Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Operating memory - Win32/Olmarik trojan - unable to clean [Solved]

Started by mjacko , Jan 15 2010 04:06 AM

  • This topic is locked This topic is locked

#1
mjacko
Posted 15 January 2010 - 04:06 AM

mjacko

    Member

  • Member
  • PipPip
  • 11 posts
Hi all,

My NOD32 detects this Olmarik trojan in the operating memory, but it is unable to remove it. I'm hoping that I can find some help here. Thanks in advance!

This is the only definite problem source that I can identify. A few other recent concerns include:
-My writable DVD drive no longer detects blank DVDs
-I am unable to connect to Internet Explorer and the iTunes store (Firefox works, however)
-Upon login I have false crash messages pertaining the Windows Explorer, ViewMgr, Google Installer and SVChost (SVC in safe mode only). They have "encountered a problem and need to shut down." When I click "don't send," my computer crashes.

Are some/all/none of these issues related to the trojan?

Edited by mjacko, 15 January 2010 - 04:08 AM.

  • 0

Advertisements

#2
Rorschach112
Posted 15 January 2010 - 07:19 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#3
mjacko
Posted 15 January 2010 - 12:09 PM

mjacko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you for the reply. I've tried running the scan a few times, and about 10 seconds in the program freezes on "scanning NT drivers32." I gave it about 20 minutes on two occasions and it just becomes unresponsive without proceeding any further.

EDIT: Never mind... I turned System Restore back on and it ran fine. I'll post the logs in a moment.

Edited by mjacko, 15 January 2010 - 12:15 PM.

  • 0

#4
mjacko
Posted 15 January 2010 - 12:20 PM

mjacko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 1/15/2010 11:11:30 AM - Run 1
OTL by OldTimer - Version 3.1.25.0 Folder = C:\Documents and Settings\Jacko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 39.52 Gb Free Space | 53.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 282.41 Gb Free Space | 60.65% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKO
Current User Name: Jacko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/15 10:31:25 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/15 10:19:47 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacko\Desktop\OTL.exe
PRC - [2010/01/08 23:27:55 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/08 23:27:53 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/16 09:04:30 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09:03:32 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 11:39:19 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/09/17 17:18:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jacko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 08:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/07 12:20:40 | 00,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/07/24 13:22:50 | 00,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 13:22:12 | 00,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/06/10 01:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/09 08:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 17:12:18 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\dwwin.exe
PRC - [2007/01/19 09:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2005/09/20 06:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
PRC - [2005/09/20 06:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2004/04/05 14:18:58 | 00,307,200 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2003/11/18 01:46:34 | 01,069,056 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2003/11/13 13:51:56 | 00,253,952 | ---- | M] (Stardock) -- C:\Program Files\Common Files\Stardock\SDMCP.exe
PRC - [2003/02/10 02:52:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2002/08/29 03:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
PRC - [2002/08/14 16:22:52 | 00,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/04/04 10:56:10 | 00,163,840 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe


========== Modules (SafeList) ==========

MOD - [2010/01/15 10:19:47 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacko\Desktop\OTL.exe
MOD - [2003/08/11 16:45:32 | 00,049,152 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - File not found [Auto | Stopped] -- -- (.NET Runtime Optimization Service v1.000.3.1434)
SRV - [2010/01/08 23:27:53 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/16 09:12:54 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 00,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/06/05 08:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/07 18:21:00 | 00,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/12/12 08:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/07 12:20:40 | 00,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/09/17 12:52:00 | 00,139,264 | R--- | M] () [Auto | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2008/07/24 13:22:50 | 00,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/07/18 10:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 10:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/09 08:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/01/31 20:46:09 | 01,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/11/06 19:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 19:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/03 22:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/04/05 14:18:58 | 00,307,200 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2003/11/02 20:33:06 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2003/04/04 11:54:50 | 00,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2003/03/03 11:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/02/10 02:52:30 | 00,114,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002/04/04 10:56:10 | 00,163,840 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)


========== Driver Services (SafeList) ==========

DRV - [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/02 06:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/16 09:06:50 | 00,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - [2009/11/16 09:03:36 | 00,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 00,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys -- (eamon)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/05 14:58:40 | 00,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/05/24 01:15:00 | 00,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/01/17 09:37:19 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2007/01/17 09:37:18 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2007/01/17 09:37:17 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2006/10/04 19:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 19:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/27 14:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/12/11 09:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\ANIO.sys -- (ANIO)
DRV - [2005/09/20 07:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/08/03 22:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/09/04 08:04:08 | 00,019,456 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2003/08/19 23:02:26 | 00,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/08/19 23:02:26 | 00,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2003/08/19 23:02:26 | 00,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/08/19 23:02:26 | 00,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/04/15 08:40:54 | 00,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 08:40:46 | 00,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/04/15 08:39:54 | 00,011,319 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\a302.sys -- ({E6759E0C-470B-44DC-A4A1-627E68BB3A85})
DRV - [2003/04/04 12:07:20 | 00,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2003/03/08 13:51:50 | 00,121,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e1000325.sys -- (E1000) Intel®
DRV - [2003/02/28 07:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2002/12/18 02:31:06 | 00,036,064 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Asfalrt.sys -- (AsfAlrt)
DRV - [2002/12/17 10:27:32 | 00,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/11/08 11:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/29 14:38:10 | 00,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/29 14:37:36 | 01,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/29 14:31:28 | 00,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/10/07 07:29:48 | 00,011,027 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/08/29 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 11:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/23 12:00:00 | 00,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.planolibrary.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://gmail.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..keyword.URL: "http://search.livein...nfopro.com/?s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.livein...nfopro.com/?s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 10:31:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/15 10:31:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/14 15:21:12 | 00,000,000 | ---D | M]

