Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
2 Pages V   1 2 >  
 Closed TopicStart new topic
I'm having the same problem: Trojan-Clicker.Win32.Tiny.h/Trojan-Sp
jstchlln
post Sep 5 2008, 08:27 PM
Post #1


Member
**
Posts: 21
From: Colorado
OS: XP
Thank you for the help your forums offer.

It appears that I am also infected with Trojan-Clicker.Win32.Tiny.h/Trojan-Spy.HTML.Bankfraud.dq/Trojan-Spy.Wi.
I have a pop-up that reads "Windows Security Alert | To help your computer, Windows Firewall has detected activity of harmful softeare. | Do you want to block this software from sending data over the Internet? | ..." I click enable protection, and am taken to a website for Smartsoft Reviews.

Have run the malware remover from the "to do before" list.

I tried to run the RSIT, but it freezes in "Performing Registry Dump" mode. Theb the error message "Autolt Error | Line -1 | Error: Recursion level has been exceeded - AutoIt will quit to prevent stack overflow."

What does this error mean, and what do I need to be able to run the program?

Thanks for the help.

Jstchlln

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:10 PM, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\qvsbilwv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\qvsbilwv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.espn.go.com/frontpage/football
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uicmd] C:\WINDOWS\system32\qvsbilwv.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD Architectural 2\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD Architectural 2\AcPreview.ocx
O23 - Service: McAfee Application Installer Cleanup (0065001220531449) (0065001220531449mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\006500~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 15493 bytes
Go to the top of the page
 
+Quote Post
fenzodahl512
post Sep 6 2008, 01:19 AM
Post #2


Trusted Helper
Group Icon
Posts: 4,446
OS: Windows XP
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 90 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.
Go to the top of the page
 
+Quote Post
jstchlln
post Sep 6 2008, 06:13 AM
Post #3


Member
**
Posts: 21
From: Colorado
OS: XP
Great to meet you fenzodahl512. Thank you for your help.

I had found a thred last night that suggested running combo-fix, so I have run that also. Issue persists.

OTViewIt logfile created on: 9/6/2008 6:15:11 AM - Run 2
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\Jason Phillips\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 437.35 Mb Available Physical Memory | 43.13% Memory free
2.39 Gb Paging File | 1.86 Gb Available in Paging File | 78.03% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.80 Gb Total Space | 19.45 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASON
Current User Name: Jason Phillips
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[01/17/2005 06:38 PM | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[08/28/2004 02:33 AM | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) - C:\WINDOWS\system32\DVDRAMSV.exe
[03/31/2003 04:34 PM | 00,282,684 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\system32\drivers\KodakCCS.exe
[01/16/2007 02:59 PM | 00,071,208 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\MBackMonitor.exe
[12/20/2005 01:22 PM | 00,035,328 | ---- | M] (TOSHIBA Corp.) - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
[05/16/2008 06:11 AM | 00,648,504 | ---- | M] (Pure Networks, Inc.) - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[11/30/2005 02:25 PM | 00,073,728 | ---- | M] (TOSHIBA Corporation) - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[05/31/2005 11:00 PM | 00,282,624 | ---- | M] (TOSHIBA Corporation) - C:\WINDOWS\system32\TPSMain.exe
[01/05/2006 04:02 PM | 00,352,256 | ---- | M] (TOSHIBA) - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
[08/16/2005 01:23 PM | 00,188,416 | ---- | M] (TOSHIBA Corporation) - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
[05/31/2005 10:59 PM | 00,045,056 | ---- | M] (TOSHIBA Corporation) - C:\WINDOWS\system32\TPSBattM.exe
[12/16/2005 02:32 AM | 00,761,945 | ---- | M] (Synaptics, Inc.) - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[12/16/2005 02:21 AM | 00,151,552 | ---- | M] (Synaptics, Inc.) - C:\Program Files\Synaptics\SynTP\Toshiba.exe
[04/26/2005 06:13 PM | 00,122,880 | ---- | M] (TOSHIBA Corporation) - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
[06/28/2004 11:29 PM | 00,032,768 | ---- | M] (Cyberlink Corp.) - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[03/17/2005 07:37 PM | 00,151,552 | ---- | M] (TOSHIBA Corporation) - C:\TOSHIBA\IVP\ISM\pinger.exe
[11/02/2005 06:41 PM | 00,978,944 | ---- | M] (TOSHIBA CORPORATION) - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
[01/16/2007 02:59 PM | 04,838,952 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
[08/18/2004 05:37 AM | 00,184,320 | ---- | M] (Agere Systems) - C:\Program Files\ltmoh\ltmoh.exe
[11/17/2005 05:44 PM | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) - C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
[10/15/2005 08:29 AM | 00,088,203 | ---- | M] (Agere Systems) - C:\WINDOWS\agrsmmsg.exe
[05/21/2008 05:26 PM | 00,451,896 | ---- | M] (Pure Networks, Inc.) - C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[12/30/2004 02:32 AM | 00,065,536 | ---- | M] (TOSHIBA) - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[09/03/2008 02:07 PM | 00,098,304 | ---- | M] () - C:\WINDOWS\system32\qvsbilwv.exe
[02/07/2007 02:10 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

