ActiveX: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Microsoft Url Search Hook] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18876
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx 10,3,181,26
WP16 - ActiveX: {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\4.0.50401.0\npctrl.dll 4.0.50401.0
WP16 - ActiveX: {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [NameCtrl Class] C:\PROGRAM FILES\MICROSOFT OFFICE\Office12\NAME.DLL 12.0.6423.1000
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {F5078F35-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {F5078F40-C551-11D3-89B9-0000F81FE221} [XML Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {F6D90F12-9C73-11D3-B32E-00C04F990BB4} [Free Threaded XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\system32\msxml3.dll 8.100.1051.0
WP16 - ActiveX: {00024522-0000-0000-C000-000000000046} [RefEdit.Ctrl] C:\Program Files\Microsoft Office\Office12\REFEDIT.DLL 12.0.6413.1000
WP16 - ActiveX: {0002E569-0000-0000-C000-000000000046} [Microsoft Office Spreadsheet 11.0] C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL 11.0.8304
WP16 - ActiveX: {0002E56B-0000-0000-C000-000000000046} [Microsoft Office Data Source Control 11.0] C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL 11.0.8304
WP16 - ActiveX: {261B8CA9-3BAF-4BD0-B0C2-BF04286785C6} [Microsoft Office Outlook View Control] C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5268
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8106
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8106
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {F8CF7A98-2C45-4c8d-9151-2D716989DDAB} [Microsoft Visio Document] C:\Program Files\Microsoft Office\Office12\VVIEWER.DLL 12.0.6513.5000
WP16 - ActiveX: {DFEAF541-F3E1-4c24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\4.0.50401.0\npctrl.dll 4.0.50401.0
WP16 - ActiveX: {ECD0ECC6-DCA4-4013-A915-12355AB70999} [MSWebDVD Class] C:\WINDOWS\system32\mswebdvd.dll 6.05.2600.5857
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {A9667083-5060-4f44-88FB-9FF7487BBA1B} [Intuit QuickBooks Connector] C:\PROGRAM FILES\COMMON FILES\Intuit\QUICKBOOKS\QBCONNECTOR.DLL 1, 0, 0, 6
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18266
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8106
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8106
WP16 - ActiveX: {99D1A18F-504B-4539-8AD2-9603D4F764B8} [HHClass Class] C:\PROGRAM FILES\Intuit\QUICKBOOKS 2009\HTMLHELPER.DLL 1, 0, 0, 1
WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8106
WP16 - ActiveX: {6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18266
WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {D20F1B09-2417-47B9-9C6A-95ABE4B98D28} [InstanceFinderUtil Class] C:\PROGRAM FILES\COMMON FILES\Intuit\QUICKBOOKS\QBINSTANCEFINDER.DLL 21.0D R4
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 8.00.6001.18876
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\system32\FM20.DLL 12.0.6514.5000
WP16 - ActiveX: {A3F2A195-0D11-463b-96BB-D2FF1B7490A1} [MSDVDAdm Class] C:\WINDOWS\system32\mswebdvd.dll 6.05.2600.5857
WP16 - ActiveX: {971127BB-259F-48c2-BD75-5F97A3331551} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18266
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 8.00.6001.18876
WP16 - ActiveX: {8E7F3ECF-40A1-425c-BE92-F51ED7BE61F1} [AnswerWorks 4 API] C:\PROGRAM FILES\COMMON FILES\ANSWERWORKS 4.0\awApi4.dll 4, 0, 0, 100
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll 10.1.0.534
WP16 - ActiveX: {CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [Deployment Toolkit] C:\WINDOWS\system32\DEPLOYJAVA1.DLL 6.0.260.3
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx 10,3,181,26
WP16 - ActiveX: {D27CDB70-AE6D-11cf-96B8-444553540000} [Macromedia Flash Factory Object] C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx 10,3,181,26
WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\cmldr
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\drivers\103C_HP_BPC_HP Compaq dc7900 Convertible Minitower_YB_0Comp_Q2UA928_EKR810UTABA_48_I3032h_SHP_V_B786G1 v01.16_T090305_WXP2_L409_M2030_J320_7Intel_8Pentium III Xeon_92.33_#090711_N808610DE_(KR810UT#ABA)_X_CD6_Z_2.MRK
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe shdocvw.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Office12\EXCEL.EXE /e