[2008/09/01 14:46:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Mozilla\Extensions
[2010/01/13 22:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Mozilla\Firefox\Profiles\p7chziqk.default\extensions
[2008/02/18 08:25:40 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Jacko\Application Data\Mozilla\Firefox\Profiles\p7chziqk.default\searchplugins\aolsearch.xml
[2010/01/15 00:52:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 22:04:25 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/06/13 12:07:46 | 06,276,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2009/11/18 07:03:18 | 00,002,033 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: (36764 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D6B9BF08-887E-4DCD-94E3-09F8724BE5C2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D6B9BF08-887E-4DCD-94E3-09F8724BE5C2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F50CE767-AE72-45EB-AECD-E8786C240373} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Generic Proc] File not found
O4 - HKCU..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()
O4 - HKCU..\Run: [Windows Generic Proc] File not found
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - HKLM..\RunServices: [Windows Generic Proc] File not found
O4 - HKCU..\RunServices: [Windows Generic Proc] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus G\AIRPLUS.exe (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Jacko\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1408.g.akama...iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} http://www.surfsecre...PEInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} http://webpdp.gator....ptdmgainads.cab (Reg Error: Key error.)
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} http://c03.tellmemor...in/tol7inst.cab (InstallerCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\hhsedt32.exe) - C:\WINDOWS\System32\hhsedt32.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O21 - SSODL: Internet Player - {5FBA5DFD-26B7-4F56-A9FB-62B44E8AC81D} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\Jacko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jacko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 11:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 00,000,052 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/05/19 02:12:38 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O33 - MountPoints2\{44133932-8913-11de-bb8d-000bdb78146d}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2008/12/03 13:38:50 | 00,319,488 | ---- | M] (Western Digital Corporation)
O33 - MountPoints2\{f31f3d93-6e61-11de-bb88-00119592ac86}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2008/12/03 13:38:50 | 00,319,488 | ---- | M] (Western Digital Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/08/19 22:35:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "gusvc"
MsConfig - Services: "Apple Mobile Device"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Jacko^Start Menu^Programs^Startup^YouTube Uploader.lnk - C:\DOCUME~1\Jacko\LOCALS~1\APPLIC~1\YouTube\Uploader\YOUTUB~1.EXE - File not found
MsConfig - StartUpReg: AdaptecDirectCD - hkey= - key= - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
MsConfig - StartUpReg: Desktop Architect - hkey= - key= - C:\Program Files\Desktop Architect\datray.exe File not found
MsConfig - StartUpReg: DIGStream - hkey= - key= - C:\Program Files\DIGStream\digstream.exe File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: MioNet - hkey= - key= - C:\Program Files\MioNet\MioNetLauncher.exe ()
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: settdebugx.exe - hkey= - key= - C:\DOCUME~1\Jacko\LOCALS~1\Temp\settdebugx.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\8502d524-b674-4e90-9632-1ebbca423e91.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WD Anywhere Backup - hkey= - key= - C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
MsConfig - StartUpReg: Windows Media Player - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: 31
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/01/15 10:19:41 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jacko\Desktop\OTL.exe
[2010/01/14 17:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\ESET
[2010/01/14 16:18:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/14 16:17:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/01/14 15:21:11 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/14 15:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/14 09:19:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\Symantec
[2010/01/13 23:17:48 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jacko\Recent
[2010/01/13 11:07:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Application Data\Malwarebytes
[2010/01/13 10:31:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/13 00:56:57 | 00,000,000 | ---D | C] -- C:\Program Files\flytunes
[2010/01/13 00:40:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/13 00:40:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/13 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Application Data\SUPERAntiSpyware.com
[2010/01/13 00:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/13 00:01:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\Tific
[2010/01/13 00:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Application Data\Tific
[2010/01/12 23:45:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/01/12 23:25:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\ICS
[2010/01/12 19:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/01/12 13:00:46 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/09 10:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\Move Networks
[2010/01/08 23:29:31 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/08 23:25:17 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/08 18:49:30 | 00,093,872 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/01/08 18:49:30 | 00,027,944 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/01/08 18:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/01/08 18:44:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\My Documents\a-squared Free
[2010/01/08 18:42:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/08 18:42:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/03 22:42:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/03 22:12:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/03 22:12:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/03 22:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Application Data\AVG8
[2010/01/03 21:00:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\ecjrxn
[2010/01/03 20:50:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/06 02:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Choral fantasia
[2009/10/30 10:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\BPO Docs
[2009/10/13 23:13:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\LSO Library Sheet Music
[2009/10/07 00:45:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\DMA
[2009/09/29 22:08:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Writing Samples
[2009/09/08 12:05:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Denver Files
[2009/09/05 00:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 00:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/08/25 14:55:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/08/08 01:27:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/08 01:22:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/01 00:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/08 14:22:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/07 09:31:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\My Documents\My Scans
[2009/03/06 16:26:10 | 01,373,528 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzshl01.exe
[2009/03/06 16:26:09 | 01,140,056 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzmsi01.exe
[2009/03/06 16:26:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2009/02/27 08:26:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\My Documents\Downloads
[2009/02/15 22:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Job Apps
[2008/12/03 17:25:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\My Documents\Corel VideoStudio
[2008/12/03 15:23:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2008/11/04 12:43:07 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2008/09/24 13:59:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\PrimoPDF4
[2008/09/11 11:16:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/11 08:09:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/11 08:09:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/06 18:23:59 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/06 18:22:33 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/03 14:34:14 | 00,793,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpcdcs8.exe
[2008/08/13 09:48:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Computer Maintenance
[2008/07/29 19:10:04 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TsWpfWrp.exe
[2008/07/29 18:35:46 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2008/01/29 14:10:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Symantec Temporary Files
[2007/10/29 08:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/24 22:03:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2007/10/03 19:03:10 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2007/10/03 19:01:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2007/07/31 11:55:40 | 00,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2007/05/08 16:18:48 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2007/03/04 14:51:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\My Documents\Updater5
[2007/01/29 01:58:06 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2007/01/23 15:59:41 | 00,068,344 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2007/01/10 01:00:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2006/12/13 23:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2006/12/12 11:46:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2006/12/12 11:44:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2006/12/12 11:43:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2006/12/12 11:42:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2006/12/12 11:40:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2006/10/18 19:00:14 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdshextautoplay.exe
[2006/10/17 10:05:58 | 00,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2006/09/28 16:56:38 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WudfHost.exe
[2006/06/19 13:19:26 | 00,934,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2006/03/16 17:38:01 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2006/03/07 10:11:04 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2006/02/09 00:01:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2005/08/02 21:07:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/06/29 15:58:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2005/06/29 00:00:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2005/06/01 23:47:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2005/06/01 15:34:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Useful Desktop Icons
[2005/04/15 00:00:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803$
[2004/12/13 20:47:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2004/10/15 00:00:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2004/10/09 17:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/10/09 17:28:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2004/10/09 17:28:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2004/10/09 17:23:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2004/10/09 17:15:51 | 00,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2004/10/09 17:11:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2004/10/09 17:11:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2004/10/09 15:37:06 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2004/09/19 12:41:09 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Jacko\My Documents\My Videos
[2004/08/27 10:37:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2004/08/27 10:37:43 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2004/08/27 10:37:43 | 00,172,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2004/08/10 22:45:04 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmp.ocx
[2004/08/10 22:45:04 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
[2004/08/10 22:45:04 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uwdf.exe
[2004/08/04 00:56:57 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
[2004/08/04 00:56:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2004/08/04 00:56:57 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl
[2004/08/04 00:56:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2004/08/04 00:56:57 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2004/08/04 00:56:56 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2004/08/04 00:56:56 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2004/08/04 00:56:56 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2004/08/04 00:56:56 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2004/08/04 00:56:56 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2004/08/04 00:56:55 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2004/05/02 17:17:10 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbisurf.ax
[2004/04/06 12:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\WINDOWS
[2004/04/05 15:15:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2004/03/14 15:16:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\speech
[2004/03/14 13:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Downloads
[2004/03/14 03:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\My Documents\Scores
[2004/02/10 23:52:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\wt
[2003/11/15 23:55:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2003/11/03 14:57:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2003/10/15 13:50:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\My Documents\download
[2003/09/26 13:14:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2003/09/22 10:54:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Lame Desktop Icons
[2003/09/22 09:02:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2003/09/15 17:34:17 | 00,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2003/09/15 17:34:09 | 00,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2003/09/04 20:21:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2003/09/03 12:52:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Windows Update Setup Files
[2003/09/03 12:52:10 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2003/09/03 12:08:59 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jacko\UserData
[2003/09/01 17:41:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Desktop\Jacko's Stuff
[2003/08/29 09:05:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Jacko\My Documents\My Pictures
[2003/08/29 09:05:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Jacko\My Documents\My Music
[2003/08/29 09:05:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Jacko\Favorites
[2003/08/29 09:05:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jacko\SendTo
[2003/08/29 09:05:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jacko\Application Data
[2003/08/29 09:05:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jacko\Start Menu
[2003/08/29 09:05:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jacko\My Documents
[2003/08/29 09:05:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jacko\Desktop
[2003/08/29 09:05:55 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jacko\Cookies
[2003/08/29 09:05:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Jacko\Templates
[2003/08/29 09:05:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Jacko\PrintHood
[2003/08/29 09:05:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Jacko\NetHood
[2003/08/29 09:05:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Jacko\Local Settings
[2003/08/19 23:02:24 | 00,057,344 | ---- | C] (Roxio) -- C:\WINDOWS\uneng.exe
[2003/08/19 23:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\DellPCH
[2003/08/19 22:58:20 | 00,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2003/08/19 22:53:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1hfm.exe
[2003/08/19 22:47:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2003/08/19 22:44:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2003/08/19 22:36:24 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2003/08/19 22:36:22 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2003/08/19 22:36:22 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2003/08/19 22:36:22 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2003/08/19 22:36:22 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2003/08/19 22:36:22 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2003/08/19 22:36:22 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2003/08/19 22:36:22 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2003/08/19 22:36:22 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2003/08/19 22:36:22 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2003/08/19 22:36:22 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2003/08/19 22:36:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2003/08/19 22:36:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2003/08/19 22:36:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2003/08/19 22:36:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\SRCHASST
[2003/08/19 22:36:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2003/08/19 22:36:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\TWAIN_32
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\MUI
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\MSAPPS
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\IME
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2003/08/19 22:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2003/08/19 22:36:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\SECURITY
[2003/08/19 22:36:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2003/08/19 22:36:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2003/08/19 22:36:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ADDINS
[2003/08/19 22:36:02 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2003/08/19 22:36:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2003/08/19 22:36:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\JAVA
[2003/08/19 22:36:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2003/08/19 22:36:00 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2003/08/19 22:36:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\MSAGENT
[2003/08/19 22:36:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2003/08/19 22:35:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2003/08/19 22:35:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\INF
[2003/08/19 22:35:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XIRCOM
[2003/08/19 22:35:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM
[2003/08/19 22:35:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\REPAIR
[2003/08/19 22:35:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2003/08/19 22:35:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\USMT
[2003/08/19 22:35:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\OOBE
[2003/08/19 22:35:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NPP
[2003/08/19 22:35:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MUI
[2003/08/19 22:35:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\WINS
[2003/08/19 22:35:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\WBEM
[2003/08/19 22:35:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SPOOL
[2003/08/19 22:35:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2003/08/19 22:35:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2003/08/19 22:35:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RAS
[2003/08/19 22:35:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32
[2003/05/11 18:13:52 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2003/05/11 18:12:10 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2003/03/11 14:15:56 | 00,077,824 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\PRApplet.cpl
[2003/03/03 06:24:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Q330994.exe
[2003/03/03 06:24:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieuninst.exe
[2003/02/10 08:58:20 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2002/12/17 15:43:00 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2002/12/17 11:03:02 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2002/11/20 08:50:52 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2002/08/29 03:00:00 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2002/08/29 03:00:00 | 01,200,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2002/08/29 03:00:00 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr
[2002/08/29 03:00:00 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr
[2002/08/29 03:00:00 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2002/08/29 03:00:00 | 00,610,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr
[2002/08/29 03:00:00 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2002/08/29 03:00:00 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
[2002/08/29 03:00:00 | 00,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2002/08/29 03:00:00 | 00,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2002/08/29 03:00:00 | 00,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr
[2002/08/29 03:00:00 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2002/08/29 03:00:00 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2002/08/29 03:00:00 | 00,329,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2002/08/29 03:00:00 | 00,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2002/08/29 03:00:00 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe
[2002/08/29 03:00:00 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2002/08/29 03:00:00 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8ds32.ax
[2002/08/29 03:00:00 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tracerpt.exe
[2002/08/29 03:00:00 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvds32.ax
[2002/08/29 03:00:00 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nusrmgr.cpl
[2002/08/29 03:00:00 | 00,256,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\WINHELP.EXE
[2002/08/29 03:00:00 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysmon.ocx
[2002/08/29 03:00:00 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unimdm.tsp
[2002/08/29 03:00:00 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscript.exe
[2002/08/29 03:00:00 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2002/08/29 03:00:00 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2002/08/29 03:00:00 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2002/08/29 03:00:00 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SNDVOL32.EXE
[2002/08/29 03:00:00 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
[2002/08/29 03:00:00 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshom.ocx
[2002/08/29 03:00:00 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RSVP.EXE
[2002/08/29 03:00:00 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2002/08/29 03:00:00 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSHEARTS.EXE
[2002/08/29 03:00:00 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2002/08/29 03:00:00 | 00,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NWSCRIPT.EXE
[2002/08/29 03:00:00 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2002/08/29 03:00:00 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
[2002/08/29 03:00:00 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINMINE.EXE
[2002/08/29 03:00:00 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.cpl
[2002/08/29 03:00:00 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe
[2002/08/29 03:00:00 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2002/08/29 03:00:00 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
[2002/08/29 03:00:00 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2002/08/29 03:00:00 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2002/08/29 03:00:00 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsnotify.exe
[2002/08/29 03:00:00 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysocmgr.exe
[2002/08/29 03:00:00 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VERIFIER.EXE
[2002/08/29 03:00:00 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2002/08/29 03:00:00 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\timedate.cpl
[2002/08/29 03:00:00 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.rll
[2002/08/29 03:00:00 | 00,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMIDX.OCX
[2002/08/29 03:00:00 | 00,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogsvc.exe
[2002/08/29 03:00:00 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\sl_anet.acm
[2002/08/29 03:00:00 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2002/08/29 03:00:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2002/08/29 03:00:00 | 00,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\proctexe.ocx
[2002/08/29 03:00:00 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe
[2002/08/29 03:00:00 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe
[2002/08/29 03:00:00 | 00,077,891 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\USRMLNKA.EXE
[2002/08/29 03:00:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMPSTUB.EXE
[2002/08/29 03:00:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2002/08/29 03:00:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe
[2002/08/29 03:00:00 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdbinst.exe
[2002/08/29 03:00:00 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe
[2002/08/29 03:00:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotesp.tsp
[2002/08/29 03:00:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2002/08/29 03:00:00 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2002/08/29 03:00:00 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\taskkill.exe
[2002/08/29 03:00:00 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2002/08/29 03:00:00 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvr.exe
[2002/08/29 03:00:00 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systeminfo.exe
[2002/08/29 03:00:00 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe
[2002/08/29 03:00:00 | 00,069,700 | ---- | C] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\USRSHUTA.EXE
[2002/08/29 03:00:00 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.exe
[2002/08/29 03:00:00 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msscds32.ax
[2002/08/29 03:00:00 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2002/08/29 03:00:00 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\notepad.exe
[2002/08/29 03:00:00 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2002/08/29 03:00:00 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2002/08/29 03:00:00 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\openfiles.exe
[2002/08/29 03:00:00 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2002/08/29 03:00:00 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2002/08/29 03:00:00 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wextract.exe
[2002/08/29 03:00:00 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RSOPPROV.EXE
[2002/08/29 03:00:00 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2002/08/29 03:00:00 | 00,061,508 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\USRPRBDA.EXE
[2002/08/29 03:00:00 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntadmn.exe
[2002/08/29 03:00:00 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2002/08/29 03:00:00 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe
[2002/08/29 03:00:00 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SOL.EXE
[2002/08/29 03:00:00 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe
[2002/08/29 03:00:00 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ndptsp.tsp
[2002/08/29 03:00:00 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2002/08/29 03:00:00 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SYNCAPP.EXE
[2002/08/29 03:00:00 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2002/08/29 03:00:00 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2002/08/29 03:00:00 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reg.exe
[2002/08/29 03:00:00 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2002/08/29 03:00:00 | 00,049,680 | ---- | C] (Twain Working Group) -- C:\WINDOWS\TWUNK_16.EXE
[2002/08/29 03:00:00 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W32TM.EXE
[2002/08/29 03:00:00 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RSMUI.EXE
[2002/08/29 03:00:00 | 00,049,152 | ---- | C] (Microsoft Corp) -- C:\WINDOWS\System32\RSM.EXE
[2002/08/29 03:00:00 | 00,047,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\USER.EXE
[2002/08/29 03:00:00 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr
[2002/08/29 03:00:00 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2002/08/29 03:00:00 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2002/08/29 03:00:00 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2002/08/29 03:00:00 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OSUNINST.EXE
[2002/08/29 03:00:00 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SYSKEY.EXE
[2002/08/29 03:00:00 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NWC.CPL
[2002/08/29 03:00:00 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe
[2002/08/29 03:00:00 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TYPEPERF.EXE
[2002/08/29 03:00:00 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe
[2002/08/29 03:00:00 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NCPA.CPL
[2002/08/29 03:00:00 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINCHAT.EXE
[2002/08/29 03:00:00 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2002/08/29 03:00:00 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VSSADMIN.EXE
[2002/08/29 03:00:00 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\REGINI.EXE
[2002/08/29 03:00:00 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
[2002/08/29 03:00:00 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PING6.EXE
[2002/08/29 03:00:00 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2002/08/29 03:00:00 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RELOG.EXE
[2002/08/29 03:00:00 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccp32.cpl
[2002/08/29 03:00:00 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2002/08/29 03:00:00 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WUPDMGR.EXE
[2002/08/29 03:00:00 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
[2002/08/29 03:00:00 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TRACERT6.EXE
[2002/08/29 03:00:00 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NTSD.EXE
[2002/08/29 03:00:00 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe
[2002/08/29 03:00:00 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xcopy.exe
[2002/08/29 03:00:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TELEPHON.CPL
[2002/08/29 03:00:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2002/08/29 03:00:00 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2002/08/29 03:00:00 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe
[2002/08/29 03:00:00 | 00,025,600 | ---- | C] (Twain Working Group) -- C:\WINDOWS\TWUNK_32.EXE
[2002/08/29 03:00:00 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ROUTEMON.EXE
[2002/08/29 03:00:00 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2002/08/29 03:00:00 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe
[2002/08/29 03:00:00 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RSMSINK.EXE
[2002/08/29 03:00:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2002/08/29 03:00:00 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2002/08/29 03:00:00 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\QWINSTA.EXE
[2002/08/29 03:00:00 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2002/08/29 03:00:00 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PATHPING.EXE
[2002/08/29 03:00:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr
[2002/08/29 03:00:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NBTSTAT.EXE
[2002/08/29 03:00:00 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr
[2002/08/29 03:00:00 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ROUTE.EXE
[2002/08/29 03:00:00 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2002/08/29 03:00:00 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSGSM32.ACM
[2002/08/29 03:00:00 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TCPSVCS.EXE
[2002/08/29 03:00:00 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shutdown.exe
[2002/08/29 03:00:00 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2002/08/29 03:00:00 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr
[2002/08/29 03:00:00 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2002/08/29 03:00:00 | 00,018,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SYSEDIT.EXE
[2002/08/29 03:00:00 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WIN.COM
[2002/08/29 03:00:00 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe
[2002/08/29 03:00:00 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2002/08/29 03:00:00 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe
[2002/08/29 03:00:00 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TSSHUTDN.EXE
[2002/08/29 03:00:00 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TFTP.EXE
[2002/08/29 03:00:00 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stdole2.tlb
