Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Something - Don't Know What


  • This topic is locked This topic is locked
35 replies to this topic

#1 dave1021

dave1021

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 28 November 2011 - 10:37 AM

Wish I could be more specific about what's dogging my computer - when I reboot, I'll get about five minutes of a clear background image before my program icons will appear. Malwarebytes "quick scan" takes about 2-1/2 hour and usually comes back clear, although I got a notification of a "P2P" virus the other day. Below are the particulars - your help is appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Run by Compaq_Administrator at 22:38:21 on 2011-11-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.943 [GMT -8:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\xampp\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\xampp\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\xampp\xampp\mysql\bin\mysqld.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\xampp\xampp\apache\bin\httpd.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ZScreen\ZScreen.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\verclsid.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\compaq_administrator\application data\dropbox\bin\Dropbox.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186642199218
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://secure.delucaliquor.com/suppliers/arview2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{D1885B0C-3A01-4C95-AEDD-67E778D7EC8C} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2011-7-29 123984]
R0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys [2010-9-2 64288]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2009-10-2 86552]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\lmirfsdriver.sys [2010-9-2 47640]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2010-9-2 23200]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
S3 2419;2419;c:\windows\system32\drivers\2419 [2011-11-20 9072]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2009-10-2 24876]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 SAVRT;SAVRT;\??\c:\program files\norton internet security\norton antivirus\savrt.sys --> c:\program files\norton internet security\norton antivirus\SAVRT.SYS [?]
S4 SAVRTPEL;SAVRTPEL;\??\c:\program files\norton internet security\norton antivirus\savrtpel.sys --> c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [?]
.
=============== Created Last 30 ================
.
2011-11-27 05:22:32 -------- d-----w- c:\documents and settings\compaq_administrator\DoctorWeb
2011-11-26 20:30:58 -------- d-----w- c:\documents and settings\all users\application data\WidgetServer
2011-11-25 13:02:04 0 ----a-w- C:\~VM197.tmp
2011-11-25 13:02:04 0 ----a-w- C:\~VM196.tmp
2011-11-25 13:02:04 0 ----a-w- C:\~VM195.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM194.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM193.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM192.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM191.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM190.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM18F.tmp
2011-11-16 05:31:08 1883136 ------w- c:\windows\system32\QuickPDFAX0717.dll
2011-11-16 05:31:08 -------- d-----w- c:\windows\tessdata
2011-11-16 05:31:07 2680320 ------w- c:\windows\system32\ImageEnXLibrary.ocx
2011-11-16 05:30:57 -------- d-----w- c:\program files\FreeOCR
2011-11-16 05:30:56 962560 ------w- c:\windows\tesseract.exe
2011-11-16 05:30:39 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-11-13 06:46:46 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Solid State Networks
2011-11-12 19:45:01 -------- d-----w- c:\program files\AVAST Software
2011-11-12 19:45:01 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-11-02 09:07:35 -------- d-----w- C:\My Documents
.
==================== Find3M ====================
.
2011-11-21 05:12:27 9072 ----a-w- c:\windows\system32\drivers\2419
2011-11-18 17:53:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-25 03:53:30 16167424 ----a-w- C:\Dropbox 1.1.28.exe
2011-10-25 02:31:22 9435648 ----a-w- C:\mbam-setup-1.51.0.1200.exe
2011-10-25 00:36:55 146894812 ----a-w- C:\Norman_Malware_Cleaner.exe
2011-10-25 00:29:48 4129792 ----a-w- C:\ComboFix old version.exe
2011-10-25 00:29:39 4129792 ----a-w- C:\Combafxx.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 01:37:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-08 01:37:16 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-08 01:37:16 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-08 01:37:16 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 04:09:32 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-09-16 04:09:32 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:43:03.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 03 December 2011 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

This item in the driver section is suspicious or defective.
S3 2419;2419;c:\windows\system32\drivers\S3 2419;2419;c:\windows\system32\drivers\2419

Execute this.

Please run Notepad and copy the following text into a new file:

sc config 2419 start= disabled
sc stop 2419


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal.
If any errors errors encountered please post.
When done you can delete the remove.bat file.
===

Submit a fresh DDS log and let me know if the problem persists.

#3 dave1021

dave1021
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 04 December 2011 - 11:15 AM

Ran the remove.bat and it didn't seem to make a difference - I restarted and got the five minutes of blank background image, and ran the "quick" Malwarebytes scan that still took 2-1/2 hours. I'm posting the most recent DDS scan below. First, though, I do want to say how much I appreciate all your help!



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Run by Compaq_Administrator at 20:07:57 on 2011-12-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.995 [GMT -8:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\xampp\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\xampp\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\xampp\xampp\mysql\bin\mysqld.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\xampp\xampp\apache\bin\httpd.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamscanner.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\compaq_administrator\application data\dropbox\bin\Dropbox.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186642199218
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://secure.delucaliquor.com/suppliers/arview2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{D1885B0C-3A01-4C95-AEDD-67E778D7EC8C} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2011-7-29 123984]
R0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys [2010-9-2 64288]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2009-10-2 86552]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\lmirfsdriver.sys [2010-9-2 47640]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2010-9-2 23200]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2009-10-2 24876]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 2419;2419;c:\windows\system32\drivers\2419 [2011-11-20 9072]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 SAVRT;SAVRT;\??\c:\program files\norton internet security\norton antivirus\savrt.sys --> c:\program files\norton internet security\norton antivirus\SAVRT.SYS [?]
S4 SAVRTPEL;SAVRTPEL;\??\c:\program files\norton internet security\norton antivirus\savrtpel.sys --> c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [?]
.
=============== Created Last 30 ================
.
2011-11-27 05:22:32 -------- d-----w- c:\documents and settings\compaq_administrator\DoctorWeb
2011-11-26 20:30:58 -------- d-----w- c:\documents and settings\all users\application data\WidgetServer
2011-11-25 13:02:04 0 ----a-w- C:\~VM197.tmp
2011-11-25 13:02:04 0 ----a-w- C:\~VM196.tmp
2011-11-25 13:02:04 0 ----a-w- C:\~VM195.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM194.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM193.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM192.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM191.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM190.tmp
2011-11-25 13:02:03 0 ----a-w- C:\~VM18F.tmp
2011-11-16 05:31:08 1883136 ------w- c:\windows\system32\QuickPDFAX0717.dll
2011-11-16 05:31:08 -------- d-----w- c:\windows\tessdata
2011-11-16 05:31:07 2680320 ------w- c:\windows\system32\ImageEnXLibrary.ocx
2011-11-16 05:30:57 -------- d-----w- c:\program files\FreeOCR
2011-11-16 05:30:56 962560 ------w- c:\windows\tesseract.exe
2011-11-16 05:30:39 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-11-13 06:46:46 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Solid State Networks
2011-11-12 19:45:01 -------- d-----w- c:\program files\AVAST Software
2011-11-12 19:45:01 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2011-11-21 05:12:27 9072 ----a-w- c:\windows\system32\drivers\2419
2011-11-18 17:53:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-25 03:53:30 16167424 ----a-w- C:\Dropbox 1.1.28.exe
2011-10-25 02:31:22 9435648 ----a-w- C:\mbam-setup-1.51.0.1200.exe
2011-10-25 00:36:55 146894812 ----a-w- C:\Norman_Malware_Cleaner.exe
2011-10-25 00:29:48 4129792 ----a-w- C:\ComboFix old version.exe
2011-10-25 00:29:39 4129792 ----a-w- C:\Combafxx.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 01:37:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-08 01:37:16 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-08 01:37:16 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-08 01:37:16 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 04:09:32 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-09-16 04:09:32 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:14:40.32 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 04 December 2011 - 02:09 PM

Looks like the driver has been re spawned.
S4 2419;2419;c:\windows\system32\drivers\2419

It could be a sign of a rootkit infection.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Post the logs for my review.

#5 dave1021

dave1021
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 04 December 2011 - 03:05 PM

Thank you for your assistance - I'll run this tonight and post the results.

#6 dave1021

dave1021
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 05 December 2011 - 07:11 AM

Ran TDSKiller and MBR - here are the results.