Memory currently in use: 37%
Physical Memory Free: 1,307,080 KB
Paging File Free: 3,230,116 KB
Virtual Memory Free: 2,031,724 KB


--
End of file



this is a current goored log

GooredFix by jpshortstuff (04.04.11.1)
Log created at 11:46 on 23/06/2011 (mark)
Firefox version 2.0.0.15 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\pglh8jp0.default\extensions\
staged-xpis [19:21 07/01/2011]
{20a82645-c095-46ed-80e3-08825760534b} [19:21 07/01/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:49 07/12/2009]

-=E.O.F=-


and this is a curent otl log file



OTL logfile created on: 6/23/2011 11:47:19 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\mark\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.14% Memory free
3.83 Gb Paging File | 3.01 Gb Available in Paging File | 78.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 282.09 Gb Total Space | 233.76 Gb Free Space | 82.87% Space Free | Partition Type: NTFS
Drive D: | 15.99 Gb Total Space | 10.22 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
Drive M: | 619.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive O: | 558.77 Gb Total Space | 326.38 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive P: | 477.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 67.82 Gb Total Space | 6.86 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Drive S: | 558.77 Gb Total Space | 326.38 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive U: | 67.82 Gb Total Space | 6.86 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Drive W: | 558.77 Gb Total Space | 326.38 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive X: | 67.82 Gb Total Space | 6.86 Gb Free Space | 10.11% Space Free | Partition Type: NTFS

Computer Name: KSC-3RDFLOOR2 | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 11:45:48 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark\Desktop\OTL.exe
PRC - [2011/05/15 15:53:26 | 000,632,200 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
PRC - [2011/05/15 15:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/12/02 22:47:38 | 001,156,384 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/12/02 14:02:36 | 001,251,840 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/12/01 15:01:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/10/12 09:15:33 | 000,093,184 | ---- | M] (Cabinet NG Inc) -- C:\Program Files\CNG\CNG-SAFE\CNG.Safe.Filer.exe
PRC - [2010/06/04 11:35:32 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/03/27 16:06:16 | 005,107,232 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/12/08 23:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 22:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 22:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/11/14 16:51:06 | 000,173,568 | ---- | M] (CCH Tax and Accounting) -- C:\Pfx Engagement\WM\PfxPDFConvertService.exe
PRC - [2008/11/14 16:34:10 | 000,428,032 | ---- | M] (CCH Tax and Accounting) -- C:\Pfx Engagement\Common\PFXEngDesktopService.exe
PRC - [2008/11/14 16:32:54 | 000,436,736 | ---- | M] (CCH Tax and Accounting) -- C:\Pfx Engagement\Common\PFXSYNPFTService.exe
PRC - [2008/10/03 16:33:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/08/14 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/07/19 06:40:58 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/07/19 06:40:54 | 000,773,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2008/07/19 06:40:52 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/27 20:42:14 | 000,185,896 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/11/27 20:42:12 | 000,093,736 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/11/27 20:40:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/11/26 01:51:52 | 000,094,208 | ---- | M] () -- C:\Program Files\CNG\CNG-SAFE\Printer\cngsagent.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/01/20 20:53:22 | 000,991,232 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2006/01/05 14:02:24 | 000,036,864 | ---- | M] (PFU Limited.) -- C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
PRC - [2003/12/22 11:06:40 | 000,110,592 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\PfuSsSct.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 11:45:48 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark\Desktop\OTL.exe
MOD - [2011/05/15 15:53:34 | 000,064,600 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2008/04/14 06:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0252821257794782mcinstcleanup) McAfee Application Installer Cleanup (0252821257794782)
SRV - [2010/12/02 14:02:36 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/12/01 15:01:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/06/04 11:35:32 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/12/08 23:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 22:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 22:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/11/14 16:34:10 | 000,428,032 | ---- | M] (CCH Tax and Accounting) [Auto | Running] -- C:\Pfx Engagement\Common\PFXEngDesktopService.exe -- (PFXEngDesktopService)
SRV - [2008/11/14 16:32:54 | 000,436,736 | ---- | M] (CCH Tax and Accounting) [Auto | Running] -- C:\Pfx Engagement\Common\PFXSYNPFTService.exe -- (PFXSYNPFTService)
SRV - [2008/10/03 16:33:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/07/19 06:40:58 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/07/19 06:40:52 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/27 20:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/30 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110622.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/30 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110622.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/16 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/06/04 11:35:34 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/06/04 11:35:28 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/06/04 11:35:27 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/04 11:35:20 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/06/04 11:16:36 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/12/07 17:34:41 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/20 19:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2008/12/08 21:45:28 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/12/08 21:43:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/11/26 22:20:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/11/12 18:41:04 | 003,451,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/24 06:32:24 | 000,149,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/10/13 13:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 13:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 13:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/07/19 06:40:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/03/28 06:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/12/18 05:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8074