[2002/08/29 03:00:00 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\QAPPSRV.EXE
[2002/08/29 03:00:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TSKILL.EXE
[2002/08/29 03:00:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simpdata.tlb
[2002/08/29 03:00:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RUNAS.EXE
[2002/08/29 03:00:00 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RWINSTA.EXE
[2002/08/29 03:00:00 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2002/08/29 03:00:00 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2002/08/29 03:00:00 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TASKMAN.EXE
[2002/08/29 03:00:00 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PENTNT.EXE
[2002/08/29 03:00:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TSDISCON.EXE
[2002/08/29 03:00:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TSCON.EXE
[2002/08/29 03:00:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe
[2002/08/29 03:00:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SHADOW.EXE
[2002/08/29 03:00:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe
[2002/08/29 03:00:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2002/08/29 03:00:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr
[2002/08/29 03:00:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2002/08/29 03:00:00 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe
[2002/08/29 03:00:00 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2002/08/29 03:00:00 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2002/08/29 03:00:00 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2002/08/29 03:00:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tree.com
[2002/08/29 03:00:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
[2002/08/29 03:00:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\REPLACE.EXE
[2002/08/29 03:00:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert.exe
[2002/08/29 03:00:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TCMSETUP.EXE
[2002/08/29 03:00:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2002/08/29 03:00:00 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINMSD.EXE
[2002/08/29 03:00:00 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2002/08/29 03:00:00 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RASAUTOU.EXE
[2002/08/29 03:00:00 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe
[2002/08/29 03:00:00 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RASDIAL.EXE
[2002/08/29 03:00:00 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WOWEXEC.EXE
[2002/08/29 03:00:00 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2002/08/29 03:00:00 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SPRESTRT.EXE
[2002/08/29 03:00:00 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SFC.EXE
[2002/08/29 03:00:00 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RESET.EXE
[2002/08/29 03:00:00 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SUBST.EXE
[2002/08/29 03:00:00 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scrnsave.scr
[2002/08/29 03:00:00 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2002/08/29 03:00:00 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PRINT.EXE
[2002/08/29 03:00:00 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2002/08/29 03:00:00 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINHLP32.EXE
[2002/08/29 03:00:00 | 00,008,192 | ---- | C] (DSP GROUP, INC.) -- C:\WINDOWS\System32\TSSOFT32.ACM
[2002/08/29 03:00:00 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STDOLE32.TLB
[2002/08/29 03:00:00 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RECOVER.EXE
[2002/08/29 03:00:00 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSWCHX.EXE
[2002/08/29 03:00:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WRITE.EXE
[2002/08/29 03:00:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winver.exe
[2002/08/29 03:00:00 | 00,005,532 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\STDOLE.TLB
[2002/08/29 03:00:00 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2002/08/29 03:00:00 | 00,004,608 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\REGWIZ.EXE
[2002/08/29 03:00:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\UNLODCTR.EXE
[2002/08/29 03:00:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe
[2002/08/29 03:00:00 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2002/08/29 03:00:00 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\REGEDT32.EXE
[2002/08/29 03:00:00 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2002/08/29 03:00:00 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SYSTRAY.EXE
[2002/08/29 03:00:00 | 00,002,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WOWDEB.EXE
[2002/08/29 03:00:00 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2002/08/29 03:00:00 | 00,002,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSPOOL.EXE
[2002/08/29 03:00:00 | 00,002,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINOLDAP.MOD
[2002/08/29 03:00:00 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2002/08/29 03:00:00 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2002/08/29 03:00:00 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2002/08/29 03:00:00 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2000/05/22 14:58:12 | 00,166,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msmask32.ocx
[2000/05/22 14:58:12 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.ocx
[2000/03/15 22:56:32 | 00,069,632 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\voxmvdec.ax
[2000/03/15 22:56:32 | 00,069,632 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\voxmsdec.ax
[1999/10/30 00:36:42 | 00,281,600 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\mvoice.vwp
[1999/10/30 00:36:42 | 00,082,944 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\vct3216.acm
[1999/10/30 00:36:40 | 00,424,960 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\msms001.vwp
[1999/01/12 09:39:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\delttsul.exe
[1999/01/05 13:30:02 | 00,225,280 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\VSFLEX3.OCX
[1998/03/24 09:44:06 | 00,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAEND32.OLB
[1998/03/24 09:44:06 | 00,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAEN32.OLB
[1996/12/03 10:50:14 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VEN2232.OLB
[1979/12/31 22:00:00 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[1979/12/31 22:00:00 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[1979/12/31 22:00:00 | 00,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[52 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[278 C:\Documents and Settings\Jacko\Desktop\*.tmp files -> C:\Documents and Settings\Jacko\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/15 10:45:04 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/01/15 10:19:47 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacko\Desktop\OTL.exe
[2010/01/15 05:29:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/15 01:04:10 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/15 01:04:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/15 01:04:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/15 01:04:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/15 01:02:24 | 00,122,880 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\Calendar of Chores.doc
[2010/01/14 17:28:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1054972002-3138208589-949334985-1005Core.job
[2010/01/14 16:29:30 | 00,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/14 16:28:01 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1054972002-3138208589-949334985-1005UA.job
[2010/01/14 15:51:15 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{F61C4F0B-523E-4D3C-AC5C-04B010DACD99}
[2010/01/14 15:50:46 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/14 15:48:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/14 15:48:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/14 15:48:10 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/14 15:46:57 | 10,223,616 | -H-- | M] () -- C:\Documents and Settings\Jacko\NTUSER.DAT
[2010/01/14 15:46:57 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jacko\NTUSER.INI
[2010/01/14 09:26:47 | 00,054,208 | ---- | M] () -- C:\Documents and Settings\Jacko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/14 09:06:49 | 00,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 11:17:16 | 00,036,764 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/01/13 01:08:01 | 00,509,996 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/13 01:08:01 | 00,433,698 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/01/13 01:08:01 | 00,067,984 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/01/13 00:23:22 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010/01/12 19:11:02 | 00,764,492 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/01/11 23:44:43 | 00,007,800 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\Michael A. Jacko - Resume with References.pdf
[2010/01/11 23:14:14 | 00,005,296 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\Michael A. Jacko - Cover Letter.pdf
[2010/01/11 23:13:40 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\Castleton 2010 cover letter.doc
[2010/01/11 02:43:23 | 00,207,360 | ---- | M] () -- C:\Documents and Settings\Jacko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 10:20:20 | 00,000,711 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/01/09 10:20:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/03 23:04:42 | 00,000,202 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat
[2010/01/01 21:43:02 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\aspen librarian cover letter.doc
[2010/01/01 21:42:59 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\job app info dec 2009.doc
[2010/01/01 20:10:28 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 07:43:32 | 22,722,973 | ---- | M] () -- C:\Program Files\PROCESSLIST.DB
[2009/12/28 07:43:04 | 01,280,973 | ---- | M] () -- C:\Program Files\PROCESSLISTRELATED.DB
[52 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[278 C:\Documents and Settings\Jacko\Desktop\*.tmp files -> C:\Documents and Settings\Jacko\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/14 17:31:32 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/14 17:31:31 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/14 17:31:30 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/14 16:29:30 | 00,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/14 15:39:16 | 10,716,97920 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/13 00:40:30 | 22,722,973 | ---- | C] () -- C:\Program Files\PROCESSLIST.DB
[2010/01/13 00:40:30 | 01,280,973 | ---- | C] () -- C:\Program Files\PROCESSLISTRELATED.DB
[2010/01/12 19:04:08 | 00,764,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/01/12 16:33:47 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/11 23:44:32 | 00,007,800 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Michael A. Jacko - Resume with References.pdf
[2010/01/11 23:14:10 | 00,005,296 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Michael A. Jacko - Cover Letter.pdf
[2010/01/11 23:13:40 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Castleton 2010 cover letter.doc
[2010/01/10 11:37:14 | 00,122,880 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Calendar of Chores.doc
[2010/01/09 08:43:01 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/08 23:30:20 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/01 21:43:01 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\aspen librarian cover letter.doc
[2010/01/01 21:42:55 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\job app info dec 2009.doc
[2010/01/01 20:13:11 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat
[2010/01/01 20:10:28 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/11/20 07:45:54 | 00,000,436 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2009/10/30 09:22:38 | 00,379,404 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Mike's immunization records.jpg
[2009/10/20 08:13:13 | 00,119,066 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\DOC405.PDF
[2009/10/11 11:33:32 | 00,000,499 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Configuration Utility.lnk
[2009/09/24 16:29:21 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Composite resume update.doc
[2009/09/23 09:31:29 | 00,453,505 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\la procesion.pdf
[2009/09/17 17:18:26 | 00,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1054972002-3138208589-949334985-1005UA.job
[2009/09/17 17:18:20 | 00,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1054972002-3138208589-949334985-1005Core.job
[2009/08/28 12:48:38 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Workshop applications 2009-2010.doc
[2009/06/26 13:06:14 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\job app info.doc
[2009/05/01 12:19:19 | 00,788,120 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Mahler terms.pdf
[2009/03/06 16:50:05 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jacko\Ÿ9Ÿ9
[2009/03/06 16:26:09 | 00,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/03/06 16:05:33 | 00,176,414 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2009/03/06 16:05:33 | 00,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/02/16 09:32:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/02/13 15:08:21 | 00,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/12/03 15:27:10 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/03 15:27:10 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/03 15:27:10 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/03 15:27:10 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/03 15:27:10 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/03 15:27:10 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/04 12:43:06 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/09/24 13:59:24 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/09/24 13:46:38 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/09/06 18:19:06 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/03 14:34:36 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySWMV2AVI.dat
[2008/09/03 14:34:16 | 00,316,640 | ---- | C] () -- C:\WINDOWS\System32\WMSysPr9.prx
[2008/09/03 14:34:16 | 00,156,910 | ---- | C] () -- C:\WINDOWS\System32\WMSysPr8.prx
[2008/09/03 14:34:14 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/04/07 10:08:27 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/04/07 10:08:27 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/02/29 00:21:22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2007/11/18 22:31:23 | 00,000,188 | ---- | C] () -- C:\WINDOWS\Vstudio.INI
[2007/11/18 22:22:41 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2007/10/10 04:20:08 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/04 12:45:44 | 00,001,173 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/10/04 12:45:44 | 00,000,040 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2007/09/03 20:43:23 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/05/08 16:18:48 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2006/09/01 05:44:04 | 00,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2006/06/29 12:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 12:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/08 10:06:50 | 00,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls
[2006/06/08 10:06:50 | 00,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls
[2006/06/08 10:06:50 | 00,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls
[2006/06/08 10:06:50 | 00,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls
[2006/06/08 10:06:50 | 00,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls
[2006/06/04 11:32:52 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/18 13:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 13:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/26 22:56:41 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/07/06 22:28:39 | 00,820,890 | ---- | C] () -- C:\WINDOWS\Firefox Wallpaper.bmp
[2005/03/21 18:38:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/16 00:33:23 | 00,019,925 | ---- | C] () -- C:\Documents and Settings\Jacko\My Documents\Platform.rtf
[2004/10/09 15:37:06 | 00,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2004/10/09 15:37:06 | 00,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/18 16:38:35 | 00,110,714 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/09/17 15:36:24 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jacko\Desktop\~$Booth.doc
[2004/09/16 20:32:37 | 00,000,795 | -H-- | C] () -- C:\Documents and Settings\Jacko\My Documents\hpothb07.tif
[2004/09/16 20:32:37 | 00,000,567 | -H-- | C] () -- C:\Documents and Settings\Jacko\My Documents\hpothb07.dat
[2004/09/16 20:32:32 | 00,000,259 | -H-- | C] () -- C:\Documents and Settings\Jacko\hpothb07.tif
[2004/09/16 20:32:32 | 00,000,165 | -H-- | C] () -- C:\Documents and Settings\Jacko\hpothb07.dat
[2004/09/16 20:32:26 | 00,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2004/09/16 20:32:26 | 00,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat
[2004/09/16 20:31:58 | 00,001,062 | -H-- | C] () -- C:\Documents and Settings\Jacko\Desktop\hpothb07.dat
[2004/09/16 20:31:57 | 00,001,539 | -H-- | C] () -- C:\Documents and Settings\Jacko\Desktop\hpothb07.tif
[2004/09/08 11:35:59 | 00,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/09/07 17:52:43 | 00,000,045 | ---- | C] () -- C:\WINDOWS\JBDEMKKJ.ini
[2004/09/07 17:51:39 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/27 12:45:28 | 00,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/08/04 00:56:57 | 00,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2004/08/04 00:56:57 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2004/08/04 00:56:57 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2004/05/02 17:17:10 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/02 17:17:10 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2004/04/28 09:21:14 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\Jacko\4dpuswodniw.ini
[2004/04/18 22:37:32 | 00,003,039 | ---- | C] () -- C:\WINDOWS\b2_t_THE+CRUCIBLE+EN+FRAN%C3%A7AIS757.xml
[2004/04/18 22:36:50 | 00,003,039 | ---- | C] () -- C:\WINDOWS\b2_t_THE+CRUCIBLE+EN+FRAN%C3%A7AIS13.xml
[2004/04/18 13:55:45 | 00,003,223 | ---- | C] () -- C:\WINDOWS\b2_t_CHEAP+INTERNATIONAL+TRAVEL%2C+COURIER+SERVICE&355.xml
[2004/04/18 13:47:34 | 00,003,223 | ---- | C] () -- C:\WINDOWS\b2_t_CHEAP+INTERNATIONAL+TRAVEL%2C+COURIER+SERVICE&459.xml
[2004/04/16 10:54:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\testfile
[2004/04/15 11:43:38 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\uinst_cp.exe
[2004/04/15 11:43:23 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\updaterinstall.dat
[2004/04/06 14:42:21 | 00,005,735 | ---- | C] () -- C:\Documents and Settings\Jacko\My Documents\silver xp.Theme
[2004/04/06 12:37:10 | 02,359,350 | ---- | C] () -- C:\WINDOWS\Theme Jacko.bmp
[2004/04/06 12:26:26 | 00,146,321 | ---- | C] () -- C:\WINDOWS\System32\plus!.hlp
[2004/04/06 12:26:26 | 00,001,300 | ---- | C] () -- C:\WINDOWS\System32\cool.dll
[2004/03/17 21:42:27 | 00,691,254 | ---- | C] () -- C:\WINDOWS\Mozilla Wallpaper.bmp
[2004/03/14 12:46:35 | 00,001,667 | ---- | C] () -- C:\Documents and Settings\Jacko\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2004/03/14 03:25:57 | 00,000,604 | -H-- | C] () -- C:\WINDOWS\T4
[2004/03/14 03:25:57 | 00,000,604 | -H-- | C] () -- C:\WINDOWS\T3
[2004/03/14 03:25:57 | 00,000,604 | -H-- | C] () -- C:\WINDOWS\System32\T2
[2004/03/14 03:25:57 | 00,000,604 | -H-- | C] () -- C:\WINDOWS\STLL Notifier
[2003/11/11 11:59:51 | 00,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/11/11 11:59:20 | 00,013,134 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/10/28 13:18:12 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Jacko\My Documents\Document in Microsoft Internet Explorer
[2003/10/11 00:07:06 | 00,003,638 | ---- | C] () -- C:\WINDOWS\System32\ppicon.ico
[2003/10/04 13:48:42 | 00,000,894 | ---- | C] () -- C:\WINDOWS\System32\SportsInteractions.ico
[2003/10/04 13:36:32 | 00,003,774 | ---- | C] () -- C:\WINDOWS\System32\rgc_48x48_05.ico
[2003/10/04 11:12:12 | 00,003,774 | ---- | C] () -- C:\WINDOWS\System32\WSM5Roses.ico
[2003/09/29 17:15:04 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2003/09/29 14:07:07 | 00,000,147 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/22 18:14:02 | 00,054,208 | ---- | C] () -- C:\Documents and Settings\Jacko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/09/15 17:34:16 | 00,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/15 17:34:10 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2003/09/15 17:34:10 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2003/09/04 20:25:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/03 20:41:51 | 00,000,731 | ---- | C] () -- C:\WINDOWS\winiini.fin
[2003/09/03 12:46:15 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2003/09/02 19:48:08 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/30 07:25:23 | 00,207,360 | ---- | C] () -- C:\Documents and Settings\Jacko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/08/29 09:05:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jacko\Application Data\DESKTOP.INI
[2003/08/29 09:05:55 | 10,223,616 | -H-- | C] () -- C:\Documents and Settings\Jacko\NTUSER.DAT
[2003/08/29 09:05:55 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Jacko\NTUSER.INI
[2003/08/29 09:05:17 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2003/08/20 07:00:35 | 00,015,231 | ---- | C] () -- C:\WINDOWS\System32\vkmleaaa.dll
[2003/08/19 23:03:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/19 23:01:37 | 00,000,567 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2003/08/19 22:58:21 | 00,218,245 | ---- | C] () -- C:\WINDOWS\orun32.isu
[2003/08/19 22:58:21 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/19 22:48:34 | 00,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/08/19 22:47:54 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2003/08/19 22:46:46 | 00,433,698 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/08/19 22:46:46 | 00,067,984 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/08/19 22:46:29 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/19 22:44:28 | 00,001,170 | ---- | C] () -- C:\WINDOWS\System32\WPA.DBL
[2003/08/19 22:37:54 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/04/16 08:40:12 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003/04/16 08:39:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll
[2003/03/09 13:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/12/18 02:31:54 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\aolninst.dll
[2002/12/18 02:31:36 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2002/11/17 12:04:42 | 00,026,934 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.license
[2002/09/03 11:43:26 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2002/09/03 11:42:44 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2002/09/03 11:35:58 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2002/09/03 11:35:56 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2002/09/03 11:33:48 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2002/09/03 11:33:40 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2002/09/03 11:33:40 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2002/09/03 11:33:40 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2002/09/03 11:33:40 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2002/09/03 11:33:40 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2002/09/03 11:26:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/09/03 06:31:46 | 13,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:46 | 00,787,356 | ---- | C] () -- C:\WINDOWS\System32\OEMBKGN1.BMP
[2002/09/03 06:31:46 | 00,005,134 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP
[2002/09/03 06:31:44 | 00,007,046 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.CAT
[2002/09/03 06:31:44 | 00,006,788 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.SIG
[2002/09/03 06:31:44 | 00,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 01,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2002/08/29 03:00:00 | 01,309,184 | ---- | C] () -- C:\WINDOWS\System32\WBDBASE.DEU
[2002/08/29 03:00:00 | 01,095,680 | ---- | C] () -- C:\WINDOWS\System32\WBDBASE.NLD
[2002/08/29 03:00:00 | 00,957,440 | ---- | C] () -- C:\WINDOWS\System32\WBDBASE.ENU
[2002/08/29 03:00:00 | 00,937,984 | ---- | C] () -- C:\WINDOWS\System32\WBDBASE.SVE
[2002/08/29 03:00:00 | 00,867,840 | ---- | C] () -- C:\WINDOWS\System32\WBDBASE.ITA
[2002/08/29 03:00:00 | 00,786,944 | ---- | C] () -- C:\WINDOWS\System32\WBDBASE.FRA
[2002/08/29 03:00:00 | 00,750,080 | ---- | C] () -- C:\WINDOWS\System32\WBDBASE.ESN
[2002/08/29 03:00:00 | 00,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 00,262,148 | ---- | C] () -- C:\WINDOWS\System32\SORTKEY.NLS
[2002/08/29 03:00:00 | 00,240,120 | ---- | C] () -- C:\WINDOWS\System32\SETUP.BMP
[2002/08/29 03:00:00 | 00,167,219 | ---- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs
[2002/08/29 03:00:00 | 00,149,848 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DEU
[2002/08/29 03:00:00 | 00,113,909 | ---- | C] () -- C:\WINDOWS\System32\uregfapi.dll
[2002/08/29 03:00:00 | 00,102,446 | ---- | C] () -- C:\WINDOWS\System32\NET.HLP
[2002/08/29 03:00:00 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\SUBRANGE.UCE
[2002/08/29 03:00:00 | 00,089,588 | ---- | C] () -- C:\WINDOWS\System32\UNICODE.NLS
[2002/08/29 03:00:00 | 00,082,944 | ---- | C] () -- C:\WINDOWS\CLOCK.AVI
[2002/08/29 03:00:00 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2002/08/29 03:00:00 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2002/08/29 03:00:00 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2002/08/29 03:00:00 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\WBCACHE.SVE
[2002/08/29 03:00:00 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\WBCACHE.NLD
[2002/08/29 03:00:00 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\WBCACHE.ITA
[2002/08/29 03:00:00 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\WBCACHE.FRA
[2002/08/29 03:00:00 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\WBCACHE.ESN
[2002/08/29 03:00:00 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\WBCACHE.ENU
[2002/08/29 03:00:00 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\WBCACHE.DEU
[2002/08/29 03:00:00 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\WMIMGMT.MSC
[2002/08/29 03:00:00 | 00,059,167 | ---- | C] () -- C:\WINDOWS\System\SETUP.INF
[2002/08/29 03:00:00 | 00,058,273 | R--- | C] () -- C:\WINDOWS\System32\PERFMON.MSC
[2002/08/29 03:00:00 | 00,049,196 | ---- | C] () -- C:\WINDOWS\System32\NOISE.FRA
[2002/08/29 03:00:00 | 00,048,794 | ---- | C] () -- C:\WINDOWS\System32\NTIMAGE.GIF
[2002/08/29 03:00:00 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\WINNT256.BMP
[2002/08/29 03:00:00 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\WINNT.BMP
[2002/08/29 03:00:00 | 00,046,133 | ---- | C] () -- C:\WINDOWS\System32\SQLSODBC.CHM
[2002/08/29 03:00:00 | 00,044,451 | R--- | C] () -- C:\WINDOWS\System32\RSOP.MSC
[2002/08/29 03:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\WIASF.AX
[2002/08/29 03:00:00 | 00,036,364 | ---- | C] () -- C:\WINDOWS\System32\SECPOL.MSC
[2002/08/29 03:00:00 | 00,035,755 | ---- | C] () -- C:\WINDOWS\System32\PRNCNFG.VBS
[2002/08/29 03:00:00 | 00,033,464 | ---- | C] () -- C:\WINDOWS\System32\SERVICES.MSC
[2002/08/29 03:00:00 | 00,032,968 | ---- | C] () -- C:\WINDOWS\System32\NTMSOPRQ.MSC
[2002/08/29 03:00:00 | 00,032,674 | ---- | C] () -- C:\WINDOWS\System32\WINHELP.HLP
[2002/08/29 03:00:00 | 00,032,546 | ---- | C] () -- C:\WINDOWS\System32\PRNMNGR.VBS
[2002/08/29 03:00:00 | 00,029,454 | ---- | C] () -- C:\WINDOWS\System32\PRNPORT.VBS
[2002/08/29 03:00:00 | 00,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2002/08/29 03:00:00 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2002/08/29 03:00:00 | 00,026,209 | ---- | C] () -- C:\WINDOWS\System32\NTMSMGR.MSC
[2002/08/29 03:00:00 | 00,025,415 | ---- | C] () -- C:\WINDOWS\System32\PRNDRVR.VBS
[2002/08/29 03:00:00 | 00,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2002/08/29 03:00:00 | 00,021,527 | ---- | C] () -- C:\WINDOWS\System32\PRNJOBS.VBS
[2002/08/29 03:00:00 | 00,019,684 | ---- | C] () -- C:\WINDOWS\System32\NOISE.ESN
[2002/08/29 03:00:00 | 00,019,618 | ---- | C] () -- C:\WINDOWS\System32\NOISE.ITA
[2002/08/29 03:00:00 | 00,018,832 | ---- | C] () -- C:\WINDOWS\System32\V7VGA.ROM
[2002/08/29 03:00:00 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2002/08/29 03:00:00 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2002/08/29 03:00:00 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2002/08/29 03:00:00 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\SHIFTJIS.UCE
[2002/08/29 03:00:00 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2002/08/29 03:00:00 | 00,015,860 | ---- | C] () -- C:\WINDOWS\System32\PRNQCTL.VBS
[2002/08/29 03:00:00 | 00,013,730 | ---- | C] () -- C:\WINDOWS\System32\NOISE.SVE
[2002/08/29 03:00:00 | 00,013,256 | ---- | C] () -- C:\WINDOWS\System32\NOISE.NLD
[2002/08/29 03:00:00 | 00,011,753 | ---- | C] () -- C:\WINDOWS\System32\SETVER.EXE
[2002/08/29 03:00:00 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2002/08/29 03:00:00 | 00,007,052 | ---- | C] () -- C:\WINDOWS\System32\NLSFUNC.EXE
[2002/08/29 03:00:00 | 00,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2002/08/29 03:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\WDL.TRM
[2002/08/29 03:00:00 | 00,003,708 | ---- | C] () -- C:\WINDOWS\System32\PUBPRN.VBS
[2002/08/29 03:00:00 | 00,003,577 | ---- | C] () -- C:\WINDOWS\System32\SYSPRTJ.SEP
[2002/08/29 03:00:00 | 00,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2002/08/29 03:00:00 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\TSLABELS.H
[2002/08/29 03:00:00 | 00,003,252 | ---- | C] () -- C:\WINDOWS\System32\NW16.EXE
[2002/08/29 03:00:00 | 00,003,214 | ---- | C] () -- C:\WINDOWS\System32\SYSPRINT.SEP
[2002/08/29 03:00:00 | 00,003,178 | ---- | C] () -- C:\WINDOWS\System32\RSVPCNTS.H
[2002/08/29 03:00:00 | 00,003,167 | ---- | C] () -- C:\WINDOWS\System32\RSACI.RAT
[2002/08/29 03:00:00 | 00,003,010 | ---- | C] () -- C:\WINDOWS\System32\PSCHDCNT.H
[2002/08/29 03:00:00 | 00,001,818 | ---- | C] () -- C:\WINDOWS\System32\RASCTRNM.H
[2002/08/29 03:00:00 | 00,001,696 | ---- | C] () -- C:\WINDOWS\System32\NOISE.CHT
[2002/08/29 03:00:00 | 00,001,696 | ---- | C] () -- C:\WINDOWS\System32\NOISE.CHS
[2002/08/29 03:00:00 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2002/08/29 03:00:00 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\USRLOGON.CMD
[2002/08/29 03:00:00 | 00,001,129 | ---- | C] () -- C:\WINDOWS\System32\VWIPXSPX.EXE
[2002/08/29 03:00:00 | 00,000,882 | ---- | C] () -- C:\WINDOWS\System32\SHARE.EXE
[2002/08/29 03:00:00 | 00,000,862 | ---- | C] () -- C:\WINDOWS\System32\TERMCAP
[2002/08/29 03:00:00 | 00,000,751 | ---- | C] () -- C:\WINDOWS\System32\NOISE.ENU
[2002/08/29 03:00:00 | 00,000,751 | ---- | C] () -- C:\WINDOWS\System32\NOISE.ENG
[2002/08/29 03:00:00 | 00,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/08/29 03:00:00 | 00,000,707 | ---- | C] () -- C:\WINDOWS\_DEFAULT.PIF
[2002/08/29 03:00:00 | 00,000,697 | ---- | C] () -- C:\WINDOWS\System32\NOISE.THA
[2002/08/29 03:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\System32\PERFWCI.H
[2002/08/29 03:00:00 | 00,000,427 | ---- | C] () -- C:\WINDOWS\System32\PERFCI.H
[2002/08/29 03:00:00 | 00,000,140 | ---- | C] () -- C:\WINDOWS\System32\PERFFILT.H
[2002/08/29 03:00:00 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\PCL.SEP
[2002/08/29 03:00:00 | 00,000,080 | ---- | C] () -- C:\WINDOWS\EXPLORER.SCF
[2002/08/29 03:00:00 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\View Channels.scf
[2002/08/29 03:00:00 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\PSCRIPT.SEP
[2002/03/02 01:10:02 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2001/08/31 09:15:28 | 02,250,056 | ---- | C] () -- C:\WINDOWS\DELLWP.BMP
[2001/08/23 12:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 03:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/10 21:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1995/10/21 07:37:52 | 00,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[1979/12/31 22:00:00 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/14 15:48:08 | 00,007,611 | ---- | M] () -- C:\aaw7boot.log
[2002/09/03 11:36:02 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/13 00:23:22 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 11:13:28 | 00,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2002/09/03 11:36:02 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/19 22:39:06 | 00,004,697 | RH-- | M] () -- C:\DELL.SDR
[2005/07/28 11:45:25 | 00,000,051 | ---- | M] () -- C:\DVDPATH.TXT
[2010/01/14 15:48:10 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/14 15:33:13 | 00,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2004/09/16 20:31:43 | 00,000,397 | -H-- | M] () -- C:\hpothb07.dat
[2004/09/16 20:31:43 | 00,000,749 | -H-- | M] () -- C:\hpothb07.tif
[2002/09/03 11:36:02 | 00,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/11/24 13:57:15 | 00,002,765 | -H-- | M] () -- C:\IPH.PH
[2002/09/03 11:36:02 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2006/07/21 23:05:55 | 00,000,991 | ---- | M] () -- C:\net_save.dna
[2004/10/09 17:17:25 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/11 07:59:55 | 00,250,048 | RHS- | M] () -- C:\NTLDR
[2010/01/14 15:48:08 | 16,106,12736 | -HS- | M] () -- C:\pagefile.sys
[2009/03/07 21:42:33 | 00,000,594 | ---- | M] () -- C:\updatedatfix.log
[2009/11/20 07:45:43 | 00,079,109 | ---- | M] () -- C:\xrvho.exe