===== Win32 Services - Non-Microsoft Only =====

(0065001220531449mcinstcleanup) McAfee Application Installer Cleanup (0065001220531449) [Auto | Stopped]
File not found - C:\WINDOWS\TEMP\006500~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini

(CFSvcs) ConfigFree Service [Auto | Running]
[01/17/2005 06:38 PM | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

(DVD-RAM_Service) DVD-RAM_Service [Auto | Running]
[08/28/2004 02:33 AM | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) - C:\WINDOWS\system32\DVDRAMSV.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Running]
[02/07/2007 02:10 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(KodakCCS) Kodak Camera Connection Software [Auto | Running]
[03/31/2003 04:34 PM | 00,282,684 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\system32\drivers\KodakCCS.exe

(MBackMonitor) MBackMonitor [Auto | Running]
[01/16/2007 02:59 PM | 00,071,208 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\MBackMonitor.exe

(nmraapache) Pure Networks Net2Go Service [On_Demand | Stopped]
[05/21/2008 05:25 PM | 00,012,800 | ---- | M] (Pure Networks, Inc.) - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

(nmservice) Pure Networks Platform Service [Auto | Running]
[05/16/2008 06:11 AM | 00,648,504 | ---- | M] (Pure Networks, Inc.) - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

(ScsiAccess) ScsiAccess [Disabled | Stopped]
[02/04/2003 09:22 AM | 00,181,312 | ---- | M] () - C:\WINDOWS\system32\ScsiAccess.EXE

(Swupdtmr) Swupdtmr [Disabled | Stopped]
[07/12/2005 07:14 PM | 00,040,960 | ---- | M] () - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

(TAPPSRV) TOSHIBA Application Service [Auto | Running]
[12/20/2005 01:22 PM | 00,035,328 | ---- | M] (TOSHIBA Corp.) - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

===== Driver Services - Non-Microsoft Only =====

(AgereSoftModem) TOSHIBA V92 Software Modem [On_Demand | Running]
[11/15/2005 11:00 AM | 01,122,656 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\AGRSM.sys

(DcCam) Kodak Camera Proxy [System | Running]
[03/31/2003 04:34 PM | 00,036,730 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\system32\drivers\DcCam.sys

(DcFpoint) DcFpoint [On_Demand | Stopped]
[03/31/2003 04:34 PM | 00,061,568 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\system32\drivers\DcFpoint.sys

(DCFS2K) Kodak DCFS2K Driver [Auto | Running]
[02/21/2003 01:57 PM | 00,037,941 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\system32\drivers\DCFS2k.sys

(DcLps) Legacy Polling Service [On_Demand | Stopped]
[03/31/2003 04:34 PM | 00,008,058 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\system32\drivers\DcLps.sys

(DcPTP) DcPTP [On_Demand | Stopped]
[03/31/2003 04:34 PM | 00,061,114 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\system32\drivers\DcPtp.sys

(Exportit) Exportit [System | Stopped]
[03/31/2003 04:34 PM | 00,134,421 | ---- | M] (Eastman Kodak Company) - C:\WINDOWS\system32\drivers\ExportIt.sys

(grmnusb) grmnusb [On_Demand | Stopped]
[09/23/2003 08:42 AM | 00,007,296 | ---- | M] (GARMIN Corp.) - C:\WINDOWS\system32\drivers\grmnusb.sys

(IO_Memory) IO_Memory [On_Demand | Stopped]
File not found - c:\sysprep\Drivers\ioport.sys

(Iviaspi) IVI ASPI Shell [On_Demand | Running]
[09/11/2003 01:36 AM | 00,021,060 | ---- | M] (InterVideo, Inc.) - C:\WINDOWS\system32\drivers\iviaspi.sys

(KR10N) KR10N [Boot | Running]
[01/12/2005 02:05 AM | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) - C:\WINDOWS\system32\drivers\KR10N.sys

(meiudf) meiudf [System | Running]
[06/02/2005 05:33 AM | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) - C:\WINDOWS\system32\drivers\meiudf.sys