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Components: C:\Program Files\Virtual Firefox\components File not found
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins File not found

[2011/01/07 15:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\pglh8jp0.default\extensions
[2011/01/07 15:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\pglh8jp0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/07 15:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\pglh8jp0.default\extensions\staged-xpis
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] (Dansk ordbog) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\DANISH@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] (Wortliste von http://tkltrans.sf.net (alte und neue deutsche Rechtschreibung)) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\DE-DE-COMB@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\EN-AU@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] (Diccionario espa├▒ol Argentina) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\ES-AR@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] (Diccionario de Espa├▒ol/Espa├▒a) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\ES-ES@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] ("Suomen kielen oikoluku") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FI@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] (Dictionnaire MySpell en Fran├žais (r├ęforme 1990)) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FR@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] (Dictionnaire MySpell en Fran├žais) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\FR-FR@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:17 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\IT-IT@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Dansk (da) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-DA@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Deutsch (DE) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-DE@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("English (GB) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-EN-GB@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Espa├▒ol (AR) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-ES-AR@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Espa├▒ol (Espa├▒a) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-ES-ES@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Suomenkielinen (FI) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-FI@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Fran├žais Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-FR@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Magyar (HU) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-HU@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Italiano (IT) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-IT@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Japanese Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-JA@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Korean (KR) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-KO@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Nederlands (NL) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-NL@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Polski Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-PL@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Português Portugal Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-PT-PT@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] ("Russian (RU) Language Pack") -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\LANGPACK-RU@FIREFOX.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\NL-NL@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\PL@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] (Corrector para Português Europeu) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\PT-PT@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] (Russian spell dictionary) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\RU@DICTIONARIES.ADDONS.MOZILLA.ORG
[2009/07/11 19:39:18 | 000,000,000 | ---D | M] (─îrkovalnik za slovenski jezik) -- C:\PROGRA~1\VIRTUA~1\EXTENSIONS\SL@DICTIONARIES.ADDONS.MOZILLA.ORG