< MD5 for: AGP440.SYS >
[2004/10/09 17:11:48 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/11 07:53:23 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/10/09 17:11:48 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/11 07:53:23 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 11:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 03:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 03:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/10/09 17:11:48 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/11 07:53:23 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/10/09 17:11:48 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/11 07:53:23 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/01/31 13:43:30 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\I386\atapi.sys
[2002/08/28 23:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/28 23:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=D4A95B7D2A70B9BC038FDE4954CEA76E -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 03:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 03:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 00:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 03:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[52 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >
[2003/09/03 12:51:00 | 00,000,000 | ---D | M] -- C:\Program Files\3ivx
[2010/01/14 13:01:36 | 00,000,000 | ---D | M] -- C:\Program Files\a-squared Free
[2008/11/10 14:49:23 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/24 13:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\AIM6
[2009/06/30 17:43:55 | 00,000,000 | ---D | M] -- C:\Program Files\Alarm
[2005/06/01 14:32:44 | 00,000,000 | ---D | M] -- C:\Program Files\ANI
[2009/02/13 11:42:23 | 00,000,000 | ---D | M] -- C:\Program Files\AoA DVD Creator
[2004/09/29 12:55:41 | 00,000,000 | ---D | M] -- C:\Program Files\AOD
[2005/05/01 21:18:38 | 00,000,000 | ---D | M] -- C:\Program Files\aolx
[2008/11/22 12:18:42 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/10/21 00:28:25 | 00,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/01/09 17:41:00 | 00,000,000 | ---D | M] -- C:\Program Files\AWS
[2009/10/06 21:05:09 | 00,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2007/09/06 20:04:38 | 00,000,000 | ---D | M] -- C:\Program Files\BitZip
[2009/03/17 22:19:09 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/01/03 20:50:41 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/10/11 11:39:51 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/08/19 22:36:28 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2003/08/19 22:44:38 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/12/03 15:00:55 | 00,000,000 | ---D | M] -- C:\Program Files\Corel
[2003/08/19 23:01:51 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/10/11 11:45:00 | 00,000,000 | ---D | M] -- C:\Program Files\D-Link
[2009/10/11 11:33:32 | 00,000,000 | ---D | M] -- C:\Program Files\D-Link AirPlus G
[2003/08/19 23:00:30 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
[2003/08/19 23:01:37 | 00,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2005/06/01 15:38:31 | 00,000,000 | ---D | M] -- C:\Program Files\DIGStream
[2007/10/04 12:58:19 | 00,000,000 | ---D | M] -- C:\Program Files\directx
[2009/10/03 23:04:23 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/01/14 15:21:11 | 00,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/01/13 22:19:54 | 00,000,000 | ---D | M] -- C:\Program Files\flytunes
[2008/01/29 16:59:32 | 00,000,000 | ---D | M] -- C:\Program Files\Global DiVX Player
[2008/09/24 13:45:37 | 00,000,000 | ---D | M] -- C:\Program Files\gs
[2009/03/06 16:19:18 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/03/06 16:31:08 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2009/10/11 11:44:59 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2003/08/19 23:00:18 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/01/14 16:27:02 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/03 00:17:13 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/11/03 00:18:18 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/09/27 12:45:05 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/08 22:46:58 | 00,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2010/01/08 23:26:06 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2003/11/02 20:31:09 | 00,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/01/13 11:07:41 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/11 08:18:55 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2003/09/04 20:18:02 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2003/09/04 20:18:16 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/09/12 11:59:43 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2003/09/04 20:22:45 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/01/08 23:39:25 | 00,000,000 | ---D | M] -- C:\Program Files\MioNet
[2003/08/19 23:01:44 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2008/09/11 08:09:11 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/01/15 11:07:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/08 01:27:39 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2003/08/19 22:36:28 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/08 01:00:40 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/10/03 19:08:28 | 00,000,000 | ---D | M] -- C:\Program Files\Native Instruments
[2008/09/11 08:03:57 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2003/08/19 23:01:31 | 00,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2007/10/03 19:49:41 | 00,000,000 | ---D | M] -- C:\Program Files\Neuratron PhotoScore Lite
[2003/08/19 22:36:28 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/12 01:04:53 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/03/21 09:27:28 | 00,000,000 | ---D | M] -- C:\Program Files\PCFriendly
[2008/11/04 12:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\PDFCreator
[2007/09/03 20:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2004/03/14 12:15:19 | 00,000,000 | ---D | M] -- C:\Program Files\Plus!
[2009/09/21 23:27:51 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/10/11 11:39:21 | 00,000,000 | ---D | M] -- C:\Program Files\real
[2009/08/08 01:27:23 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2003/08/19 23:02:19 | 00,000,000 | ---D | M] -- C:\Program Files\Roxio
[2007/10/03 19:26:09 | 00,000,000 | ---D | M] -- C:\Program Files\Sibelius Software
[2007/05/22 17:16:00 | 00,000,000 | ---D | M] -- C:\Program Files\Skype
[2008/12/03 15:28:20 | 00,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2004/03/14 12:49:47 | 00,000,000 | ---D | M] -- C:\Program Files\Stardock
[2005/01/20 13:57:00 | 00,000,000 | ---D | M] -- C:\Program Files\Sunhawk
[2010/01/15 00:54:13 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2006/07/21 23:10:22 | 00,000,000 | ---D | M] -- C:\Program Files\support.com
[2004/04/06 14:47:01 | 00,000,000 | ---D | M] -- C:\Program Files\TGTSoft
[2010/01/08 23:25:17 | 00,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2004/08/26 19:54:41 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/09/09 19:05:20 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/01/10 12:19:40 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/08/25 14:53:42 | 00,000,000 | ---D | M] -- C:\Program Files\WD
[2009/08/25 14:59:36 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2007/09/26 19:28:39 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2004/08/26 10:35:57 | 00,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/12/03 15:04:49 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2006/11/05 23:09:00 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/11 08:03:51 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/11 08:03:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/29 15:02:57 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/08/27 10:37:47 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/07/14 05:15:11 | 00,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2004/08/26 15:10:55 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2003/08/19 22:36:30 | 00,000,000 | ---D | M] -- C:\Program Files\XEROX