(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Auto | Running]
[01/29/2003 04:35 PM | 00,012,032 | ---- | M] (TOSHIBA Corporation.) - C:\WINDOWS\system32\drivers\Netdevio.sys

(pnarp) Pure Networks Device Discovery Driver [Auto | Running]
[05/16/2008 06:10 AM | 00,023,992 | ---- | M] (Pure Networks, Inc.) - C:\WINDOWS\system32\drivers\pnarp.sys

(purendis) Pure Networks Wireless Driver [Auto | Running]
[05/16/2008 06:10 AM | 00,025,272 | ---- | M] (Pure Networks, Inc.) - C:\WINDOWS\system32\drivers\purendis.sys

(RimSerPort) RIM Virtual Serial Port [On_Demand | Stopped]
[06/30/2006 05:10 PM | 00,026,752 | R--- | M] (Research in Motion Ltd) - C:\WINDOWS\system32\drivers\RimSerial.sys

(RimVSerPort) RIM Virtual Serial Port v2 [On_Demand | Running]
[06/30/2006 05:10 PM | 00,026,752 | R--- | M] (Research in Motion Ltd) - C:\WINDOWS\system32\drivers\RimSerial.sys

(SDTHOOK) SDTHOOK [On_Demand | Stopped]
[06/05/2007 11:56 AM | 00,044,928 | ---- | M] (Panda Software) - C:\WINDOWS\system32\drivers\SDTHOOK.SYS

(SVRPEDRV) SVRPEDRV [On_Demand | Stopped]
File not found - C:\SYSPREP\PEDrv.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[12/16/2005 02:15 AM | 00,191,936 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys

(tbiosdrv) Toshiba Logical Tbios Device [On_Demand | Running]
[08/24/2005 05:20 PM | 00,009,472 | ---- | M] () - C:\WINDOWS\system32\drivers\tbiosdrv.sys

(TcUsb) TC USB Kernel Driver [On_Demand | Stopped]
[11/25/2005 04:38 AM | 00,028,800 | ---- | M] (UPEK Inc.) - C:\WINDOWS\system32\drivers\tcusb.sys

(tifm21) tifm21 [On_Demand | Running]
[11/30/2005 12:12 PM | 00,162,560 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys

(tosrfec) Bluetooth ACPI from TOSHIBA [On_Demand | Stopped]
[09/09/2005 04:47 PM | 00,009,344 | ---- | M] (TOSHIBA Corporation) - C:\WINDOWS\system32\drivers\tosrfec.sys

(TVALD) Toshiba Mobile PC Service [On_Demand | Running]
[10/20/2005 04:03 PM | 00,006,144 | ---- | M] (Toshiba Corporation) - C:\WINDOWS\system32\drivers\NBSMI.sys