O1 HOSTS File: ([2011/06/23 10:56:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CNG.Safe.Filer] C:\Program Files\CNG\CNG-SAFE\CNG.Safe.Filer.exe (Cabinet NG Inc)
O4 - HKLM..\Run: [CNG-SAFE virtual printer agent] C:\Program Files\CNG\CNG-SAFE\Printer\cngsagent.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe (CEZEO software Ltd.)
O4 - HKLM..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Task Catcher] C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe (BillP Studios)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2269660331-2140926867-854478010-2892..\Run: [updateMgr] c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk = C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (PFU Limited.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PfxPDFConvertService.exe.lnk = C:\Pfx Engagement\WM\PfxPDFConvertService.exe (CCH Tax and Accounting)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2269660331-2140926867-854478010-2892\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260221802635 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260221899506 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.114.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KSCCPA.local
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\hp1_1024x768.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/14 13:06:36 | 000,030,720 | ---- | M] () - S:\Automatic Alarm Fax.doc -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 11:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Desktop\GooredFix Backups
[2011/06/23 11:45:47 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mark\Desktop\OTL.exe
[2011/06/23 11:45:38 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\mark\Desktop\GooredFix.exe
[2011/06/23 11:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Desktop\tdsskiller
[2011/06/23 11:09:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/23 11:08:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mark\Desktop\TFC.exe
[2011/06/23 11:01:43 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\mark\Desktop\dds.com
[2011/06/23 10:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/23 10:48:10 | 000,000,000 | R--D | C] -- U:\My Videos
[2011/06/23 10:41:10 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/23 10:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Task Catcher
[2011/06/23 10:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Application Data\WinPatrol
[2011/06/23 10:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2011/06/23 10:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/06/23 10:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/06/20 17:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/20 17:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/06/20 17:08:39 | 000,000,000 | ---D | C] -- U:\HVC at St Francis
[2011/06/20 17:08:36 | 000,000,000 | ---D | C] -- U:\Goldfarb
[2011/06/20 17:07:56 | 000,000,000 | ---D | C] -- U:\First Direct Corp
[2011/06/20 17:07:55 | 000,000,000 | ---D | C] -- U:\Fifth Floor Foundation
[2011/06/20 17:07:44 | 000,000,000 | ---D | C] -- U:\FPS
[2011/06/20 17:07:44 | 000,000,000 | ---D | C] -- U:\Edwin Gould Foundation
[2011/06/20 17:07:28 | 000,000,000 | ---D | C] -- U:\Randolph School
[2011/06/20 17:07:28 | 000,000,000 | ---D | C] -- U:\Practitioners Publishing
[2011/06/20 17:07:27 | 000,000,000 | ---D | C] -- U:\Parikh 5500
[2011/06/20 17:07:17 | 000,000,000 | ---D | C] -- U:\Pan Gregorian
[2011/06/20 17:07:15 | 000,000,000 | ---D | C] -- U:\Opus
[2011/06/20 17:07:14 | 000,000,000 | ---D | C] -- U:\OMara
[2011/06/20 17:07:11 | 000,000,000 | ---D | C] -- U:\NYSAIS
[2011/06/20 17:05:58 | 000,000,000 | ---D | C] -- U:\Duality
[2011/06/20 17:05:27 | 000,000,000 | ---D | C] -- U:\Downloads
[2011/06/20 17:05:27 | 000,000,000 | ---D | C] -- U:\CPE Certificates
[2011/06/20 17:05:04 | 000,000,000 | ---D | C] -- U:\Casertano
[2011/06/20 17:05:02 | 000,000,000 | ---D | C] -- U:\Beane TC Forms
[2011/06/20 17:04:54 | 000,000,000 | ---D | C] -- U:\Beane Files
[2011/06/20 17:04:48 | 000,000,000 | ---D | C] -- U:\AVW
[2011/06/20 17:04:42 | 000,000,000 | ---D | C] -- U:\Hadrian LLC
[2011/06/20 17:03:43 | 000,000,000 | --SD | C] -- U:\My ScanSnap
[2011/06/20 17:03:43 | 000,000,000 | ---D | C] -- U:\Scheer 5500
[2011/06/20 17:02:29 | 000,000,000 | ---D | C] -- U:\Troisi
[2011/06/20 17:02:04 | 000,000,000 | ---D | C] -- U:\Tedd Cycle Entities
[2011/06/20 17:01:30 | 000,000,000 | ---D | C] -- U:\AH Aviation
[2011/06/20 17:01:30 | 000,000,000 | ---D | C] -- U:\366 Myrtle
[2011/06/20 17:01:19 | 000,000,000 | ---D | C] -- U:\82 GFG LLC
[2011/06/20 17:01:15 | 000,000,000 | ---D | C] -- U:\73 BQ LLC
[2011/06/20 17:01:14 | 000,000,000 | ---D | C] -- U:\27 West
[2011/06/20 17:01:12 | 000,000,000 | ---D | C] -- U:\Intuit
[2011/06/20 17:00:43 | 000,000,000 | --SD | C] -- U:\My Data Sources
[2011/06/20 17:00:29 | 000,000,000 | ---D | C] -- U:\Millbrook School
[2011/06/20 17:00:25 | 000,000,000 | ---D | C] -- U:\MHB FLP
[2011/06/20 17:00:23 | 000,000,000 | ---D | C] -- U:\MHA Pension
[2011/06/20 17:00:06 | 000,000,000 | ---D | C] -- U:\MHA
[2011/06/20 17:00:05 | 000,000,000 | ---D | C] -- U:\McKibbin
[2011/06/20 17:00:04 | 000,000,000 | ---D | C] -- U:\Matthews v Roe
[2011/06/20 17:00:00 | 000,000,000 | ---D | C] -- U:\Lyall
[2011/06/20 16:59:48 | 000,000,000 | ---D | C] -- U:\Lomala
[2011/06/20 16:59:32 | 000,000,000 | ---D | C] -- U:\IRS Publications
[2011/06/20 16:59:31 | 000,000,000 | ---D | C] -- U:\IRS Forms and Instructions
[2011/06/20 16:58:39 | 000,000,000 | R--D | C] -- U:\My Music
[2011/06/20 16:57:55 | 000,092,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/06/20 16:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\1099-Etc
[2011/06/20 16:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Start Menu\Programs\1099-Etc
[2011/06/20 16:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Desktop\Hewlett-Packard
[2011/06/20 16:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Desktop\1099-Etc
[2011/06/20 16:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\C_
[2011/06/20 15:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/20 15:09:51 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/20 14:32:05 | 000,000,000 | ---D | C] -- C:\spywarefixes
[2011/06/20 13:46:10 | 000,000,000 | ---D | C] -- C:\Test folder