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-12 22:58:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7833B2E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B71D0B4
< End of report >





























































OTL Extras logfile created on: 1/15/2010 11:11:30 AM - Run 1
OTL by OldTimer - Version 3.1.25.0 Folder = C:\Documents and Settings\Jacko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 39.52 Gb Free Space | 53.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 282.41 Gb Free Space | 60.65% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKO
Current User Name: Jacko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Disabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Disabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Disabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Disabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Disabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Disabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Disabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Disabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Disabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Disabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Disabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\WINDOWS\SYSTEM32\procmsg.exe" = C:\WINDOWS\SYSTEM32\procmsg.exe:*:Disabled:procmsg -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa -- File not found
"C:\WINDOWS\SYSTEM32\MediaPIayer.exe" = C:\WINDOWS\SYSTEM32\MediaPIayer.exe:*:Disabled:MediaPIayer -- File not found
"C:\WINDOWS\system32\dcwiaaaa.exe" = C:\WINDOWS\system32\dcwiaaaa.exe:*:Enabled:.NET Runtime Optimization Service v1.000.3.1434 -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- File not found
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Disabled:MioNet -- (Sun Microsystems, Inc.)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Disabled:MioNetManager -- ()
"C:\WINDOWS\LMI17.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI17.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C50A915-DD33-4802-B83B-9EA997D3337B}" = Intel ® Pro Alerting Agent
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{457B00DC-314C-48E8-870E-BE04B2DCC1E9}" = Dolet Light for Finale
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53AF3638-DDB4-4755-B3DC-259981689DB7}" = MioNet
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B5749E57-AD4A-4B1B-ABC5-885FDBC286C9}" = D-Link AirPlus G Wireless LAN Adapter
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"3ivx D4 4.0.4" = 3ivx D4 4.0.4 (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Alarm_is1" = Alarm 2.0.4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
"DesktopX" = DesktopX
"DivX Player" = DivX Player
"DivX Pro Codec Adware" = DivX Pro Codec Adware
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IconPackager" = IconPackager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6}" = iTunes
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ObjectDock" = ObjectDock
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Sibelius Sounds Essentials" = Sibelius Sounds Essentials
"Skype_is1" = Skype 3.2
"SmartStartup" = SmartStartup
"Solero Music Viewer_is1" = Solero Music Viewer
"StyleXP" = StyleXP (remove only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HDtracks Download Manager" = HDtracks Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2010 6:48:16 PM | Computer Name = JACKO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001a9a.