(Tvs) TOSHIBA Virtual Sound with SRS technologies [On_Demand | Running]
[11/30/2005 01:01 PM | 00,043,392 | ---- | M] (TOSHIBA Corporation) - C:\WINDOWS\system32\drivers\Tvs.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0" = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 08:54 PM | 00,623,992 | ---- | M] (Adobe Systems Inc.)
"AGRSMMSG" = AGRSMMSG.exe [10/15/2005 08:29 AM | 00,088,203 | ---- | M] (Agere Systems)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.)
"CFSServ.exe" = CFSServ.exe -NoClient File not found
"dla" = C:\WINDOWS\system32\dla\DLACTRLW.exe [10/06/2005 07:20 AM | 00,122,940 | ---- | M] (Sonic Solutions)
"HP Software Update" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [03/11/2007 10:34 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"igfxhkcmd" = C:\WINDOWS\system32\hkcmd.exe [11/27/2005 11:52 PM | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" = C:\WINDOWS\system32\igfxpers.exe [11/27/2005 11:55 PM | 00,118,784 | ---- | M] (Intel Corporation)
"igfxtray" = C:\WINDOWS\system32\igfxtray.exe [11/27/2005 11:55 PM | 00,098,304 | ---- | M] (Intel Corporation)
"IntelWireless" = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless [11/28/2005 01:41 PM | 00,602,182 | ---- | M] (Intel Corporation)
"IntelZeroConfig" = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/05/2005 02:37 PM | 00,667,718 | ---- | M] (Intel Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"LtMoh" = C:\Program Files\ltmoh\Ltmoh.exe [08/18/2004 05:37 AM | 00,184,320 | ---- | M] (Agere Systems)
"MBkLogOnHook" = C:\Program Files\McAfee\MBK\LogOnHook.exe [01/08/2007 12:22 PM | 00,020,480 | ---- | M] (McAfee)
"McAfee Backup" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [01/16/2007 02:59 PM | 04,838,952 | ---- | M] (McAfee)
"mcagent_exe" = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [08/03/2007 11:33 PM | 00,582,992 | ---- | M] (McAfee, Inc.)
"McENUI" = C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide [11/30/2007 05:42 AM | 01,164,576 | ---- | M] (McAfee, Inc.)
"NDSTray.exe" = NDSTray.exe File not found
"nmapp" = "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [05/21/2008 05:26 PM | 00,451,896 | ---- | M] (Pure Networks, Inc.)
"nmctxth" = "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [05/16/2008 06:11 AM | 00,648,504 | ---- | M] (Pure Networks, Inc.)
"PadTouch" = C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe File not found
"Pinger" = c:\toshiba\ivp\ism\pinger.exe /run [03/17/2005 07:37 PM | 00,151,552 | ---- | M] (TOSHIBA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RemoteControl" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [06/28/2004 11:29 PM | 00,032,768 | ---- | M] (Cyberlink Corp.)
"SiteAdvisor" = C:\Program Files\SiteAdvisor\6172\SiteAdv.exe File not found
"SmoothView" = C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [04/26/2005 06:13 PM | 00,122,880 | ---- | M] (TOSHIBA Corporation)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [12/16/2005 02:32 AM | 00,761,945 | ---- | M] (Synaptics, Inc.)
"SynTPLpr" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [12/16/2005 02:34 AM | 00,082,009 | ---- | M] (Synaptics, Inc.)
"TDispVol" = TDispVol.exe [03/11/2005 05:03 PM | 00,073,728 | ---- | M] (TOSHIBA Corporation)
"TFncKy" = TFncKy.exe File not found
"THotkey" = C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [01/05/2006 04:02 PM | 00,352,256 | ---- | M] (TOSHIBA)
"TPSMain" = TPSMain.exe [05/31/2005 11:00 PM | 00,282,624 | ---- | M] (TOSHIBA Corporation)
"Tvs" = C:\Program Files\Toshiba\Tvs\TvsTray.exe [11/30/2005 02:25 PM | 00,073,728 | ---- | M] (TOSHIBA Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
"" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor" = "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [04/02/2006 09:07 PM | 00,389,120 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [06/16/2008 09:00 PM | 00,068,856 | ---- | M] (Google Inc.)
"TOSCDSPD" = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [12/30/2004 02:32 AM | 00,065,536 | ---- | M] (TOSHIBA)
"uicmd" = C:\WINDOWS\system32\qvsbilwv.exe [09/03/2008 02:07 PM | 00,098,304 | ---- | M] ()
"updateMgr" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 [03/30/2006 05:45 PM | 00,313,472 | ---- | M] (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-3915128730-3176523446-510038680-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor" = "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [04/02/2006 09:07 PM | 00,389,120 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [06/16/2008 09:00 PM | 00,068,856 | ---- | M] (Google Inc.)
"TOSCDSPD" = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [12/30/2004 02:32 AM | 00,065,536 | ---- | M] (TOSHIBA)
"uicmd" = C:\WINDOWS\system32\qvsbilwv.exe [09/03/2008 02:07 PM | 00,098,304 | ---- | M] ()
"updateMgr" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 [03/30/2006 05:45 PM | 00,313,472 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-3915128730-3176523446-510038680-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/24/2005 12:05 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[Jason Phillips Startup Folder - C:\Documents and Settings\Jason Phillips\Start Menu\Programs\Startup]
[10/20/2005 12:04 PM | 00,038,912 | ---- | M] () - C:\Documents and Settings\Jason Phillips\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

[Jennifer Diaz Startup Folder - C:\Documents and Settings\Jennifer Diaz\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/23/2006 12:08 AM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
HKLM CLSID: (McAfee Phishing Filter) - [11/26/2007 10:46 AM | 00,324,936 | ---- | M] () c:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
HKLM CLSID: (scriptproxy) - [10/24/2007 06:51 AM | 00,058,688 | ---- | M] (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\scriptsn.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (Adobe PDF Conversion Toolbar Helper) - [05/10/2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [07/05/2008 08:27 PM | 00,734,704 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}"
HKLM CLSID: (McAfee SiteAdvisor) - [05/16/2008 10:49 AM | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-21-3915128730-3176523446-510038680-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