========== Files - Modified Within 30 Days ==========

[2011/06/23 11:45:48 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark\Desktop\OTL.exe
[2011/06/23 11:45:38 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\mark\Desktop\GooredFix.exe
[2011/06/23 11:30:23 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\tdsskiller.zip
[2011/06/23 11:15:21 | 000,668,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/23 11:15:21 | 000,150,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/23 11:11:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 11:10:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 11:10:32 | 2127,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/23 11:08:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark\Desktop\TFC.exe
[2011/06/23 11:06:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/23 11:01:16 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\mark\Desktop\dds.com
[2011/06/23 10:56:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/23 10:41:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/23 10:31:16 | 000,000,090 | ---- | M] () -- C:\WINDOWS\PFXEngagement.INI
[2011/06/23 09:56:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/06/22 10:29:08 | 000,002,181 | ---- | M] () -- C:\Documents and Settings\mark\Local Settings\Application Data\Practice Management.G
[2011/06/22 10:29:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\mark\Local Settings\Application Data\Practice Management.G.L
[2011/06/20 17:58:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/20 17:47:41 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/20 17:37:33 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CNG-SAFE.lnk
[2011/06/20 17:31:21 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/20 17:31:08 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Shortcut to EXCEL.lnk
[2011/06/20 17:28:43 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Shortcut to WINWORD.lnk
[2011/06/20 15:21:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 15:09:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/20 13:31:34 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17358628
[2011/06/20 13:31:34 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17358628r
[2011/06/20 13:31:29 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17358628
[2011/06/08 11:14:50 | 000,884,249 | ---- | M] () -- U:\PRP Section 4400 QC Questionnaire.pdf
[2011/06/02 17:28:08 | 000,075,651 | ---- | M] () -- U:\Model QC Document - Small Firms.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/26 09:32:53 | 000,132,557 | ---- | M] () -- U:\LD App.pdf

========== Files Created - No Company Name ==========

[2011/06/23 11:30:13 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\tdsskiller.zip
[2011/06/23 11:10:32 | 2127,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/20 17:58:39 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/20 17:31:21 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/20 17:31:08 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Shortcut to EXCEL.lnk
[2011/06/20 17:28:43 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Shortcut to WINWORD.lnk
[2011/06/20 16:38:53 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/06/20 16:38:53 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2011/06/20 16:38:53 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2011/06/20 16:38:53 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
[2011/06/20 16:38:53 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
[2011/06/20 16:38:53 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PfxPDFConvertService.exe.lnk
[2011/06/20 16:38:53 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
[2011/06/20 16:38:50 | 000,002,407 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Standard.lnk
[2011/06/20 16:38:50 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2011/06/20 16:38:50 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install Embedded Security for HP ProtectTools.lnk
[2011/06/20 16:38:50 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install HP Power Manager.lnk
[2011/06/20 16:38:50 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/06/20 16:38:50 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\HP ProtectTools Security Manager.lnk
[2011/06/20 16:38:50 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/20 16:36:06 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Remote Assistance.lnk
[2011/06/20 16:36:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Internet Explorer.lnk
[2011/06/20 16:36:06 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Windows Media Player.lnk
[2011/06/20 16:34:22 | 000,002,499 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Checkpoint Tools for PPC.lnk
[2011/06/20 16:34:22 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LanTalk NET.lnk
[2011/06/20 16:34:22 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/06/20 16:34:22 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CNG-SAFE.lnk
[2011/06/20 16:34:22 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AcronisáTrueáImageáWDáEdition.lnk
[2011/06/20 16:34:22 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CardMinder V3.0.lnk
[2011/06/20 16:34:22 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProSystem fx Engagement.lnk
[2011/06/20 16:34:22 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to FAS.lnk
[2011/06/20 15:21:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 14:33:04 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/20 13:31:34 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17358628
[2011/06/20 13:31:34 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17358628r
[2011/06/20 13:31:28 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17358628
[2011/06/08 11:14:49 | 000,884,249 | ---- | C] () -- U:\PRP Section 4400 QC Questionnaire.pdf
[2011/06/02 17:28:08 | 000,075,651 | ---- | C] () -- U:\Model QC Document - Small Firms.pdf
[2011/05/26 09:32:53 | 000,132,557 | ---- | C] () -- U:\LD App.pdf
[2011/01/07 15:20:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/07 14:57:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/07 14:57:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/07 14:57:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/07 14:57:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/07 14:57:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/05 17:34:42 | 000,620,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/03 12:24:47 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/03 11:23:12 | 000,000,276 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/04/22 10:35:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\pcltool.ini
[2010/04/14 10:11:24 | 000,000,057 | ---- | C] () -- C:\WINDOWS\sview.ini
[2010/02/20 12:16:18 | 000,000,736 | ---- | C] () -- C:\WINDOWS\RMTEMP~.EXE
[2010/02/20 12:16:18 | 000,000,494 | ---- | C] () -- C:\WINDOWS\EAS_VIEW.INI
[2009/12/11 16:25:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\fusioncache.dat
[2009/12/11 16:17:12 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/12/11 10:29:58 | 000,002,181 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\Practice Management.G
[2009/12/11 10:29:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\Practice Management.G.L
[2009/12/10 17:49:41 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI
[2009/12/10 16:52:42 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\cngspm.dll
[2009/12/08 15:54:31 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PFXEngagement.INI
[2009/12/08 10:58:06 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/07 17:22:36 | 000,304,640 | ---- | C] () -- C:\WINDOWS\System32\O2PSEPR.DLL
[2009/12/07 17:22:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\OSMFC.DLL
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/11 19:48:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/11 19:18:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/07/11 19:11:56 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/07/11 19:11:56 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/07/11 19:11:56 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/07/11 19:11:56 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/07/11 19:11:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/07/11 19:11:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/27 20:41:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\aicext.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/07/17 13:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/04/25 14:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 13:43:54 | 000,668,748 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 13:43:54 | 000,150,940 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 13:39:48 | 000,324,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 13:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 13:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/27 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/27 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/27 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/27 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/27 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/27 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/27 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/09 04:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/04/03 19:30:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2003/02/07 17:24:20 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 06:12:22 | 000,000,801 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1999/01/04 14:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1998/05/07 00:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

< End of report >

still waiting please help

Edited by hamluis, 24 June 2011 - 03:44 PM.
Merged posts, sent PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,382 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:03 PM

Posted 30 June 2011 - 11:44 AM

Received PM from OP indicating that issue has been resolved, closing topic.

I believe i have the newest variation of the rootkit linked in the first page of the site. I couldnt wait and as a fix i found a identical PC loaded with same software and cloned it after format /mbr the machine works great now. hope a fix is found this was a bear.


Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users