Error - 1/14/2010 6:48:52 PM | Computer Name = JACKO | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/14/2010 7:28:07 PM | Computer Name = JACKO | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/14/2010 8:28:03 PM | Computer Name = JACKO | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/15/2010 6:21:25 AM | Computer Name = JACKO | Source = Application Hang | ID = 1002
Description = Hanging application flytunes.exe, version 1.43.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2010 6:21:26 AM | Computer Name = JACKO | Source = Application Hang | ID = 1002
Description = Hanging application flytunes.exe, version 1.43.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2010 6:21:26 AM | Computer Name = JACKO | Source = Application Hang | ID = 1002
Description = Hanging application flytunes.exe, version 1.43.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2010 1:28:10 PM | Computer Name = JACKO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.25.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2010 2:06:37 PM | Computer Name = JACKO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.25.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2010 2:10:10 PM | Computer Name = JACKO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.25.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/13/2010 4:37:37 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:37:37 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:37:37 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:37:39 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:37:41 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:37:41 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:37:41 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:37:41 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:38:26 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/13/2010 4:38:27 AM | Computer Name = JACKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}


< End of report >
  • 0

#5
Rorschach112
Posted 15 January 2010 - 02:51 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKLM..\Run: [Windows Generic Proc] File not found
O4 - HKCU..\Run: [Windows Generic Proc] File not found
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - HKLM..\RunServices: [Windows Generic Proc] File not found
O4 - HKCU..\RunServices: [Windows Generic Proc] File not found
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O21 - SSODL: Internet Player - {5FBA5DFD-26B7-4F56-A9FB-62B44E8AC81D} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
O32 - AutoRun File - [2008/11/05 13:19:36 | 00,000,052 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/05/19 02:12:38 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O33 - MountPoints2\{44133932-8913-11de-bb8d-000bdb78146d}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2008/12/03 13:38:50 | 00,319,488 | ---- | M] (Western Digital Corporation)
O33 - MountPoints2\{f31f3d93-6e61-11de-bb88-00119592ac86}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2008/12/03 13:38:50 | 00,319,488 | ---- | M] (Western Digital Corporation)
MsConfig - StartUpReg: settdebugx.exe - hkey= - key= - C:\DOCUME~1\Jacko\LOCALS~1\Temp\settdebugx.exe File not found
[2004/09/08 11:35:59 | 00,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#6
mjacko
Posted 16 January 2010 - 02:34 AM

mjacko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I'm having trouble completing the scan. I open GMER in regular mode and the computer freezes. I've tried it at least 5 times with the same result each time. I can run the scan in safe mode but can't adjust the window size. When the scan finishes I can't click the "Save" button. It's below the scope of the window, which I can't shift one way or another. I tried selecting "Scan" and using the tab key to select "Save," but the cursor just goes straight to "OK" and "Cancel."
  • 0