===============================================

21:55:25.0671 2180 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:55:27.0421 2180 ============================================================
21:55:27.0421 2180 Current date / time: 2011/12/04 21:55:27.0421
21:55:27.0421 2180 SystemInfo:
21:55:27.0421 2180
21:55:27.0421 2180 OS Version: 5.1.2600 ServicePack: 3.0
21:55:27.0421 2180 Product type: Workstation
21:55:27.0453 2180 ComputerName: DAVE
21:55:27.0453 2180 UserName: Compaq_Administrator
21:55:27.0453 2180 Windows directory: C:\WINDOWS
21:55:27.0453 2180 System windows directory: C:\WINDOWS
21:55:27.0453 2180 Processor architecture: Intel x86
21:55:27.0453 2180 Number of processors: 1
21:55:27.0453 2180 Page size: 0x1000
21:55:27.0453 2180 Boot type: Normal boot
21:55:27.0453 2180 ============================================================
21:55:33.0984 2180 Initialize success
21:55:37.0437 0840 ============================================================
21:55:37.0437 0840 Scan started
21:55:37.0437 0840 Mode: Manual;
21:55:37.0437 0840 ============================================================
21:55:39.0375 0840 2419 (34804da52276661c31422b5b98edbeb7) C:\WINDOWS\system32\DRIVERS\2419
21:55:39.0375 0840 2419 - ok
21:55:39.0421 0840 Abiosdsk - ok
21:55:39.0437 0840 abp480n5 - ok
21:55:39.0484 0840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:55:39.0500 0840 ACPI - ok
21:55:39.0562 0840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:55:39.0671 0840 ACPIEC - ok
21:55:39.0765 0840 adpu160m - ok
21:55:39.0796 0840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:55:39.0843 0840 aec - ok
21:55:39.0921 0840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:55:39.0921 0840 AFD - ok
21:55:40.0015 0840 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:55:40.0421 0840 AgereSoftModem - ok
21:55:40.0437 0840 Aha154x - ok
21:55:40.0468 0840 aic78u2 - ok
21:55:40.0500 0840 aic78xx - ok
21:55:40.0703 0840 ALCXWDM (071757a906c7b3500916548e6fd8870b) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:55:41.0484 0840 ALCXWDM - ok
21:55:41.0671 0840 AliIde - ok
21:55:41.0718 0840 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:55:41.0718 0840 AmdK8 - ok
21:55:41.0734 0840 amsint - ok
21:55:41.0812 0840 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
21:55:41.0921 0840 aracpi - ok
21:55:41.0984 0840 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
21:55:42.0015 0840 arhidfltr - ok
21:55:42.0078 0840 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
21:55:42.0078 0840 arkbcfltr - ok
21:55:42.0140 0840 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
21:55:42.0250 0840 armoucfltr - ok
21:55:42.0328 0840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:55:42.0328 0840 Arp1394 - ok
21:55:42.0390 0840 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
21:55:42.0515 0840 ARPolicy - ok
21:55:42.0531 0840 asc - ok
21:55:42.0562 0840 asc3350p - ok
21:55:42.0578 0840 asc3550 - ok
21:55:42.0671 0840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:55:42.0781 0840 AsyncMac - ok
21:55:42.0843 0840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:55:42.0843 0840 atapi - ok
21:55:42.0875 0840 Atdisk - ok
21:55:43.0015 0840 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:55:43.0062 0840 ati2mtag - ok
21:55:43.0140 0840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:55:43.0265 0840 Atmarpc - ok
21:55:43.0500 0840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:55:43.0625 0840 audstub - ok
21:55:43.0734 0840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:55:43.0734 0840 Beep - ok
21:55:43.0906 0840 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:55:44.0062 0840 BVRPMPR5 - ok
21:55:44.0500 0840 catchme - ok
21:55:44.0671 0840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:55:44.0796 0840 cbidf2k - ok
21:55:44.0890 0840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:55:45.0015 0840 CCDECODE - ok
21:55:45.0078 0840 cd20xrnt - ok
21:55:45.0125 0840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:55:45.0140 0840 Cdaudio - ok
21:55:45.0218 0840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:55:45.0218 0840 Cdfs - ok
21:55:45.0281 0840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:55:45.0312 0840 Cdrom - ok
21:55:45.0359 0840 Changer - ok
21:55:45.0406 0840 CmdIde - ok
21:55:45.0453 0840 Cpqarray - ok
21:55:45.0593 0840 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
21:55:45.0703 0840 CrystalSysInfo - ok
21:55:45.0781 0840 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:55:45.0781 0840 CVirtA - ok
21:55:45.0875 0840 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:55:45.0906 0840 CVPNDRVA - ok
21:55:45.0937 0840 dac2w2k - ok
21:55:45.0968 0840 dac960nt - ok
21:55:46.0015 0840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:55:46.0140 0840 Disk - ok
21:55:46.0265 0840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:55:46.0281 0840 dmboot - ok
21:55:46.0437 0840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:55:46.0796 0840 dmio - ok
21:55:46.0828 0840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:55:46.0953 0840 dmload - ok
21:55:47.0000 0840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:55:47.0000 0840 DMusic - ok
21:55:47.0062 0840 DNE (7efbafdec4f543d43296bdbdf912bdd4) C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:55:47.0421 0840 DNE - ok
21:55:47.0468 0840 dpti2o - ok
21:55:47.0531 0840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:55:47.0531 0840 drmkaud - ok
21:55:47.0609 0840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:55:47.0609 0840 Fastfat - ok
21:55:47.0656 0840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:55:47.0656 0840 Fdc - ok
21:55:47.0718 0840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:55:47.0828 0840 Fips - ok
21:55:47.0937 0840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:55:47.0937 0840 Flpydisk - ok
21:55:48.0000 0840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:55:48.0406 0840 FltMgr - ok
21:55:48.0546 0840 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
21:55:48.0656 0840 FreshIO - ok
21:55:48.0734 0840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:55:48.0734 0840 Fs_Rec - ok
21:55:48.0765 0840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:55:49.0046 0840 Ftdisk - ok
21:55:49.0078 0840 ftsata2 - ok
21:55:49.0125 0840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:55:49.0234 0840 GEARAspiWDM - ok
21:55:49.0312 0840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:55:49.0312 0840 Gpc - ok
21:55:49.0531 0840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:55:49.0531 0840 HidUsb - ok
21:55:49.0562 0840 hpn - ok
21:55:49.0671 0840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:55:49.0671 0840 HTTP - ok
21:55:49.0703 0840 i2omgmt - ok
21:55:49.0718 0840 i2omp - ok
21:55:49.0796 0840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:55:49.0906 0840 i8042prt - ok
21:55:50.0046 0840 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:55:50.0640 0840 iaStor - ok
21:55:50.0734 0840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:55:50.0828 0840 Imapi - ok
21:55:50.0906 0840 ini910u - ok
21:55:50.0953 0840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:55:51.0062 0840 IntelIde - ok
21:55:51.0109 0840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:55:51.0109 0840 intelppm - ok
21:55:51.0156 0840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:55:51.0156 0840 Ip6Fw - ok
21:55:51.0218 0840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:55:51.0312 0840 IpFilterDriver - ok
21:55:51.0375 0840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:55:51.0500 0840 IpInIp - ok
21:55:51.0578 0840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:55:52.0015 0840 IpNat - ok
21:55:52.0093 0840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:55:52.0093 0840 IPSec - ok
21:55:52.0265 0840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:55:52.0406 0840 IRENUM - ok
21:55:52.0484 0840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:55:52.0484 0840 isapnp - ok
21:55:52.0546 0840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:55:52.0546 0840 Kbdclass - ok
21:55:52.0593 0840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:55:52.0593 0840 kbdhid - ok
21:55:52.0640 0840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:55:52.0640 0840 kmixer - ok
21:55:52.0718 0840 KmxAgent (3fdcb245744b046e7f5bd4b15c71025d) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
21:55:52.0718 0840 KmxAgent - ok
21:55:52.0765 0840 KmxAMRT (eadf1e9d9b766a8d18ddf5896fbc7541) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
21:55:52.0765 0840 KmxAMRT - ok
21:55:52.0843 0840 KmxCfg (06ae46da804a9986c7bcb4c172d6f5fb) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
21:55:52.0843 0840 KmxCfg - ok
21:55:52.0921 0840 KmxStart (3b4cf5b51d3f3e594aa96d6931e0b372) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
21:55:53.0281 0840 KmxStart - ok
21:55:53.0390 0840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:55:53.0390 0840 KSecDD - ok
21:55:53.0484 0840 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:55:53.0625 0840 Lbd - ok
21:55:53.0656 0840 lbrtfdc - ok
21:55:53.0859 0840 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
21:55:53.0875 0840 LMIInfo - ok
21:55:53.0921 0840 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
21:55:54.0046 0840 lmimirr - ok
21:55:54.0078 0840 LMIRfsClientNP - ok
21:55:54.0125 0840 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
21:55:54.0125 0840 LMIRfsDriver - ok
21:55:54.0156 0840 MCSTRM - ok
21:55:54.0218 0840 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:55:54.0328 0840 MHNDRV - ok
21:55:54.0453 0840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:55:54.0453 0840 mnmdd - ok
21:55:54.0531 0840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:55:54.0531 0840 Modem - ok
21:55:54.0593 0840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:55:54.0593 0840 Mouclass - ok
21:55:54.0718 0840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:55:54.0718 0840 mouhid - ok
21:55:54.0734 0840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:55:54.0734 0840 MountMgr - ok
21:55:54.0781 0840 mraid35x - ok
21:55:54.0828 0840 MREMP50 - ok
21:55:54.0843 0840 MREMPR5 - ok
21:55:54.0843 0840 MRENDIS5 - ok
21:55:54.0890 0840 MRESP50 - ok
21:55:54.0953 0840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:55:54.0984 0840 MRxDAV - ok
21:55:55.0062 0840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:55:55.0078 0840 MRxSmb - ok
21:55:55.0125 0840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:55:55.0125 0840 Msfs - ok
21:55:55.0187 0840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:55:55.0187 0840 MSKSSRV - ok
21:55:55.0234 0840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:55:55.0375 0840 MSPCLOCK - ok
21:55:55.0421 0840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:55:55.0531 0840 MSPQM - ok
21:55:55.0578 0840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:55:55.0578 0840 mssmbios - ok
21:55:55.0625 0840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:55:55.0734 0840 MSTEE - ok
21:55:55.0812 0840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:55:55.0812 0840 Mup - ok
21:55:55.0890 0840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:55:55.0890 0840 NABTSFEC - ok
21:55:56.0031 0840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:55:56.0062 0840 NDIS - ok
21:55:56.0187 0840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:55:56.0203 0840 NdisIP - ok
21:55:56.0281 0840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:55:56.0281 0840 NdisTapi - ok
21:55:56.0375 0840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:55:56.0375 0840 Ndisuio - ok
21:55:56.0468 0840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:55:56.0656 0840 NdisWan - ok
21:55:56.0703 0840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:55:56.0703 0840 NDProxy - ok
21:55:56.0718 0840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:55:56.0718 0840 NetBIOS - ok
21:55:56.0781 0840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:55:56.0781 0840 NetBT - ok
21:55:56.0843 0840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:55:56.0859 0840 NIC1394 - ok
21:55:56.0890 0840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:55:56.0890 0840 Npfs - ok
21:55:56.0968 0840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:55:57.0546 0840 Ntfs - ok
21:55:57.0640 0840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:55:57.0640 0840 Null - ok
21:55:57.0718 0840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:55:57.0718 0840 NwlnkFlt - ok
21:55:57.0781 0840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:55:57.0781 0840 NwlnkFwd - ok
21:55:57.0843 0840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:55:57.0843 0840 ohci1394 - ok
21:55:57.0921 0840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:55:58.0062 0840 Parport - ok
21:55:58.0109 0840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:55:58.0234 0840 PartMgr - ok
21:55:58.0296 0840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:55:58.0343 0840 ParVdm - ok
21:55:58.0375 0840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:55:58.0406 0840 PCI - ok
21:55:58.0421 0840 PCIDump - ok
21:55:58.0484 0840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:55:58.0625 0840 PCIIde - ok
21:55:58.0718 0840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:55:58.0984 0840 Pcmcia - ok
21:55:59.0109 0840 PDCOMP - ok
21:55:59.0156 0840 PDFRAME - ok
21:55:59.0171 0840 PDRELI - ok
21:55:59.0218 0840 PDRFRAME - ok
21:55:59.0265 0840 perc2 - ok
21:55:59.0296 0840 perc2hib - ok
21:55:59.0375 0840 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
21:55:59.0375 0840 ppsio2 - ok
21:55:59.0437 0840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:55:59.0437 0840 PptpMiniport - ok
21:55:59.0500 0840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:55:59.0500 0840 Processor - ok
21:55:59.0593 0840 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
21:55:59.0593 0840 Ps2 - ok
21:55:59.0625 0840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:55:59.0640 0840 PSched - ok
21:55:59.0703 0840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:55:59.0703 0840 Ptilink - ok
21:55:59.0781 0840 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:55:59.0781 0840 PxHelp20 - ok
21:55:59.0828 0840 ql1080 - ok
21:55:59.0859 0840 Ql10wnt - ok
21:55:59.0890 0840 ql12160 - ok
21:55:59.0921 0840 ql1240 - ok
21:55:59.0937 0840 ql1280 - ok
21:56:00.0000 0840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:56:00.0000 0840 RasAcd - ok
21:56:00.0046 0840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:56:00.0187 0840 Rasl2tp - ok
21:56:00.0218 0840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:56:00.0218 0840 RasPppoe - ok
21:56:00.0281 0840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:56:00.0281 0840 Raspti - ok
21:56:00.0359 0840 RCFOX (8f1211a58c1bf3b63ca928878ac6deb0) C:\WINDOWS\system32\Drivers\RCFOX.sys
21:56:00.0359 0840 RCFOX - ok
21:56:00.0406 0840 rcvpn (bca39c96b11318cbc2797c4b842e22e4) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
21:56:00.0406 0840 rcvpn - ok
21:56:00.0484 0840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:56:00.0484 0840 Rdbss - ok
21:56:00.0562 0840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:56:00.0562 0840 RDPCDD - ok
21:56:00.0609 0840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:56:00.0609 0840 rdpdr - ok
21:56:00.0671 0840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:56:00.0671 0840 RDPWD - ok
21:56:00.0750 0840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:56:00.0875 0840 redbook - ok
21:56:01.0000 0840 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:56:01.0000 0840 RTL8023xp - ok
21:56:01.0078 0840 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:56:01.0203 0840 rtl8139 - ok
21:56:01.0265 0840 SAVRT - ok
21:56:01.0265 0840 SAVRTPEL - ok
21:56:01.0453 0840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:56:01.0578 0840 Secdrv - ok
21:56:01.0640 0840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:56:01.0656 0840 Serial - ok
21:56:01.0687 0840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:56:01.0718 0840 Sfloppy - ok
21:56:01.0750 0840 Simbad - ok
21:56:01.0796 0840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:56:01.0796 0840 SLIP - ok
21:56:01.0828 0840 Sparrow - ok
21:56:01.0906 0840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:56:01.0906 0840 splitter - ok
21:56:01.0953 0840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:56:02.0078 0840 sr - ok
21:56:02.0171 0840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:56:02.0187 0840 Srv - ok
21:56:02.0265 0840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:56:02.0406 0840 streamip - ok
21:56:02.0484 0840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:56:02.0484 0840 swenum - ok
21:56:02.0578 0840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:56:02.0578 0840 swmidi - ok
21:56:02.0625 0840 symc810 - ok
21:56:02.0656 0840 symc8xx - ok
21:56:02.0687 0840 sym_hi - ok
21:56:02.0734 0840 sym_u3 - ok
21:56:02.0828 0840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:56:02.0828 0840 sysaudio - ok
21:56:02.0921 0840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:56:02.0968 0840 Tcpip - ok
21:56:03.0031 0840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:56:03.0187 0840 TDPIPE - ok
21:56:03.0234 0840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:56:03.0343 0840 TDTCP - ok
21:56:03.0406 0840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:56:03.0406 0840 TermDD - ok
21:56:03.0500 0840 TMPassthruMP - ok
21:56:03.0515 0840 TosIde - ok
21:56:03.0625 0840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:56:03.0671 0840 Udfs - ok
21:56:03.0703 0840 ultra - ok
21:56:03.0812 0840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:56:03.0828 0840 Update - ok
21:56:03.0968 0840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:56:03.0968 0840 usbccgp - ok
21:56:04.0062 0840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:56:04.0093 0840 usbehci - ok
21:56:04.0125 0840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:56:04.0125 0840 usbhub - ok
21:56:04.0156 0840 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:56:04.0281 0840 usbohci - ok
21:56:04.0312 0840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:56:04.0312 0840 usbscan - ok
21:56:04.0406 0840 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:56:04.0406 0840 usbstor - ok
21:56:04.0468 0840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:56:04.0625 0840 usbuhci - ok
21:56:04.0703 0840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:56:04.0718 0840 VgaSave - ok
21:56:04.0796 0840 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:56:04.0875 0840 ViaIde - ok
21:56:04.0953 0840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:56:04.0953 0840 VolSnap - ok
21:56:05.0031 0840 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
21:56:05.0046 0840 vsdatant - ok
21:56:05.0187 0840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:56:05.0203 0840 Wanarp - ok
21:56:05.0250 0840 WDICA - ok
21:56:05.0296 0840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:56:05.0312 0840 wdmaud - ok
21:56:05.0453 0840 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:56:05.0578 0840 WpdUsb - ok
21:56:05.0656 0840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:56:05.0796 0840 WSTCODEC - ok
21:56:05.0859 0840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:56:05.0984 0840 WudfPf - ok
21:56:06.0046 0840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:56:06.0046 0840 WudfRd - ok
21:56:06.0140 0840 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
21:56:06.0203 0840 \Device\Harddisk0\DR0 - ok
21:56:06.0500 0840 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
21:56:06.0578 0840 \Device\Harddisk1\DR3 - ok
21:56:06.0578 0840 Boot (0x1200) (d079e9984dd9fd6c89864a0bd799646d) \Device\Harddisk0\DR0\Partition0
21:56:06.0578 0840 \Device\Harddisk0\DR0\Partition0 - ok
21:56:06.0578 0840 Boot (0x1200) (4a5de80a7709e192a55df08afc218f01) \Device\Harddisk0\DR0\Partition1
21:56:06.0578 0840 \Device\Harddisk0\DR0\Partition1 - ok
21:56:06.0593 0840 Boot (0x1200) (e4f8c41091b98a292ba709482a572aac) \Device\Harddisk1\DR3\Partition0
21:56:06.0593 0840 \Device\Harddisk1\DR3\Partition0 - ok
21:56:06.0609 0840 ============================================================
21:56:06.0609 0840 Scan finished
21:56:06.0625 0840 ============================================================
21:56:06.0671 0176 Detected object count: 0
21:56:06.0671 0176 Actual detected object count: 0

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 05 December 2011 - 10:07 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Post the log for my review.

#8 dave1021

dave1021
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 06 December 2011 - 02:38 AM

I started ComboFix, and after a few minutes, got this message:

"ComboFix cannot run when CA Anti-Virus is installed. It would be dangerous to continue. Please uninstall CA Anti-Virus or use another tool."

I wanted to run this by someone who knows (meaning you) before I did any uninstalling. I did enable "snooze" on CA before I started ComboFix, as mentioned in the link regarding disabling protection.

Edited by dave1021, 06 December 2011 - 03:49 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 06 December 2011 - 08:42 AM

Try this scan.

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • How your computer is running now


#10 dave1021

dave1021
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 06 December 2011 - 12:30 PM

Thanks - I'll run that tonight.

#11 dave1021

dave1021
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 07 December 2011 - 01:00 PM

I started the Sophos program last night - after running for nearly 11 hours, it was barely 2/3 done this morning and I had to abort (I work at home and this is the busy time of month). I plan on trying again this weekend.

One rather discouraging note: the aborted scan came up with appx. 350 "hidden files", but when I scrolled through them and it showed the description, every one of them said (paraphrasing) "removal of this file is not recommended".

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 07 December 2011 - 02:05 PM

Lets try this tool.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


#13 dave1021

dave1021
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 07 December 2011 - 02:17 PM

OK, I'll do that tonight. Sorry for all the bother!

#14 dave1021

dave1021
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 08 December 2011 - 05:39 AM

Ran OTL - here are the results.

OTL logfile created on: 12/8/2011 1:16:48 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 77.92% Memory free
3.19 Gb Paging File | 2.59 Gb Available in Paging File | 81.09% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.95 Gb Total Space | 102.13 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
Drive D: | 7.91 Gb Total Space | 0.55 Gb Free Space | 7.00% Space Free | Partition Type: FAT32
Drive K: | 465.76 Gb Total Space | 250.60 Gb Free Space | 53.80% Space Free | Partition Type: NTFS
Drive L: | 7.36 Gb Total Space | 3.52 Gb Free Space | 47.89% Space Free | Partition Type: FAT32

Computer Name: DAVE | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
PRC - C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
PRC - C:\xampp\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xampp\xampp\FileZillaFTP\FileZilla Server.exe (FileZilla Project)
PRC - C:\xampp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\WINDOWS\arservice.exe (Microsoft)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\Flipster.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll ()
MOD - C:\Program Files\CA\SharedComponents\TMEngine\WindowsUserIdentity.dll ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
MOD - C:\Program Files\CA\SharedComponents\TMEngine\KnownApps.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\sqlite3.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SPBBCSvc) -- File not found
SRV - (SAVScan) -- File not found
SRV - (NSCService) -- File not found
SRV - (navapsvc) -- File not found
SRV - (LiveUpdate) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (CiscoVpnInstallService) -- File not found
SRV - (ccProxy) -- File not found
SRV - (ccISPwdSvc) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (CAAMSvc) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (UmxEngine) -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
SRV - (BitMeterCaptureService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
SRV - (BitMeterWebService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MySQL) -- C:\xampp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (FileZilla Server) -- C:\xampp\xampp\FileZillaFTP\FileZilla server.exe (FileZilla Project)
SRV - (Apache2.2) -- C:\xampp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (Adobe Version Cue CS2) -- c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (2419) -- C:\WINDOWS\system32\drivers\2419 ()
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (KmxAMRT) -- C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys (CA)
DRV - (KmxStart) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA)
DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\lmirfsdriver.sys (LogMeIn, Inc.)
DRV - (RCFOX) -- C:\WINDOWS\system32\drivers\RCFOX.SYS (SonicWALL, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (rcvpn) -- C:\WINDOWS\system32\drivers\rcvpn.sys (SonicWALL, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\agrsm.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\amdk8.sys (Advanced Micro Devices)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys ()
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ppsio2) -- C:\WINDOWS\System32\drivers\ppsio2.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CC 2C D9 01 1E 28 AC 4E B1 68 BB 2A 49 20 70 54 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 02:00:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/21 22:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 08:40:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/13 01:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/16 00:09:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/11/13 01:15:59 | 000,000,000 | ---D | M]

[2009/03/22 19:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2008/09/05 05:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/22 19:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2011/07/12 07:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions
[2011/07/02 08:36:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{06adb500-bfaf-427c-8ddd-82f5fd4c73c6}
[2011/07/10 09:12:26 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{22feec3e-7ae6-49b5-8134-bd8ebb1fdb67}
[2011/06/29 23:48:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{33c4fc1f-bcdd-43bf-b42c-33dcdda2717d}
[2011/06/13 23:22:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{3717e268-b0ab-424c-9cb7-ce7b9fca8ecb}
[2011/06/10 21:29:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{59c17185-8e51-40ef-8202-c79c1c0f1e6d}
[2011/07/12 18:06:58 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{5a2b194b-b45e-494b-9fe3-a255a9ade04f}
[2011/07/01 20:03:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{5ff951bd-afb8-4fc1-9edf-ce0a79740c1d}
[2011/07/04 05:04:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{7628b872-f925-42b7-8061-52230dd59afb}
[2011/06/30 20:15:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{84f58e38-e8bc-495b-88eb-e5c77506e6b2}
[2011/07/04 03:01:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{8f714f53-5c71-4af6-a58d-ee43e34f4661}
[2011/06/13 21:46:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{95f32654-81f5-45f7-ac48-c2d5c4fce065}
[2011/07/09 05:10:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{a46292d5-b5e9-4036-a515-ecd0b790038c}
[2011/06/15 03:24:37 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{aac8d9e9-4b2c-4526-9192-2ae8c39e9295}
[2011/07/06 06:44:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{d69ff09f-c56a-4c37-9bb5-0a2013a07a26}
[2011/07/07 06:05:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{e9f5d825-fa95-4cac-81a5-512e2690894e}
[2011/07/05 21:28:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{f2dbfd06-b9a3-43ac-9222-d43c2a602b38}
[2011/12/07 20:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions
[2010/09/25 12:52:05 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2006/07/22 20:04:42 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2)
[2011/07/02 08:36:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{06adb500-bfaf-427c-8ddd-82f5fd4c73c6}
[2010/09/10 12:35:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 09:12:26 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{22feec3e-7ae6-49b5-8134-bd8ebb1fdb67}
[2011/06/29 23:48:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{33c4fc1f-bcdd-43bf-b42c-33dcdda2717d}
[2011/06/13 23:22:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{3717e268-b0ab-424c-9cb7-ce7b9fca8ecb}
[2011/02/04 22:41:49 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/06/10 21:29:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{59c17185-8e51-40ef-8202-c79c1c0f1e6d}
[2011/07/12 18:06:58 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{5a2b194b-b45e-494b-9fe3-a255a9ade04f}
[2011/07/01 20:03:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{5ff951bd-afb8-4fc1-9edf-ce0a79740c1d}
[2011/07/05 06:13:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/04 05:04:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{7628b872-f925-42b7-8061-52230dd59afb}
[2011/06/30 20:15:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{84f58e38-e8bc-495b-88eb-e5c77506e6b2}
[2011/07/04 03:01:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{8f714f53-5c71-4af6-a58d-ee43e34f4661}
[2011/06/13 21:46:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{95f32654-81f5-45f7-ac48-c2d5c4fce065}
[2011/07/09 05:10:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{a46292d5-b5e9-4036-a515-ecd0b790038c}
[2011/06/15 03:24:37 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{aac8d9e9-4b2c-4526-9192-2ae8c39e9295}
[2011/07/04 03:40:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/07/06 06:44:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{d69ff09f-c56a-4c37-9bb5-0a2013a07a26}
[2011/07/05 06:13:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/07 06:05:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{e9f5d825-fa95-4cac-81a5-512e2690894e}
[2011/07/05 21:28:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\{f2dbfd06-b9a3-43ac-9222-d43c2a602b38}
[2011/06/30 04:35:29 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\adblockpopups@jessehakanen.net
[2011/09/25 19:43:29 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\firefox@ghostery.com
[2011/06/30 04:33:30 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\https-everywhere@eff.org
[2010/03/09 11:28:54 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ls8ibq3x.default\extensions\LogMeInClient@logmein.com
[2011/12/07 20:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/11 17:39:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/31 23:08:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2011/11/11 17:39:20 | 000,025,560 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/11/11 17:39:20 | 000,140,760 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/08/29 13:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/02/21 22:50:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/07/11 11:48:13 | 000,528,896 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2006/07/28 17:23:31 | 000,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/07/10 08:18:10 | 000,069,632 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npitunes.dll
[2011/11/11 17:39:23 | 000,067,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/09/05 09:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/11/16 00:09:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/11/16 00:09:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/11/16 00:09:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/11/16 00:09:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/11/16 00:09:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/11/16 00:09:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/11/16 00:09:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/05/22 18:32:00 | 001,560,576 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2006/10/11 10:36:14 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2009/01/20 23:02:20 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2005/04/27 17:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\mozilla firefox\plugins\NPUploader.dll
[2007/05/22 18:14:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/05/22 18:17:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2011/03/05 15:04:54 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/03/05 15:04:54 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/03/05 15:04:54 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/03/05 15:04:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/03/05 15:04:55 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/03/05 15:04:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/03/05 15:04:55 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ginffkjapdobanedcblllenliboglpkp\1.0.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\0.9.6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\1.0.4_0\

Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186642199218 (MUWebControl Class)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://secure.delucaliquor.com/suppliers/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1885B0C-3A01-4C95-AEDD-67E778D7EC8C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 20:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/02/14 20:53:50 | 000,000,027 | ---- | M] () - K:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 14:16:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/12/06 06:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/12/06 06:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/12/05 22:39:34 | 004,329,111 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/12/05 09:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\11-11 Screenshots
[2011/12/04 21:54:05 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\TDSSKiller.exe
[2011/12/04 14:57:46 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2011/11/28 12:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/26 21:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\DoctorWeb
[2011/11/26 13:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\evieabston.com
[2011/11/26 12:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WidgetServer
[2011/11/15 21:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeOCR
[2011/11/15 21:31:08 | 001,883,136 | ---- | C] (Debenu Pty Ltd) -- C:\WINDOWS\System32\QuickPDFAX0717.dll
[2011/11/15 21:31:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\tessdata
[2011/11/15 21:31:07 | 002,680,320 | ---- | C] (HiComponents) -- C:\WINDOWS\System32\ImageEnXLibrary.ocx
[2011/11/15 21:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\FreeOCR
[2011/11/15 21:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/11/12 22:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Solid State Networks
[2011/11/12 11:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/12 11:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/11 19:05:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2007/08/07 22:24:31 | 000,300,680 | ---- | C] (CA, Inc.) -- C:\Documents and Settings\All Users\Application Data\arclib.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/08 01:41:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 01:13:02 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3668652611-48300589-1068447701-1008UA.job
[2011/12/07 22:43:40 | 000,001,888 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Default.rdp
[2011/12/07 22:41:18 | 009,345,389 | ---- | M] () -- C:\data BF 12-7-11.zip
[2011/12/07 17:27:34 | 000,002,862 | ---- | M] () -- C:\MINER PURVEYOR LA EI 11-11.csv
[2011/12/07 14:16:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/12/07 13:24:50 | 000,600,169 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FOR GAIL - Depl Import Layout Changes 12-7-11.zip
[2011/12/07 11:59:24 | 000,000,835 | ---- | M] () -- C:\LADERA BEV DIST CO 11-11.zip
[2011/12/07 11:55:22 | 000,046,084 | ---- | M] () -- C:\MAVERICK IL EI ALL 11-11.PDF
[2011/12/07 11:41:32 | 000,095,540 | ---- | M] () -- C:\CLASSIC CO EI ALL 11-11.pdf
[2011/12/07 09:23:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/07 09:23:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/07 09:21:30 | 000,062,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/12/07 09:21:30 | 000,048,169 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2011/12/07 09:21:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2011/12/07 09:21:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2011/12/07 09:21:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2011/12/07 09:21:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2011/12/07 09:21:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2011/12/07 09:21:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2011/12/07 09:21:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2011/12/07 09:21:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2011/12/07 09:21:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2011/12/07 09:21:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2011/12/07 09:21:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2011/12/07 09:21:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2011/12/07 09:21:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2011/12/07 09:21:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2011/12/07 09:21:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2011/12/07 05:13:13 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3668652611-48300589-1068447701-1008Core.job
[2011/12/06 10:46:29 | 001,867,881 | ---- | M] () -- C:\data RC 12-6-11.zip
[2011/12/06 10:29:29 | 004,787,981 | ---- | M] () -- C:\609report-nov2011.pdf
[2011/12/06 10:24:13 | 000,179,791 | ---- | M] () -- C:\SWANSON WINES ULTD LA 11-11 .dat
[2011/12/06 10:18:46 | 000,517,713 | ---- | M] () -- C:\FS MARTIN SCOTT NY 11-11.zip
[2011/12/06 10:12:41 | 000,013,818 | ---- | M] () -- C:\BF CARROLL IL EI 11-11 .pdf
[2011/12/06 09:57:30 | 003,939,283 | ---- | M] () -- C:\data EV 12-6-11.zip
[2011/12/06 05:59:31 | 001,410,192 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\sar_15_sfx.exe
[2011/12/05 22:39:39 | 004,329,111 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/12/05 22:27:44 | 000,001,095 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/05 22:27:42 | 000,001,095 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Dropbox.lnk
[2011/12/05 19:06:50 | 000,010,125 | ---- | M] () -- C:\MINER JMD HI 11-11.zip
[2011/12/05 16:59:26 | 000,001,184 | ---- | M] () -- C:\SHAFER BACCHUS MD EI 11-11.dat
[2011/12/05 16:58:59 | 000,028,571 | ---- | M] () -- C:\SHAFER BACCHUS MD 11-11.dat
[2011/12/05 16:58:25 | 000,005,811 | ---- | M] () -- C:\EV BACCHUS MD 11-11.dat
[2011/12/05 15:09:56 | 000,266,468 | ---- | M] () -- C:\PM DIANE HARDER CA 11-11.CSV
[2011/12/05 11:18:42 | 000,893,765 | ---- | M] () -- C:\MINER WINEBOW NJ 11-11.zip
[2011/12/05 11:10:35 | 000,892,860 | ---- | M] () -- C:\LYN WINEBOW NJ 11-11.zip
[2011/12/05 10:19:02 | 000,003,115 | ---- | M] () -- C:\WH WIRTZ WI 11-11.zip
[2011/12/05 09:36:49 | 000,002,374 | ---- | M] () -- C:\SEG WINEBOW NJ 11-11.zip
[2011/12/05 04:09:02 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.zip
[2011/12/05 03:58:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/12/04 21:12:07 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip
[2011/12/04 20:07:03 | 001,982,215 | ---- | M] () -- C:\data PM 12-4-11.zip
[2011/12/04 14:57:51 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2011/12/04 13:55:19 | 030,462,368 | ---- | M] () -- C:\data PH 12-4-11.zip
[2011/12/04 11:57:32 | 011,112,784 | ---- | M] () -- C:\data SEG 12-4-11.zip
[2011/12/04 07:57:32 | 000,006,340 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\attach.zip
[2011/12/03 19:33:28 | 000,000,044 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\remove.bat
[2011/12/03 16:54:18 | 008,598,274 | ---- | M] () -- C:\data BF 12-3-11.zip
[2011/12/03 08:55:52 | 000,497,351 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FS ODOM WA 11-11.zip
[2011/12/03 08:55:34 | 000,512,829 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FS ODOM OR 11-11.zip
[2011/12/03 08:50:16 | 000,008,478 | ---- | M] () -- C:\FS YOUNGS HI 11-11.zip
[2011/12/03 08:46:55 | 000,006,185 | ---- | M] () -- C:\FS YOUNGS AZ 11-11.zip
[2011/12/03 08:42:44 | 000,002,630 | ---- | M] () -- C:\WIRTZ WI ALL 11-11.zip
[2011/12/02 13:34:46 | 000,145,375 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\maya1.jpg
[2011/12/02 12:15:19 | 008,677,652 | ---- | M] () -- C:\data MINER 12-2-11.zip
[2011/12/02 11:33:29 | 000,010,212 | ---- | M] () -- C:\RC PURE IL 11-11 .zip
[2011/12/02 11:28:15 | 000,001,183 | ---- | M] () -- C:\BF STERLING NE EI 11-11.dat
[2011/12/02 11:13:45 | 000,047,290 | ---- | M] () -- C:\SEG YOUNGS CA 11-11.zip
[2011/12/02 11:13:26 | 000,026,667 | ---- | M] () -- C:\WH YOUNGS CA 11-11.zip
[2011/12/02 10:32:28 | 000,011,410 | ---- | M] () -- C:\NWS ALL 11-11.zip
[2011/12/02 10:30:14 | 001,160,094 | ---- | M] () -- C:\SEG ODOM OR-WA 11-11.zip
[2011/12/02 10:29:55 | 001,149,713 | ---- | M] () -- C:\FS ODOM OR-WA 11-11.zip
[2011/12/02 09:31:52 | 000,021,584 | ---- | M] () -- C:\MINER SIGELS TX 11-11.dat
[2011/12/02 09:31:32 | 000,025,560 | ---- | M] () -- C:\PH SIGELS TX 11-11.dat
[2011/12/02 09:31:12 | 000,007,100 | ---- | M] () -- C:\RC SIGELS TX 11-11.dat
[2011/12/02 09:21:39 | 000,640,643 | ---- | M] () -- C:\RNDC ALL 11-11.ZIP
[2011/12/02 08:53:31 | 000,104,322 | ---- | M] () -- C:\TALLEY VIN SAUVAGE NV EI 11-11.pdf
[2011/12/01 23:39:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/01 14:32:02 | 000,003,824 | ---- | M] () -- C:\BF IMPERIAL MI EI 11-11..CSV
[2011/12/01 14:31:40 | 000,013,816 | ---- | M] () -- C:\BF IMPERIAL MI 11-11.CSV
[2011/12/01 13:21:14 | 005,968,051 | ---- | M] () -- C:\data WH 12-1-11.zip
[2011/12/01 11:26:59 | 004,970,427 | ---- | M] () -- C:\data FS 12-1-11.zip
[2011/12/01 10:05:23 | 003,900,586 | ---- | M] () -- C:\data EV 12-1-11.zip
[2011/12/01 09:46:13 | 000,155,712 | ---- | M] () -- C:\FS HAYDEN ID 11-11.zip
[2011/12/01 09:37:38 | 000,049,439 | ---- | M] () -- C:\WIRTZ NV ALL 11-11.zip
[2011/12/01 09:37:38 | 000,049,439 | ---- | M] () -- C:\WH WIRTZ NV 11-11.zip
[2011/12/01 09:36:26 | 000,272,467 | ---- | M] () -- C:\PH QUALITY MN 11-11.zip
[2011/12/01 09:33:14 | 000,047,800 | ---- | M] () -- C:\EV MS WALKER 11-11.eme_1
[2011/12/01 09:32:39 | 000,004,956 | ---- | M] () -- C:\FS MAJOR MO 11-11.csv
[2011/12/01 09:32:22 | 000,001,509 | ---- | M] () -- C:\FS MAJOR MO EI 11-11.csv
[2011/12/01 09:23:16 | 000,021,292 | ---- | M] () -- C:\PH QUENCH AZ 11-11.csv
[2011/12/01 09:22:32 | 000,015,910 | ---- | M] () -- C:\MINER QUENCH AZ 11-11.csv
[2011/12/01 09:21:54 | 000,022,930 | ---- | M] () -- C:\LADERA QUENCH AZ 11-11.csv
[2011/12/01 09:20:29 | 000,008,437 | ---- | M] () -- C:\MINER QUENCH AZ EI 11-11.pdf