========== AppInit_Dlls ==========

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
= Explorer.exe
>Explorer.exe - [06/13/2007 04:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
= C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe - [08/10/2004 06:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
= logonui.exe
>logonui.exe - [08/10/2004 06:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
= rundll32 shell32,Control_RunDLL "sysdm.cpl"
>rundll32 shell32 - [10/25/2007 09:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
>Control_RunDLL "sysdm.cpl" - [08/10/2004 06:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [11/27/2005 11:51 PM | 00,135,168 | ---- | M] (Intel Corporation)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0
"DisableTaskMgr" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"CDRAutoRun" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"CDRAutoRun" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-3915128730-3176523446-510038680-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-3915128730-3176523446-510038680-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0
"DisableTaskMgr" = 0

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk File not found
"backup" = C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [03/11/2007 10:26 PM | 00,210,520 | ---- | M] (Hewlett-Packard Co.)
"item" = HP Digital Imaging Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk File not found
"backup" = C:\WINDOWS\pss\Kodak EasyShare software.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [04/09/2003 07:56 AM | 00,598,150 | ---- | M] (Eastman Kodak Company)
"item" = Kodak EasyShare software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk File not found
"backup" = C:\WINDOWS\pss\KODAK Software Updater.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [03/13/2002 06:08 AM | 00,016,384 | ---- | M] ()
"item" = KODAK Software Updater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk File not found
"backup" = C:\WINDOWS\pss\Microsoft Office.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Microsoft Office\Office10\OSA.EXE [02/13/2001 02:01 AM | 00,083,360 | ---- | M] (Microsoft Corporation)
"item" = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk File not found
"backup" = C:\WINDOWS\pss\QuickBooks Update Agent.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [01/10/2007 04:16 PM | 00,815,104 | ---- | M] (Intuit, Inc.)
"item" = QuickBooks Update Agent

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk File not found
"backup" = C:\WINDOWS\pss\RAMASST.lnk File not found
"location" = Common Startup
"command" = C:\WINDOWS\system32\RAMASST.exe [08/28/2004 02:37 AM | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
"item" = C:\WINDOWS\system32\RAMASST.exe [08/28/2004 02:37 AM | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Jason Phillips^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"path" = C:\Documents and Settings\Jason Phillips\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk File not found
"backup" = C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnk File not found
"location" = Startup
"command" = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [04/19/2007 01:49 PM | 00,064,864 | ---- | M] (Microsoft Corporation)
"item" = Microsoft Office OneNote 2003 Quick Launch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" =
"hkey" = HKLM
"command" =
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 10:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NapsterShell]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = napster
"hkey" = HKLM
"command" = C:\Program Files\Napster\napster.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SUPERAntiSpyware
"hkey" = HKCU
"command" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleToolbarNotifier
"hkey" = HKCU
"command" = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 2
"services" = 0
"startup" = 2

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1 | ]
[12/30/2006 07:21 AM | 00,000,047 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36611836-e2d6-11da-a8d2-00a0d1df16a1}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a89e57c-abd4-11db-b3d1-0018de16ef85}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eef3ae2-9b33-11db-b3bc-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50a7f842-a089-11da-922b-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{636fb582-5cdf-11dc-b435-0018de16ef85}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9618665b-9806-11db-b3ac-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9618665c-9806-11db-b3ac-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aded77ae-a99f-11dc-b460-00a0d152cf6f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf6372e8-453b-11dc-b42e-0018de16ef85}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1c58595-9a93-11db-b3ba-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1c58596-9a93-11db-b3ba-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faeb9ba0-b421-11dc-b464-0018de16ef85}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc67a867-bef6-11dc-b466-0018de16ef85}\Shell]
"" = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{378510B8-4A4E-4C2F-9BFF-A23305D456D9}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{514F7694-DB89-49CB-8FC3-B72513274A33}]
Servers: | Description: Intel® PRO/100 VE Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D82892A0-EC0E-4DBC-9EA5-BF7F0AFE5F3D}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EB1CE7D7-867A-4652-86EE-1C0AC0ECFC5F}]
Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FD09C546-52AC-4BB4-9230-7F957BE83EB8}]
Servers: | Description: Intel® PRO/1000 PL Network Connection