#7
Rorschach112
Posted 16 January 2010 - 06:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ok do this

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#8
mjacko
Posted 16 January 2010 - 02:18 PM

mjacko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 10-01-16.01 - Jacko 01/16/2010 12:45:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.625 [GMT -7:00]
Running from: c:\documents and settings\Jacko\Desktop\ComboFix.exe.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\system32\drivers\H8SRTasbobhhdaq.sys
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\H8SRTcpfexyhxmr.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTmniiqawugv.dat
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTufjwbeexmp.dll
c:\windows\system32\H8SRTvfwospibmq.log
c:\windows\system32\H8SRTwmqrlecljs.dll
c:\windows\system32\H8SRTyslqrtqfqg.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\reboot.txt
c:\windows\system32\srcr.dat
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Legacy_NDISRD
-------\Legacy_NPF
-------\Service_NDISRD
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-15 21:28 . 2010-01-15 21:28 -------- d-----w- C:\_OTL
2010-01-15 00:09 . 2010-01-15 00:09 -------- d-----w- c:\documents and settings\Jacko\Local Settings\Application Data\ESET
2010-01-14 23:18 . 2009-10-29 07:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-14 23:18 . 2009-10-29 07:46 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-01-14 22:21 . 2010-01-14 22:21 -------- d-----w- c:\program files\ESET
2010-01-14 22:21 . 2010-01-14 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\documents and settings\Jacko\Local Settings\Application Data\Symantec
2010-01-13 18:07 . 2010-01-13 18:07 -------- d-----w- c:\documents and settings\Jacko\Application Data\Malwarebytes
2010-01-13 17:31 . 2010-01-13 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-13 07:56 . 2010-01-14 05:19 -------- d-----w- c:\program files\flytunes
2010-01-13 07:40 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 07:40 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 07:39 . 2010-01-15 07:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-13 07:39 . 2010-01-13 07:39 -------- d-----w- c:\documents and settings\Jacko\Application Data\SUPERAntiSpyware.com
2010-01-13 07:01 . 2010-01-13 07:40 -------- d-----w- c:\documents and settings\Jacko\Local Settings\Application Data\Tific
2010-01-13 07:00 . 2010-01-13 07:00 -------- d-----w- c:\documents and settings\Jacko\Application Data\Tific
2010-01-13 06:45 . 2010-01-13 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-13 06:25 . 2010-01-13 06:25 -------- d-----w- c:\documents and settings\Jacko\Local Settings\Application Data\ICS
2010-01-13 02:45 . 2010-01-14 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-12 20:00 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 17:22 . 2010-01-09 17:23 -------- d-----w- c:\documents and settings\Jacko\Local Settings\Application Data\Move Networks
2010-01-09 15:43 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-09 06:29 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-09 06:25 . 2010-01-09 06:25 -------- d-----w- c:\program files\TrendMicro
2010-01-09 01:49 . 2009-09-07 20:02 27944 ----a-w- c:\windows\system32\sbbd.exe
2010-01-09 01:49 . 2009-08-05 21:58 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-01-09 01:44 . 2010-01-14 20:01 -------- d-----w- c:\program files\a-squared Free
2010-01-09 01:42 . 2010-01-13 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 01:42 . 2010-01-09 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-04 05:42 . 2010-01-09 06:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-04 05:03 . 2010-01-04 05:03 -------- d-----w- c:\documents and settings\Jacko\Application Data\AVG8
2010-01-04 04:00 . 2010-01-09 02:10 -------- d-----w- c:\documents and settings\Jacko\Local Settings\Application Data\ecjrxn
2010-01-04 03:50 . 2010-01-04 03:50 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 19:18 . 2009-08-25 21:56 -------- d-----w- c:\program files\MioNet
2010-01-14 22:08 . 2003-08-30 01:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-14 16:26 . 2003-09-23 01:14 54208 ----a-w- c:\documents and settings\Jacko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 19:48 . 2009-07-07 19:04 -------- d-----w- c:\documents and settings\Jacko\Application Data\HPAppData
2010-01-13 07:39 . 2003-09-04 03:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-13 02:30 . 2003-08-30 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-10 00:41 . 2004-08-26 19:50 -------- d-----w- c:\program files\AWS
2010-01-09 17:22 . 2007-11-05 06:51 -------- d-----w- c:\documents and settings\Jacko\Application Data\Move Networks
2010-01-09 06:26 . 2003-12-02 21:05 -------- d-----w- c:\program files\Lavasoft
2010-01-04 06:00 . 2004-04-05 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream
2009-12-28 14:43 . 2010-01-13 07:40 22722973 ----a-w- c:\program files\PROCESSLIST.DB
2009-12-28 14:43 . 2010-01-13 07:40 1280973 ----a-w- c:\program files\PROCESSLISTRELATED.DB
2009-11-24 08:52 . 2009-11-18 18:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2009-11-20 14:45 . 2009-11-20 14:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Update
2009-11-20 14:45 . 2009-11-20 14:45 79109 ----a-w- C:\xrvho.exe
2009-11-18 09:52 . 2007-09-07 02:18 -------- d-----w- c:\documents and settings\Jacko\Application Data\BitTorrent
2009-11-16 16:06 . 2009-11-16 16:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 16:03 . 2009-11-16 16:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 15:56 . 2009-11-16 15:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-10-29 07:46 . 2004-02-06 22:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-06-13 19:07 . 2007-06-13 19:07 6276080 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2004-04-05 1060864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2004-08-18 1249280]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-11 198160]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2009-10-11 32768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

c:\documents and settings\Jacko\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2004-3-14 1069056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2009-10-11 294912]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-8-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2003-08-25 14:25 139264 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jacko^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=c:\documents and settings\Jacko\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=c:\windows\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-31 19:22 50480 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2009-09-29 18:59 653104 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2009-10-11 18:13 32768 ----a-w- c:\program files\MioNet\MioNetLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-06-15 23:15 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 07:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-04-11 23:15 24184360 ----a-w- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-08-05 23:06 1830128 ----a-w- c:\program files\SUPERAntiSpyware\8502d524-b674-4e90-9632-1ebbca423e91.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-11 18:39 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Anywhere Backup]
2008-11-07 19:20 197856 ----a-w- c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:*:Disabled:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:*:Disabled:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:*:Disabled:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:*:Disabled:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:*:Disabled:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:*:Disabled:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:*:Disabled:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:*:Disabled:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:*:Disabled:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:*:Disabled:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:*:Disabled:MioNet Storage Device Discovery

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/8/2010 11:29 PM 64288]
R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\SYSTEM32\DRIVERS\epfwtdir.sys [11/16/2009 9:06 AM 96408]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [1/8/2010 6:49 PM 93872]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [1/8/2010 6:44 PM 1858144]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2/10/2003 2:52 AM 114688]
R2 AsfAlrt;AsfAlrt;c:\windows\SYSTEM32\DRIVERS\Asfalrt.sys [12/18/2002 2:31 AM 36064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1181328]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 12:20 PM 25824]
R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [9/17/2008 12:52 PM 139264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 12:19 PM 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 1:22 PM 102400]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [8/11/2004 11:27 AM 547744]
S2 .NET Runtime Optimization Service v1.000.3.1434;.NET Runtime Optimization Service v1.000.3.1434;c:\windows\system32\dcwiaaaa.exe --> c:\windows\system32\dcwiaaaa.exe [?]
S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\SYSTEM32\DRIVERS\a302.sys [12/31/1979 10:00 PM 11319]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:28]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:28]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:28]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:28]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 06:28]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1054972002-3138208589-949334985-1005Core.job
- c:\documents and settings\Jacko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-07-12 00:18]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1054972002-3138208589-949334985-1005UA.job
- c:\documents and settings\Jacko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-07-12 00:18]

2010-01-15 c:\windows\Tasks\Updater.job
- c:\windows\system32\config\systemprofile\Application Data\Update\seupd.exe [2009-11-19 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.planolibrary.org/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &Search - http://ka.bar.need2f...earch.html?p=KA
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} - hxxp://webpdp.gator.com/v3/download/pdpplugin5093_hd3ptdmgainads.cab
DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} - hxxp://c03.tellmemorecampus.com/bin/tol7inst.cab
FF - ProfilePath - c:\documents and settings\Jacko\Application Data\Mozilla\Firefox\Profiles\p7chziqk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - prefs.js: keyword.URL - hxxp://search.liveinfopro.com/?s=
FF - plugin: c:\documents and settings\Jacko\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Jacko\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\Jacko\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.liveinfopro.com/?s=.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D6B9BF08-887E-4DCD-94E3-09F8724BE5C2} - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Desktop Architect - c:\program files\Desktop Architect\datray.exe
MSConfigStartUp-DIGStream - c:\program files\DIGStream\digstream.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
MSConfigStartUp-Windows Media Player - MediaPIayer.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 13:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1054972002-3138208589-949334985-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1054972002-3138208589-949334985-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-01-16 13:15:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-16 20:15

Pre-Run: 42,682,773,504 bytes free
Post-Run: 42,646,978,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 20FD5F38D0B8FEB830530DCA5EBCC126
  • 0

#9
Rorschach112
Posted 17 January 2010 - 07:14 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services
.NET Runtime Optimization Service v1.000.3.1434

:Reg

:Files
C:\xrvho.exe
c:\windows\system32\dcwiaaaa.exe 

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#10
mjacko
Posted 17 January 2010 - 11:08 PM

mjacko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service .NET Runtime Optimization Service v1.000.3.1434 stopped successfully!
Service .NET Runtime Optimization Service v1.000.3.1434 deleted successfully!
========== REGISTRY ==========
========== FILES ==========
C:\xrvho.exe moved successfully.
File/Folder c:\windows\system32\dcwiaaaa.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jacko
->Temp folder emptied: 841680 bytes
->Temporary Internet Files folder emptied: 111826 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 63029745 bytes
->Apple Safari cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33012 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 330885 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 788120 bytes

Total Files Cleaned = 62.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01172010_085042

Files moved on Reboot...