[2011/12/01 09:19:32 | 000,055,517 | ---- | M] () -- C:\FS STD BEV KS 11-11.ZIP
[2011/12/01 09:18:29 | 000,039,942 | ---- | M] () -- C:\LADERA JOHNSON BROS MN 11-11.csv
[2011/12/01 09:17:28 | 000,000,704 | ---- | M] () -- C:\WH WIRTZ IL pt2 11-11.csv
[2011/12/01 09:16:04 | 000,002,792 | ---- | M] () -- C:\WH WIRTZ IL EI pt2 11-11.csv
[2011/12/01 09:13:48 | 000,003,753 | ---- | M] () -- C:\WH WIRTZ IL EI 11-11.csv
[2011/12/01 09:12:51 | 000,019,903 | ---- | M] () -- C:\WH WIRTZ IL 11-11.csv
[2011/12/01 08:42:50 | 000,023,157 | ---- | M] () -- C:\WH OPICI NY 11-11.zip
[2011/12/01 08:39:46 | 000,309,068 | ---- | M] () -- C:\SEG RUBY MA 11-11.CSV
[2011/12/01 08:39:01 | 000,008,018 | ---- | M] () -- C:\SEG RUBY MA EI 11-11 .CSV
[2011/12/01 08:33:28 | 000,045,888 | ---- | M] () -- C:\LADERA RUBY MA 11-11.CSV
[2011/12/01 08:31:24 | 000,008,997 | ---- | M] () -- C:\RC RUBY MA 11-11.CSV
[2011/12/01 08:30:35 | 000,001,536 | ---- | M] () -- C:\FS RNDC NE EI 11-11.csv
[2011/12/01 08:30:17 | 000,001,770 | ---- | M] () -- C:\FS RNDC NE 11-11.csv
[2011/12/01 01:56:49 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/30 12:09:40 | 000,043,482 | ---- | M] () -- C:\SEG GEN BEV WI 11-11.zip
[2011/11/30 12:04:23 | 000,013,473 | ---- | M] () -- C:\LADERA JOHNSON BROS NV 11-11.csv
[2011/11/30 12:03:59 | 000,013,473 | ---- | M] () -- C:\BF JOHNSON BROS NV 11-11.csv
[2011/11/30 10:25:50 | 008,298,479 | ---- | M] () -- C:\data LE 11-30-11.zip
[2011/11/28 12:56:01 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/25 14:58:10 | 082,326,200 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\5rm678zc.exe
[2011/11/25 14:49:34 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\rkill.com
[2011/11/24 12:33:00 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\TDSSKiller.exe
[2011/11/23 21:04:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/23 13:11:10 | 000,802,346 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MeyerOutletSale12-11.pdf
[2011/11/22 19:50:35 | 000,001,433 | ---- | M] () -- C:\wirtz_nv_prep.zip
[2011/11/20 21:12:27 | 000,009,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\2419
[2011/11/20 19:20:13 | 000,006,055 | ---- | M] () -- C:\JOHNSON BROS NV 10-11.csv
[2011/11/18 09:53:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/17 19:21:40 | 004,060,534 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\hot diggety dog.zip
[2011/11/15 21:31:10 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FreeOCR.lnk
[2011/11/15 21:26:16 | 000,058,231 | ---- | M] () -- C:\ribwich1.jpg
[2011/11/15 13:28:50 | 000,000,077 | ---- | M] () -- C:\WINDOWS\mydebug.ini
[2011/11/14 13:46:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/13 22:00:35 | 008,414,432 | ---- | M] () -- C:\data MINER 11-13-11.zip
[2011/11/13 01:16:04 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/11/11 19:05:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2011/11/11 18:56:21 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer.zip
[2011/11/10 18:42:30 | 000,253,255 | ---- | M] () -- C:\depletionimport 1.10.13.zip
[2011/11/10 14:02:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/10 13:12:08 | 008,254,626 | ---- | M] () -- C:\data BF 11-10-11.zip
[2011/11/10 07:47:20 | 000,002,025 | ---- | M] () -- C:\tryon_prep.zip
[2011/11/10 06:39:56 | 000,034,087 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Spybot - Search & Destroy scan report.pdf
[2011/11/10 06:39:44 | 000,002,481 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/11/09 11:43:29 | 000,010,111 | ---- | M] () -- C:\MINER JMD HI 10-11.zip
[2011/11/08 19:37:28 | 003,880,130 | ---- | M] () -- C:\data - 2011-11-08.zip
[2011/11/08 13:18:25 | 004,740,217 | ---- | M] () -- C:\609report-oct2011.pdf
[2011/11/08 09:39:32 | 000,824,317 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FS SWS DC-MD 10-11.zip
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Compaq_Administrator\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/07 22:42:07 | 009,345,389 | ---- | C] () -- C:\data BF 12-7-11.zip
[2011/12/07 18:41:21 | 030,462,368 | ---- | C] () -- C:\data PH 12-4-11.zip
[2011/12/07 17:27:34 | 000,002,862 | ---- | C] () -- C:\MINER PURVEYOR LA EI 11-11.csv
[2011/12/07 12:52:50 | 000,600,169 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FOR GAIL - Depl Import Layout Changes 12-7-11.zip
[2011/12/07 11:59:24 | 000,000,835 | ---- | C] () -- C:\LADERA BEV DIST CO 11-11.zip
[2011/12/07 11:55:22 | 000,046,084 | ---- | C] () -- C:\MAVERICK IL EI ALL 11-11.PDF
[2011/12/07 11:41:32 | 000,095,540 | ---- | C] () -- C:\CLASSIC CO EI ALL 11-11.pdf
[2011/12/07 09:21:30 | 000,048,169 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2011/12/07 09:21:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2011/12/07 09:21:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2011/12/07 09:21:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2011/12/07 09:21:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2011/12/07 09:21:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2011/12/07 09:21:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2011/12/07 09:21:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2011/12/06 10:46:52 | 001,867,881 | ---- | C] () -- C:\data RC 12-6-11.zip
[2011/12/06 10:29:09 | 004,787,981 | ---- | C] () -- C:\609report-nov2011.pdf
[2011/12/06 10:24:13 | 000,179,791 | ---- | C] () -- C:\SWANSON WINES ULTD LA 11-11 .dat
[2011/12/06 10:17:20 | 000,517,713 | ---- | C] () -- C:\FS MARTIN SCOTT NY 11-11.zip
[2011/12/06 10:12:41 | 000,013,818 | ---- | C] () -- C:\BF CARROLL IL EI 11-11 .pdf
[2011/12/06 09:57:55 | 003,939,283 | ---- | C] () -- C:\data EV 12-6-11.zip
[2011/12/06 05:59:34 | 001,410,192 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\sar_15_sfx.exe
[2011/12/05 19:06:01 | 000,010,125 | ---- | C] () -- C:\MINER JMD HI 11-11.zip
[2011/12/05 16:59:25 | 000,001,184 | ---- | C] () -- C:\SHAFER BACCHUS MD EI 11-11.dat
[2011/12/05 16:58:54 | 000,028,571 | ---- | C] () -- C:\SHAFER BACCHUS MD 11-11.dat
[2011/12/05 16:58:24 | 000,005,811 | ---- | C] () -- C:\EV BACCHUS MD 11-11.dat
[2011/12/05 15:09:55 | 000,266,468 | ---- | C] () -- C:\PM DIANE HARDER CA 11-11.CSV
[2011/12/05 11:17:31 | 000,893,765 | ---- | C] () -- C:\MINER WINEBOW NJ 11-11.zip
[2011/12/05 11:09:25 | 000,892,860 | ---- | C] () -- C:\LYN WINEBOW NJ 11-11.zip
[2011/12/05 10:19:01 | 000,003,115 | ---- | C] () -- C:\WH WIRTZ WI 11-11.zip
[2011/12/05 09:35:52 | 000,002,374 | ---- | C] () -- C:\SEG WINEBOW NJ 11-11.zip
[2011/12/05 04:09:02 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.zip
[2011/12/04 21:12:03 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip
[2011/12/04 20:13:35 | 001,982,215 | ---- | C] () -- C:\data PM 12-4-11.zip
[2011/12/04 15:11:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/12/04 11:58:10 | 011,112,784 | ---- | C] () -- C:\data SEG 12-4-11.zip
[2011/12/04 07:56:52 | 000,006,340 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\attach.zip
[2011/12/03 19:33:28 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\remove.bat
[2011/12/03 16:59:13 | 008,598,274 | ---- | C] () -- C:\data BF 12-3-11.zip
[2011/12/03 08:55:52 | 000,497,351 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FS ODOM WA 11-11.zip
[2011/12/03 08:55:34 | 000,512,829 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FS ODOM OR 11-11.zip
[2011/12/03 08:50:16 | 000,008,478 | ---- | C] () -- C:\FS YOUNGS HI 11-11.zip
[2011/12/03 08:46:55 | 000,006,185 | ---- | C] () -- C:\FS YOUNGS AZ 11-11.zip
[2011/12/03 08:42:44 | 000,002,630 | ---- | C] () -- C:\WIRTZ WI ALL 11-11.zip
[2011/12/02 13:34:42 | 000,145,375 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\maya1.jpg
[2011/12/02 12:17:00 | 008,677,652 | ---- | C] () -- C:\data MINER 12-2-11.zip
[2011/12/02 11:32:21 | 000,010,212 | ---- | C] () -- C:\RC PURE IL 11-11 .zip
[2011/12/02 11:28:14 | 000,001,183 | ---- | C] () -- C:\BF STERLING NE EI 11-11.dat
[2011/12/02 11:13:40 | 000,047,290 | ---- | C] () -- C:\SEG YOUNGS CA 11-11.zip
[2011/12/02 11:13:26 | 000,026,667 | ---- | C] () -- C:\WH YOUNGS CA 11-11.zip
[2011/12/02 10:32:27 | 000,011,410 | ---- | C] () -- C:\NWS ALL 11-11.zip
[2011/12/02 10:30:13 | 001,160,094 | ---- | C] () -- C:\SEG ODOM OR-WA 11-11.zip
[2011/12/02 10:29:55 | 001,149,713 | ---- | C] () -- C:\FS ODOM OR-WA 11-11.zip
[2011/12/02 09:31:48 | 000,021,584 | ---- | C] () -- C:\MINER SIGELS TX 11-11.dat
[2011/12/02 09:31:31 | 000,025,560 | ---- | C] () -- C:\PH SIGELS TX 11-11.dat
[2011/12/02 09:31:10 | 000,007,100 | ---- | C] () -- C:\RC SIGELS TX 11-11.dat
[2011/12/02 09:21:38 | 000,640,643 | ---- | C] () -- C:\RNDC ALL 11-11.ZIP
[2011/12/02 08:53:30 | 000,104,322 | ---- | C] () -- C:\TALLEY VIN SAUVAGE NV EI 11-11.pdf
[2011/12/01 14:32:02 | 000,003,824 | ---- | C] () -- C:\BF IMPERIAL MI EI 11-11..CSV
[2011/12/01 14:31:40 | 000,013,816 | ---- | C] () -- C:\BF IMPERIAL MI 11-11.CSV
[2011/12/01 13:24:01 | 005,968,051 | ---- | C] () -- C:\data WH 12-1-11.zip
[2011/12/01 11:28:16 | 004,970,427 | ---- | C] () -- C:\data FS 12-1-11.zip
[2011/12/01 10:34:24 | 000,049,439 | ---- | C] () -- C:\WH WIRTZ NV 11-11.zip
[2011/12/01 10:07:16 | 003,900,586 | ---- | C] () -- C:\data EV 12-1-11.zip
[2011/12/01 09:46:13 | 000,155,712 | ---- | C] () -- C:\FS HAYDEN ID 11-11.zip
[2011/12/01 09:37:13 | 000,049,439 | ---- | C] () -- C:\WIRTZ NV ALL 11-11.zip
[2011/12/01 09:35:55 | 000,272,467 | ---- | C] () -- C:\PH QUALITY MN 11-11.zip
[2011/12/01 09:33:14 | 000,047,800 | ---- | C] () -- C:\EV MS WALKER 11-11.eme_1
[2011/12/01 09:32:22 | 000,001,509 | ---- | C] () -- C:\FS MAJOR MO EI 11-11.csv
[2011/12/01 09:31:41 | 000,004,956 | ---- | C] () -- C:\FS MAJOR MO 11-11.csv
[2011/12/01 09:23:16 | 000,021,292 | ---- | C] () -- C:\PH QUENCH AZ 11-11.csv
[2011/12/01 09:22:32 | 000,015,910 | ---- | C] () -- C:\MINER QUENCH AZ 11-11.csv
[2011/12/01 09:21:54 | 000,022,930 | ---- | C] () -- C:\LADERA QUENCH AZ 11-11.csv
[2011/12/01 09:20:29 | 000,008,437 | ---- | C] () -- C:\MINER QUENCH AZ EI 11-11.pdf
[2011/12/01 09:19:32 | 000,055,517 | ---- | C] () -- C:\FS STD BEV KS 11-11.ZIP
[2011/12/01 09:18:25 | 000,039,942 | ---- | C] () -- C:\LADERA JOHNSON BROS MN 11-11.csv
[2011/12/01 09:17:28 | 000,000,704 | ---- | C] () -- C:\WH WIRTZ IL pt2 11-11.csv
[2011/12/01 09:16:04 | 000,002,792 | ---- | C] () -- C:\WH WIRTZ IL EI pt2 11-11.csv
[2011/12/01 09:13:46 | 000,003,753 | ---- | C] () -- C:\WH WIRTZ IL EI 11-11.csv
[2011/12/01 09:12:51 | 000,019,903 | ---- | C] () -- C:\WH WIRTZ IL 11-11.csv
[2011/12/01 08:42:02 | 000,023,157 | ---- | C] () -- C:\WH OPICI NY 11-11.zip
[2011/12/01 08:39:46 | 000,309,068 | ---- | C] () -- C:\SEG RUBY MA 11-11.CSV
[2011/12/01 08:39:00 | 000,008,018 | ---- | C] () -- C:\SEG RUBY MA EI 11-11 .CSV
[2011/12/01 08:33:26 | 000,045,888 | ---- | C] () -- C:\LADERA RUBY MA 11-11.CSV
[2011/12/01 08:31:24 | 000,008,997 | ---- | C] () -- C:\RC RUBY MA 11-11.CSV
[2011/12/01 08:30:35 | 000,001,536 | ---- | C] () -- C:\FS RNDC NE EI 11-11.csv
[2011/12/01 08:30:17 | 000,001,770 | ---- | C] () -- C:\FS RNDC NE 11-11.csv
[2011/11/30 12:09:40 | 000,043,482 | ---- | C] () -- C:\SEG GEN BEV WI 11-11.zip
[2011/11/30 12:04:23 | 000,013,473 | ---- | C] () -- C:\LADERA JOHNSON BROS NV 11-11.csv
[2011/11/30 12:03:58 | 000,013,473 | ---- | C] () -- C:\BF JOHNSON BROS NV 11-11.csv
[2011/11/30 10:26:44 | 008,298,479 | ---- | C] () -- C:\data LE 11-30-11.zip
[2011/11/29 13:16:31 | 008,254,626 | ---- | C] () -- C:\data BF 11-10-11.zip
[2011/11/29 12:48:49 | 008,414,432 | ---- | C] () -- C:\data MINER 11-13-11.zip
[2011/11/29 12:47:24 | 000,010,111 | ---- | C] () -- C:\MINER JMD HI 10-11.zip
[2011/11/29 12:40:13 | 000,002,646 | ---- | C] () -- C:\trade_pulse_prep.prg
[2011/11/28 12:56:01 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/25 14:53:37 | 082,326,200 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\5rm678zc.exe
[2011/11/25 14:49:35 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\rkill.com
[2011/11/23 13:11:06 | 000,802,346 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MeyerOutletSale12-11.pdf
[2011/11/22 19:51:07 | 000,001,433 | ---- | C] () -- C:\wirtz_nv_prep.zip
[2011/11/20 21:12:27 | 000,009,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\2419
[2011/11/20 19:20:12 | 000,006,055 | ---- | C] () -- C:\JOHNSON BROS NV 10-11.csv
[2011/11/17 19:21:36 | 004,060,534 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\hot diggety dog.zip
[2011/11/15 21:31:10 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FreeOCR.lnk
[2011/11/15 21:30:56 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2011/11/15 21:26:09 | 000,058,231 | ---- | C] () -- C:\ribwich1.jpg
[2011/11/14 14:14:52 | 003,880,130 | ---- | C] () -- C:\data - 2011-11-08.zip
[2011/11/14 14:14:25 | 003,808,463 | ---- | C] () -- C:\data - 2011-10-28.zip
[2011/11/13 01:16:02 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/11/13 01:16:01 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/11 18:56:24 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer.zip
[2011/11/10 18:42:29 | 000,253,255 | ---- | C] () -- C:\depletionimport 1.10.13.zip
[2011/11/10 07:47:20 | 000,002,025 | ---- | C] () -- C:\tryon_prep.zip
[2011/11/10 06:39:58 | 000,034,087 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Spybot - Search & Destroy scan report.pdf
[2011/11/08 13:18:12 | 004,740,217 | ---- | C] () -- C:\609report-oct2011.pdf
[2011/11/08 09:38:03 | 000,824,317 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\FS SWS DC-MD 10-11.zip
[2011/07/12 19:48:43 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/22 16:15:40 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/03/14 09:52:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\rgbacodec.dll
[2011/03/01 04:12:41 | 006,842,088 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/03/01 04:12:41 | 000,017,836 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/09/28 18:03:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/28 18:03:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/28 18:03:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/28 18:03:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/28 18:03:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/03 18:10:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/02 19:11:14 | 000,023,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\ppsio2.sys
[2010/05/15 06:41:27 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/15 11:30:36 | 000,000,060 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/12/31 10:51:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2009/11/20 06:52:07 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/09/24 22:29:59 | 000,094,016 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/14 07:28:10 | 000,505,920 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/06/20 13:34:16 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/15 08:01:20 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/04/10 16:04:56 | 000,008,038 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/12/24 17:35:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/12 20:40:07 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/28 14:30:08 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/02/07 07:32:19 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/07 07:32:18 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/04 23:57:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/02/02 00:08:25 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2008/02/02 00:08:25 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2008/02/02 00:08:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2008/01/28 17:20:43 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
[2008/01/28 17:20:43 | 000,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2008/01/28 17:20:33 | 000,000,126 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/01/15 14:33:26 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/01/06 21:03:50 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/10/26 13:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 13:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/21 10:05:14 | 000,000,723 | ---- | C] () -- C:\WINDOWS\fnerr.dat
[2007/09/28 20:22:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/09/28 20:21:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/08/13 10:51:32 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/08/13 10:51:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/08/07 23:30:06 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2007/08/07 22:21:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/08/07 17:54:56 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2007/08/02 15:12:28 | 000,131,072 | ---- | C] () -- C:\WINDOWS\gswin32c.exe
[2007/08/02 14:56:39 | 000,139,264 | ---- | C] () -- C:\WINDOWS\gswin32.exe
[2007/08/02 14:53:14 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/07/19 13:13:53 | 000,000,369 | ---- | C] () -- C:\WINDOWS\capture.ini
[2007/04/26 21:20:01 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/03/20 16:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2006/12/07 09:27:39 | 000,010,697 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/16 07:03:46 | 000,000,077 | ---- | C] () -- C:\WINDOWS\mydebug.ini
[2006/10/03 08:50:39 | 000,008,157 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2006/07/25 16:25:17 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/24 19:40:48 | 000,000,286 | ---- | C] () -- C:\WINDOWS\CorelDRAW.ini
[2006/07/21 21:38:26 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2006/07/18 22:30:47 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2006/07/18 17:44:03 | 000,108,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/12 12:25:36 | 000,001,159 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/07/06 22:59:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/06 22:59:41 | 000,005,403 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/03/13 05:54:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/13 05:33:17 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/13 05:29:23 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/03/13 05:28:43 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/03/13 05:28:43 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/03/13 05:28:36 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/13 05:28:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/13 05:26:15 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/13 05:24:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/13 05:15:37 | 000,002,481 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/13 05:14:17 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/13 05:14:17 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/13 05:09:20 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/13 05:08:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/13 05:04:43 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/13 05:03:09 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/13 04:44:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/13 04:44:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/13 04:44:37 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 13:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 20:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 20:07:46 | 000,443,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 20:07:46 | 000,072,372 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 20:05:30 | 001,712,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 20:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 19:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 06:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/30 14:14:02 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\hh32.exe
[2001/08/23 07:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2000/12/03 20:45:58 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\hh40.exe

========== LOP Check ==========

[2006/08/15 11:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\allTunes
[2011/11/14 13:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/07 09:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitMeterOS
[2011/09/16 01:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2006/03/13 05:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2006/08/04 11:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup
[2007/05/04 12:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/02/01 07:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensis
[2006/08/29 09:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/12/08 01:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/06/03 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2007/09/20 20:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/01 21:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/09/04 20:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/11/15 21:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2007/01/20 00:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/26 21:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WidgetServer
[2010/07/19 23:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/15 03:48:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/09/17 22:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/07/12 12:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\4200Series
[2010/09/28 15:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Ahash
[2006/08/15 11:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\allTunes
[2006/11/16 09:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Allume Systems
[2010/01/10 21:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Artisteer
[2010/05/23 13:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\authorPOINT
[2009/02/19 10:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\avidemux
[2008/01/26 13:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
[2009/01/26 14:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Blender Foundation
[2009/03/22 19:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Broad Intelligence
[2011/03/16 19:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\dBpoweramp
[2010/08/22 10:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Digiarty
[2010/09/28 17:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DNA
[2011/12/07 22:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox
[2006/10/16 07:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\eFax Messenger
[2010/09/01 18:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Egnyu
[2009/02/01 07:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Extensis
[2010/07/24 22:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FileZilla
[2007/08/10 19:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Flickr
[2008/01/15 23:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\gtk-2.0
[2010/07/15 08:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HandBrake
[2007/11/09 11:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Helios
[2006/08/29 09:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HotSync
[2008/08/14 20:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ImgBurn
[2006/07/19 23:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Inkscape
[2007/08/13 10:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\InterTrust
[2009/02/01 02:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\IObit
[2008/01/15 23:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\KompoZer
[2006/07/07 13:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2011/10/14 18:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LibreOffice
[2006/08/26 14:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MonkeyJam
[2007/04/06 22:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Notepad++
[2008/01/21 15:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Nvu
[2009/03/22 21:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\OpenOffice.org
[2007/05/12 17:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Opera
[2009/06/03 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\PKWARE
[2010/09/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Pugyi
[2010/12/25 12:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Seagate
[2010/01/21 16:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Smilebox
[2006/10/11 10:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Snapfish
[2011/09/29 19:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Spotify
[2010/05/26 13:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TeamViewer
[2008/01/17 23:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Thunderbird
[2010/02/18 23:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/11/13 12:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
[2007/08/13 21:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\VSRevoGroup
[2007/07/09 20:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2009/01/26 04:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ZScreen

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



OTL Extras logfile created on: 12/8/2011 1:16:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 77.92% Memory free
3.19 Gb Paging File | 2.59 Gb Available in Paging File | 81.09% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.95 Gb Total Space | 102.13 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
Drive D: | 7.91 Gb Total Space | 0.55 Gb Free Space | 7.00% Space Free | Partition Type: FAT32
Drive K: | 465.76 Gb Total Space | 250.60 Gb Free Space | 53.80% Space Free | Partition Type: NTFS
Drive L: | 7.36 Gb Total Space | 3.52 Gb Free Space | 47.89% Space Free | Partition Type: FAT32

Computer Name: DAVE | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "c:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" (Adobe Systems Incorporated)
https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"9420:TCP" = 9420:TCP:*:Disabled:Red Swoosh
"5000:UDP" = 5000:UDP:*:Disabled:Red Swoosh
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3703:TCP" = 3703:TCP:*:Disabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Disabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Disabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Disabled:Adobe Version Cue CS3 Server
"67:UDP" = 67:UDP:*:Enabled:Shafer1
"68:UDP" = 68:UDP:*:Enabled:Shafer 2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\kbdlt32.exe" = C:\WINDOWS\system32\kbdlt32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\kbdlt32.exe" = C:\WINDOWS\system32\kbdlt32.exe:*:Enabled:Windows Update Service
"C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" = C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*:Enabled:SeagateHipServAgent -- (Axentra Corporation)
"C:\Documents and Settings\Compaq_Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Compaq_Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Disabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Disabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- ()
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1D319C1D-C857-4AD1-9F37-7F9A33726683}" = Torrent Episode Downloader
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{3FEC3A5B-60FF-4626-B425-08E09B121A15}" = LogMeIn
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C93C363-414E-11D4-9756-00C04F8EEB39}" = Macromedia Flash 5
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{512681B9-18C1-4D72-9701-AF050A2C5A77}" = Ab3d.Reader3ds
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9B20F786-D75F-45ED-B98D-CA8DBEE3F5D9}" = SonicWALL Global VPN Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A760067A-C07E-1033-0000-A764AC000007}" = Avery Template - U_0332_01_L
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1DA9C11-9488-5882-2087-33EC06344A76}" = TweetDeck
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D59641D1-A1C0-42DF-A93A-B3D171A019E8}" = Microsoft Office PowerPoint 2007 Step by Step
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DAF4FF77-9DB2-4109-AA2B-6871B5734F42}" = DeVineware
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"a-squared Free_is1" = a-squared Free 3.0
"ATI Display Driver" = ATI Display Driver
"AtomTime Pro_is1" = AtomTime Pro 3.1d
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AVI to MPEG Converter" = AVI to MPEG Converter
"AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.43
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitMeterOS" = BitMeter OS
"Blender" = Blender (remove only)
"Comical_is1" = Comical 0.8
"COOLjsMenu Standard" = COOLjsMenu Standard 2.9.4
"Corel Uninstaller" = Corel Uninstaller
"CorelDRAW 10" = CorelDRAW 10
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DISCover" = HP Games 3.43.97
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 2.90
"eTrust Suite Personal" = CA Internet Security Suite
"ffdshow_is1" = ffdshow [rev 2844] [2009-03-30]
"FileZilla Client" = FileZilla Client 3.3.3
"Flickr Uploadr" = Flickr Uploadr 2.5.0.15
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"Handbrake" = Handbrake 0.9.4
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.45.1
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaCoder" = MediaCoder 0.7.0-rc2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mint4win" = Linux_Mint_Main
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OneTouch Version 3.0" = OneTouch Version 3.0
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PDF Ripper_is1" = PDF Ripper 2.01
"PeerGuardian_is1" = PeerGuardian 2.0
"Prism" = Prism Video Converter
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.30
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"TaxACT 2008" = TaxACT 2008
"TaxACT 2009" = TaxACT 2009
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"WampServer 2_is1" = WampServer 2.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZScreen" = ZScreen 1.3.3.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe QuarkXPress Converter 3.0" = Adobe QuarkXPress Converter 3.0
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Smilebox" = Hallmark Smilebox
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/30/2011 2:56:17 PM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/1/2011 6:02:46 AM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/1/2011 6:58:44 AM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/3/2011 11:55:27 PM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/4/2011 6:39:19 AM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/4/2011 7:56:27 PM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/5/2011 8:47:38 AM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/5/2011 4:13:35 PM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/7/2011 1:48:51 AM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 12/7/2011 1:27:01 PM | Computer Name = DAVE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

[ System Events ]
Error - 12/7/2011 2:30:50 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.75 did not
allow the name to be claimed by this machine.

Error - 12/7/2011 2:36:00 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.84 did not
allow the name to be claimed by this machine.

Error - 12/7/2011 2:41:10 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.84 did not
allow the name to be claimed by this machine.

Error - 12/7/2011 2:42:37 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.84 did not
allow the name to be claimed by this machine.

Error - 12/7/2011 2:47:47 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.84 did not
allow the name to be claimed by this machine.

Error - 12/7/2011 2:47:47 PM | Computer Name = DAVE | Source = BROWSER | ID = 8009
Description = The browser was unable to promote itself to master browser. The computer
that currently believes it is the master browser is DEVINE1.

Error - 12/7/2011 2:52:57 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.84 did not
allow the name to be claimed by this machine.

Error - 12/7/2011 2:58:07 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.84 did not
allow the name to be claimed by this machine.

Error - 12/7/2011 3:03:17 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.84 did not
allow the name to be claimed by this machine.

Error - 12/7/2011 3:08:27 PM | Computer Name = DAVE | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.2.84. The machine with the IP address 192.168.2.84 did not
allow the name to be claimed by this machine.


< End of report >

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:10 AM

Posted 08 December 2011 - 11:46 AM

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/02 08:36:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\S3 2419;2419;c:\windows\system32\drivers\2419\extensions\{06adb500-bfaf-427c-8ddd-82f5fd4c73c6}
    [2011/07/10 09:12:26 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{22feec3e-7ae6-49b5-8134-bd8ebb1fdb67}
    [2011/06/29 23:48:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{33c4fc1f-bcdd-43bf-b42c-33dcdda2717d}
    [2011/06/13 23:22:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{3717e268-b0ab-424c-9cb7-ce7b9fca8ecb}
    [2011/06/10 21:29:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{59c17185-8e51-40ef-8202-c79c1c0f1e6d}
    [2011/07/12 18:06:58 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{5a2b194b-b45e-494b-9fe3-a255a9ade04f}
    [2011/07/01 20:03:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{5ff951bd-afb8-4fc1-9edf-ce0a79740c1d}
    [2011/07/04 05:04:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{7628b872-f925-42b7-8061-52230dd59afb}
    [2011/06/30 20:15:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{84f58e38-e8bc-495b-88eb-e5c77506e6b2}
    [2011/07/04 03:01:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{8f714f53-5c71-4af6-a58d-ee43e34f4661}
    [2011/06/13 21:46:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{95f32654-81f5-45f7-ac48-c2d5c4fce065}
    [2011/07/09 05:10:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{a46292d5-b5e9-4036-a515-ecd0b790038c}
    [2011/06/15 03:24:37 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{aac8d9e9-4b2c-4526-9192-2ae8c39e9295}
    [2011/07/06 06:44:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{d69ff09f-c56a-4c37-9bb5-0a2013a07a26}
    [2011/07/07 06:05:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{e9f5d825-fa95-4cac-81a5-512e2690894e}
    [2011/07/05 21:28:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\flrt11wp.default\extensions\{f2dbfd06-b9a3-43ac-9222-d43c2a602b38}
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CC 2C D9 01 1E 28 AC 4E B1 68 BB 2A 49 20 70 54 [binary data]
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Commands
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please post the log and let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users