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 90 days ==========

[07/13/2008 10:30 PM | ---D | C] - C:\spoolerlogs
[09/05/2008 01:33 PM | -HSD | C] - C:\Config.Msi
[09/05/2008 06:48 AM | ---D | C] - C:\rsit
[09/05/2008 06:52 AM | ---D | C] - C:\SDFix
[09/05/2008 08:40 PM | ---D | C] - C:\QooBox
[09/05/2008 01:33 PM | 00,025,272 | ---- | C] (Pure Networks, Inc.) - C:\WINDOWS\System32\drivers\purendis.sys
[09/05/2008 01:34 PM | 00,023,992 | ---- | C] (Pure Networks, Inc.) - C:\WINDOWS\System32\drivers\pnarp.sys
[1 C:\WINDOWS\System32\*.tmp files]
[06/17/2008 12:07 PM | ---D | C] - C:\WINDOWS\System32\IOSUBSYS
[07/18/2008 12:35 PM | 00,208,976 | ---- | C] () - C:\WINDOWS\System32\DNLEng.dll
[09/01/2008 08:05 AM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[09/03/2008 02:07 PM | 00,098,304 | ---- | C] () - C:\WINDOWS\System32\qvsbilwv.exe
[07/15/2008 05:47 PM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for
[07/15/2008 05:47 PM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn
[07/18/2008 12:35 PM | 00,000,026 | ---- | C] () - C:\WINDOWS\dbrmdwb.bat
[07/18/2008 12:35 PM | 00,000,633 | ---- | C] () - C:\WINDOWS\npdbplug.xpt
[07/18/2008 12:35 PM | 00,031,728 | ---- | C] (DNAML Pty Ltd) - C:\WINDOWS\dbrmdwb.exe
[07/18/2008 12:35 PM | 00,143,360 | ---- | C] (Pegasus Imaging Corp.) - C:\WINDOWS\picn1020.dll
[07/18/2008 12:35 PM | 00,143,360 | ---- | C] (Pegasus Imaging Corp.) - C:\WINDOWS\picn1120.dll
[07/18/2008 12:35 PM | 00,356,352 | ---- | C] (eSellerate Inc.) - C:\WINDOWS\eSellerateEngine.dll
[07/18/2008 12:35 PM | 01,014,752 | ---- | C] () - C:\WINDOWS\dbplugin.exe
[07/18/2008 12:35 PM | 02,416,640 | ---- | C] () - C:\WINDOWS\npdbplug.dll
[07/18/2008 12:35 PM | 02,565,600 | ---- | C] () - C:\WINDOWS\dbplugin.ocx
[09/03/2008 06:12 PM | ---D | C] - C:\WINDOWS\ERDNT
[09/05/2008 08:40 PM | 00,028,672 | ---- | C] (NirSoft) - C:\WINDOWS\Nircmd.exe
[09/05/2008 08:40 PM | 00,049,152 | ---- | C] () - C:\WINDOWS\VFind.exe
[09/05/2008 08:40 PM | 00,068,096 | ---- | C] () - C:\WINDOWS\zip.exe
[09/05/2008 08:40 PM | 00,080,412 | ---- | C] () - C:\WINDOWS\grep.exe
[09/05/2008 08:40 PM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\WINDOWS\fdsv.exe
[09/05/2008 08:40 PM | 00,098,816 | ---- | C] () - C:\WINDOWS\sed.exe
[09/05/2008 08:40 PM | 00,136,704 | ---- | C] (SteelWerX) - C:\WINDOWS\swsc.exe
[09/05/2008 08:40 PM | 00,161,792 | ---- | C] (SteelWerX) - C:\WINDOWS\swreg.exe
[09/05/2008 08:40 PM | 00,212,480 | ---- | C] (SteelWerX) - C:\WINDOWS\swxcacls.exe
[08/04/2008 07:54 PM | 00,000,284 | ---- | C] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/26/2008 09:19 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\PopCap
[09/03/2008 02:07 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\idupcnwr
[09/03/2008 06:14 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[07/10/2008 05:08 PM | 00,074,240 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\rbqt550.DLL
[07/10/2008 05:08 PM | 00,088,576 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\rbap550.dll
[07/10/2008 05:09 PM | 00,026,624 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSRegistrationPlugin8816.dll
[07/10/2008 05:09 PM | 00,027,136 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSMacTTPlugin8835.dll
[07/10/2008 05:09 PM | 00,029,184 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\RBInternetEncodings550.dll
[07/10/2008 05:09 PM | 00,035,840 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSFolderitemsPlugin8606.dll
[07/10/2008 05:09 PM | 00,038,912 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\RBShell550.dll
[07/10/2008 05:09 PM | 00,044,032 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSMainPlugin8841.dll
[07/10/2008 05:09 PM | 00,048,640 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\eSelleratePlugin.DLL
[07/10/2008 05:09 PM | 00,059,392 | -H-- | C] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSQTImporterPlugin8680.dll
[07/18/2008 12:33 PM | ---D | C] - C:\Documents and Settings\Jason Phillips\Application Data\GetRightToGo
[09/03/2008 06:14 PM | ---D | C] - C:\Documents and Settings\Jason Phillips\Application Data\Malwarebytes
[06/10/2008 04:29 PM | 00,651,213 | ---- | C] () - C:\Documents and Settings\Jason Phillips\My Documents\Darwin Project.pdf
[06/13/2008 06:00 PM | 00,036,864 | ---- | C] () - C:\Documents and Settings\Jason Phillips\My Documents\Jennifer Phillips Lesson 3.doc
[06/17/2008 06:17 PM | 00,012,208 | ---- | C] () - C:\Documents and Settings\Jason Phillips\My Documents\Make%20Your%20Own%20Ruler%20activity[1].docx
[06/30/2008 07:25 PM | 00,026,624 | -HS- | C] () - C:\Documents and Settings\Jason Phillips\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[08/22/2008 01:41 PM | 01,064,960 | ---- | C] () - C:\Documents and Settings\Jason Phillips\My Documents\Inventory Control1.mdb
[08/04/2008 07:49 PM | 00,001,615 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[09/03/2008 06:14 PM | 00,000,707 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[09/05/2008 01:37 PM | 00,001,811 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[4 C:\Documents and Settings\Jason Phillips\Desktop\*.tmp files]
[06/20/2008 03:18 PM | 00,038,463 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Paige Res Schedule 6 20 08.pdf
[06/23/2008 08:32 PM | 00,124,807 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Josh & Jason 52.75 Mile Bike Ride.pdf
[06/23/2008 12:53 PM | 00,024,064 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Rental Startup.xls
[06/26/2008 11:32 AM | ---D | C] - C:\Documents and Settings\Jason Phillips\Desktop\Paige Schedule
[06/26/2008 11:41 AM | ---D | C] - C:\Documents and Settings\Jason Phillips\Desktop\2008-06-26
[07/02/2008 07:56 PM | 01,201,679 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\MS150 Day 2 GPS.pdf
[07/02/2008 07:57 PM | 00,780,288 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\MS150 Day 1 GPS.doc
[07/02/2008 08:04 PM | 01,188,636 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\MS150 Day 1 GPS.pdf
[07/10/2008 04:35 PM | 00,355,316 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Paige Takeoff Drawings.bak
[07/10/2008 04:35 PM | 00,355,529 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Paige Takeoff Drawings.dwg
[07/13/2008 10:27 PM | 00,013,824 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Work Tree.xls
[07/16/2008 03:12 PM | ---D | C] - C:\Documents and Settings\Jason Phillips\Desktop\Paige Home
[07/18/2008 12:33 PM | ---D | C] - C:\Documents and Settings\Jason Phillips\Desktop\Downloads
[07/20/2008 07:47 PM | 00,221,715 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Moonlight Classic on GPS.pdf
[07/20/2008 07:52 PM | 00,115,752 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Dadd Gulch on GPS.pdf
[07/21/2008 08:32 PM | 00,052,804 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\norbel 6 30 08.pdf
[07/21/2008 09:34 PM | 00,014,336 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\DEBT.xls
[08/03/2008 09:50 AM | 00,015,360 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Fantasy Football 2008.xls
[08/03/2008 10:35 AM | 00,010,630 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Fantasy Football 2008.pdf
[08/28/2008 07:47 PM | 01,201,664 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Jennifers science project.doc
[09/01/2008 02:33 PM | 00,451,743 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\Teachers_2007-2008.pdf
[09/02/2008 07:48 PM | 00,015,492 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\CharlieBrown.jpg
[09/03/2008 05:47 PM | 00,001,745 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\HijackThis.lnk
[09/03/2008 06:11 PM | 00,000,603 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\ERUNT.lnk
[09/03/2008 06:11 PM | 00,000,622 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\NTREGOPT.lnk
[09/05/2008 06:47 AM | 00,304,189 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\RSIT.exe
[09/05/2008 06:51 AM | 01,446,454 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\SDFix.exe
[09/05/2008 08:39 PM | 02,846,217 | R--- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\ComboFix.exe
[09/06/2008 05:55 AM | 00,339,257 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Desktop\CleanUp452.exe
[09/03/2008 06:11 PM | 00,000,778 | ---- | C] () - C:\Documents and Settings\Jason Phillips\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[09/03/2008 06:13 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/04/2008 07:49 PM | ---D | C] - C:\Program Files\Bonjour
[08/04/2008 07:52 PM | ---D | C] - C:\Program Files\iPod
[09/03/2008 02:07 PM | ---D | C] - C:\Program Files\MSA
[09/03/2008 05:47 PM | ---D | C] - C:\Program Files\Trend Micro
[09/03/2008 06:10 PM | ---D | C] - C:\Program Files\ERUNT
[09/03/2008 06:14 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[09/06/2008 05:55 AM | ---D | C] - C:\Program Files\CleanUp!

========== Files - Modified Within 90 days ==========

[09/05/2008 08:56 PM | 10,633,09312 | -HS- | M] () - C:\hiberfil.sys
[1 C:\WINDOWS\System32\*.tmp files]
[07/18/2008 12:35 PM | 00,208,976 | ---- | M] () - C:\WINDOWS\System32\DNLEng.dll
[08/20/2008 07:28 AM | 00,065,446 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/20/2008 07:28 AM | 00,411,142 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/20/2008 07:28 AM | 00,481,548 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[09/03/2008 02:07 PM | 00,098,304 | ---- | M] () - C:\WINDOWS\System32\qvsbilwv.exe
[09/06/2008 06:03 AM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[09/06/2008 06:03 AM | 00,032,960 | ---- | M] () - C:\WINDOWS\System32\Config.MPF
[07/15/2008 05:47 PM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[07/18/2008 12:35 PM | 00,000,026 | ---- | M] () - C:\WINDOWS\dbrmdwb.bat
[07/18/2008 12:35 PM | 00,000,633 | ---- | M] () - C:\WINDOWS\npdbplug.xpt
[07/18/2008 12:35 PM | 00,031,728 | ---- | M] (DNAML Pty Ltd) - C:\WINDOWS\dbrmdwb.exe
[07/18/2008 12:35 PM | 00,143,360 | ---- | M] (Pegasus Imaging Corp.) - C:\WINDOWS\picn1020.dll
[07/18/2008 12:35 PM | 00,143,360 | ---- | M] (Pegasus Imaging Corp.) - C:\WINDOWS\picn1120.dll
[07/18/2008 12:35 PM | 00,356,352 | ---- | M] (eSellerate Inc.) - C:\WINDOWS\eSellerateEngine.dll
[07/18/2008 12:35 PM | 01,014,752 | ---- | M] () - C:\WINDOWS\dbplugin.exe
[07/18/2008 12:35 PM | 02,416,640 | ---- | M] () - C:\WINDOWS\npdbplug.dll
[07/18/2008 12:35 PM | 02,565,600 | ---- | M] () - C:\WINDOWS\dbplugin.ocx
[08/03/2008 08:54 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/16/2008 06:30 PM | 00,003,833 | ---- | M] () - C:\WINDOWS\machine.ver
[08/16/2008 09:11 AM | 00,000,743 | ---- | M] () - C:\WINDOWS\win.ini
[08/16/2008 09:25 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[09/05/2008 08:47 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[09/05/2008 08:56 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/04/2008 07:54 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/05/2008 08:56 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[07/10/2008 05:08 PM | 00,074,240 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\rbqt550.DLL
[07/10/2008 05:09 PM | 00,026,624 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSRegistrationPlugin8816.dll
[07/10/2008 05:09 PM | 00,027,136 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSMacTTPlugin8835.dll
[07/10/2008 05:09 PM | 00,029,184 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\RBInternetEncodings550.dll
[07/10/2008 05:09 PM | 00,035,840 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSFolderitemsPlugin8606.dll
[07/10/2008 05:09 PM | 00,038,912 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\RBShell550.dll
[07/10/2008 05:09 PM | 00,044,032 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSMainPlugin8841.dll
[07/10/2008 05:09 PM | 00,048,640 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\eSelleratePlugin.DLL
[07/10/2008 05:09 PM | 00,059,392 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\MBSQTImporterPlugin8680.dll
[07/10/2008 05:09 PM | 00,088,576 | -H-- | M] () - C:\Documents and Settings\Jason Phillips\Application Data\rbap550.dll
[06/10/2008 04:29 PM | 00,651,213 | ---- | M] () - C:\Documents and Settings\Jason Phillips\My Documents\Darwin Project.pdf
[06/13/2008 07:10 PM | 00,036,864 | ---- | M] () - C:\Documents and Settings\Jason Phillips\My Documents\Jennifer Phillips Lesson 3.doc
[06/17/2008 06:17 PM | 00,012,208 | ---- | M] () - C:\Documents and Settings\Jason Phillips\My Documents\Make%20Your%20Own%20Ruler%20activity[1].docx
[06/20/2008 03:18 PM | 00,296,960 | ---- | M] () - C:\Documents and Settings\Jason Phillips\My Documents\Paige Schedule starting wi