Registry entries deleted on Reboot...




































































Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/17/2010 9:15:51 AM
mbam-log-2010-01-17 (09-15-51).txt

Scan type: Quick Scan
Objects scanned: 118363
Time elapsed: 15 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






































































--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 17, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 17, 2010 16:47:11
Records in database: 3324765
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 83465
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:39:22


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\H8SRTufjwbeexmp.dll.vir Infected: Trojan.Win32.Tdss.avig 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\H8SRTwmqrlecljs.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP0\A0000003.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP0\A0000006.dll Infected: Trojan.Win32.Tdss.avig 1

Selected area has been scanned.
  • 0

#11
Rorschach112
Posted 18 January 2010 - 06:46 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#12
mjacko
Posted 18 January 2010 - 11:13 AM

mjacko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 1/18/2010 10:10:09 AM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Jacko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 401.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 38.27 Gb Free Space | 51.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKO
Current User Name: Jacko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/18 10:05:49 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacko\Desktop\OTL.exe
PRC - [2010/01/17 09:21:49 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/17 09:21:49 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010/01/15 10:31:25 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/16 09:04:30 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09:03:32 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 11:39:19 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/12/12 08:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/07 12:20:40 | 00,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/07/24 13:22:50 | 00,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 13:22:12 | 00,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/06/09 08:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 09:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/01/04 14:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/09/20 06:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
PRC - [2005/09/20 06:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2004/04/05 14:18:58 | 00,307,200 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2003/11/18 01:46:34 | 01,069,056 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2003/11/13 13:51:56 | 00,253,952 | ---- | M] (Stardock) -- C:\Program Files\Common Files\Stardock\SDMCP.exe
PRC - [2003/02/10 02:52:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2002/08/14 16:22:52 | 00,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/04/04 10:56:10 | 00,163,840 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [1999/03/17 14:38:10 | 08,798,260 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/18 10:05:49 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacko\Desktop\OTL.exe
MOD - [2003/08/11 16:45:32 | 00,049,152 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - [2010/01/17 09:21:49 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/01/08 23:27:53 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/16 09:12:54 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 00,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/06/05 08:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 08:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/07 12:20:40 | 00,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/09/17 12:52:00 | 00,139,264 | R--- | M] () [Auto | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2008/07/24 13:22:50 | 00,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/07/18 10:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 10:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/09 08:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/01/31 20:46:09 | 01,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/11/06 19:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 19:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/04/03 22:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/04/05 14:18:58 | 00,307,200 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2003/11/02 20:33:06 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2003/03/03 11:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/02/10 02:52:30 | 00,114,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002/04/04 10:56:10 | 00,163,840 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.planolibrary.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://gmail.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.livein...nfopro.com/?s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.livein...nfopro.com/?s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 10:31:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 09:22:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/14 15:21:12 | 00,000,000 | ---D | M]

[2008/09/01 14:46:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Mozilla\Extensions
[2010/01/13 22:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Mozilla\Firefox\Profiles\p7chziqk.default\extensions
[2008/02/18 08:25:40 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Jacko\Application Data\Mozilla\Firefox\Profiles\p7chziqk.default\searchplugins\aolsearch.xml
[2010/01/17 09:22:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 22:04:25 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/06/13 12:07:46 | 06,276,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2009/11/18 07:03:18 | 00,002,033 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/01/17 08:50:47 | 00,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - No CLSID value found.
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D6B9BF08-887E-4DCD-94E3-09F8724BE5C2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F50CE767-AE72-45EB-AECD-E8786C240373} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus G\AIRPLUS.exe (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Jacko\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1408.g.akama...iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} http://www.surfsecre...PEInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B5234F42-BD65-4567-BC32-5A6AEA0DB1C3} http://webpdp.gator....ptdmgainads.cab (Reg Error: Key error.)
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} http://c03.tellmemor...in/tol7inst.cab (InstallerCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Jacko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jacko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 11:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/18 10:05:21 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jacko\Desktop\OTL.exe
[2010/01/17 08:50:42 | 00,000,000 | ---D | C] -- C:\_OTM
[2010/01/16 12:58:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/16 12:55:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/16 12:32:58 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/16 12:30:46 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/16 12:30:46 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/16 12:30:46 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/16 12:30:46 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/16 12:30:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/16 12:29:58 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/15 14:28:59 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/14 17:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\ESET
[2010/01/14 15:21:11 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/14 15:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/14 09:19:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\Symantec
[2010/01/13 23:17:48 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jacko\Recent
[2010/01/13 11:07:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Application Data\Malwarebytes
[2010/01/13 10:31:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/13 00:56:57 | 00,000,000 | ---D | C] -- C:\Program Files\flytunes
[2010/01/13 00:40:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/13 00:40:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/13 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Application Data\SUPERAntiSpyware.com
[2010/01/13 00:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/13 00:01:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\Tific
[2010/01/13 00:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Application Data\Tific
[2010/01/12 23:45:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/01/12 23:25:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\ICS
[2010/01/12 19:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/01/09 10:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\Local Settings\Application Data\Move Networks
[2010/01/08 23:29:31 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/08 23:25:17 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/08 18:49:30 | 00,093,872 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/01/08 18:49:30 | 00,027,944 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/01/08 18:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/01/08 18:44:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jacko\My Documents\a-squared Free
[2010/01/08 18:42:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/08 18:42:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/03 22:12:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/03 22:12:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/25 14:55:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/08/01 00:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/10/29 08:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/08 16:18:48 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2006/12/13 23:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2005/08/02 21:07:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/10/09 17:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\Jacko\Desktop\*.tmp files -> C:\Documents and Settings\Jacko\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/18 10:05:49 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacko\Desktop\OTL.exe
[2010/01/18 09:45:00 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/01/18 05:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/18 01:45:16 | 00,207,360 | ---- | M] () -- C:\Documents and Settings\Jacko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 23:57:27 | 00,121,344 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\Calendar of Chores.doc
[2010/01/17 23:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/17 22:32:14 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jacko\Desktop\~$lendar of Chores.doc
[2010/01/17 17:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/17 11:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/17 09:01:19 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/17 09:01:16 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{F61C4F0B-523E-4D3C-AC5C-04B010DACD99}
[2010/01/17 08:58:59 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/17 08:58:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/17 08:58:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/17 08:58:52 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/17 08:58:00 | 10,223,616 | -H-- | M] () -- C:\Documents and Settings\Jacko\NTUSER.DAT
[2010/01/17 08:58:00 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jacko\NTUSER.INI
[2010/01/17 08:50:47 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/01/16 12:58:38 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/16 12:33:10 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/01/14 16:30:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/14 09:26:47 | 00,054,208 | ---- | M] () -- C:\Documents and Settings\Jacko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/14 09:06:49 | 00,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 01:08:01 | 00,509,996 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/13 01:08:01 | 00,433,698 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/01/13 01:08:01 | 00,067,984 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/01/13 00:23:22 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/12 19:11:02 | 00,764,492 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/01/11 23:44:43 | 00,007,800 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\Michael A. Jacko - Resume with References.pdf
[2010/01/11 23:14:14 | 00,005,296 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\Michael A. Jacko - Cover Letter.pdf
[2010/01/11 23:13:40 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Jacko\Desktop\Castleton 2010 cover letter.doc
[2010/01/09 10:20:20 | 00,000,711 | ---- | M] () -- C:\WINDOWS\WIN.INI
[1 C:\Documents and Settings\Jacko\Desktop\*.tmp files -> C:\Documents and Settings\Jacko\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 22:32:14 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jacko\Desktop\~$lendar of Chores.doc
[2010/01/16 12:33:10 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/16 12:33:06 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/16 12:30:46 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/16 12:30:46 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/16 12:30:46 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/16 12:30:46 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/16 12:30:46 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/16 11:56:00 | 10,716,97920 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/14 17:31:32 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/14 17:31:31 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/14 17:31:30 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/14 16:29:16 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 00:40:30 | 22,722,973 | ---- | C] () -- C:\Program Files\PROCESSLIST.DB
[2010/01/13 00:40:30 | 01,280,973 | ---- | C] () -- C:\Program Files\PROCESSLISTRELATED.DB
[2010/01/12 19:04:08 | 00,764,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/01/12 16:33:47 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/11 23:44:32 | 00,007,800 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Michael A. Jacko - Resume with References.pdf
[2010/01/11 23:14:10 | 00,005,296 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Michael A. Jacko - Cover Letter.pdf
[2010/01/11 23:13:40 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Castleton 2010 cover letter.doc
[2010/01/10 11:37:14 | 00,121,344 | ---- | C] () -- C:\Documents and Settings\Jacko\Desktop\Calendar of Chores.doc
[2010/01/09 08:43:01 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/08 23:30:20 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/01 20:10:28 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/02/16 09:32:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/12/03 15:27:10 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/03 15:27:10 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/03 15:27:10 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/03 15:27:10 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/03 15:27:10 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/03 15:27:10 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/04 12:43:06 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/09/24 13:59:24 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/09/24 13:46:38 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/09/03 14:34:14 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/02/29 00:21:22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2007/11/18 22:31:23 | 00,000,188 | ---- | C] () -- C:\WINDOWS\Vstudio.INI
[2007/11/18 22:22:41 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2007/10/10 04:20:08 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/04 12:45:44 | 00,001,173 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/10/04 12:45:44 | 00,000,040 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2007/09/03 20:43:23 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/05/08 16:18:48 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2006/06/04 11:32:52 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/26 22:56:41 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/03/21 18:38:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/07 17:52:43 | 00,000,045 | ---- | C] () -- C:\WINDOWS\JBDEMKKJ.ini
[2004/09/07 17:51:39 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/02 17:17:10 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/06 12:26:26 | 00,001,300 | ---- | C] () -- C:\WINDOWS\System32\cool.dll
[2003/09/29 17:15:04 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2003/09/29 14:07:07 | 00,000,147 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/04 20:25:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/02 19:48:08 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/30 07:25:23 | 00,207,360 | ---- | C] () -- C:\Documents and Settings\Jacko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/08/20 07:00:35 | 00,015,231 | ---- | C] () -- C:\WINDOWS\System32\vkmleaaa.dll
[2003/08/19 23:03:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/19 22:58:21 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/19 22:46:29 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/19 22:37:54 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/04/16 08:40:12 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003/04/16 08:39:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll
[2003/03/09 13:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/12/18 02:31:54 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\aolninst.dll
[2002/12/18 02:31:36 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2002/08/29 03:00:00 | 00,113,909 | ---- | C] () -- C:\WINDOWS\System32\uregfapi.dll
[2001/08/23 12:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/22 03:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/10 21:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1995/10/21 07:37:52 | 00,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[1979/12/31 22:00:00 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

========== LOP Check ==========

[2008/11/24 13:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/01/03 23:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/01/14 15:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/12/03 15:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2005/07/20 22:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/01/28 09:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/09/03 23:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/03 17:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/11/24 13:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/17 22:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/21 23:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 23:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/08 23:26:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2007/09/06 19:34:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\.BitZip
[2007/09/03 20:54:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\acccore
[2007/10/24 22:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Aim
[2009/11/10 21:10:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Audacity
[2009/11/18 02:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\BitTorrent
[2003/08/20 07:02:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Explorer
[2003/08/29 19:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Kazaa Lite
[2004/02/15 02:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Leadertech
[2004/04/16 06:02:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Lycos
[2009/09/07 22:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\MioNet
[2010/01/13 00:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Tific
[2008/12/06 18:45:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Ulead Systems
[2009/02/27 09:01:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\uTorrent
[2007/02/14 16:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\Viewpoint
[2009/08/25 22:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jacko\Application Data\WD
[2010/01/17 23:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/01/18 05:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/01/17 11:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/01/17 17:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/01/17 08:58:59 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/18 09:45:00 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7833B2E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B71D0B4
< End of report >
  • 0

#13
Rorschach112
Posted 18 January 2010 - 12:44 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#14
mjacko
Posted 18 January 2010 - 12:51 PM

mjacko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I can't thank you enough for helping me with this - it's a great feeling to be rid of these problems.

And wouldn't you know it - all the other problems (DVD burner, iTunes store, etc.) have gone away too.
  • 0

#15
Rorschach112
Posted 18 January 2010 - 12:57 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP