OTL logfile created on: 5/11/2011 3:06:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\John Casella\Desktop\Malware Correction May 2011
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 133.37 Gb Free Space | 89.52% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.04 Gb Free Space | 81.03% Space Free | Partition Type: FAT32
 
Computer Name: D5LY2CK1 | User Name: John Casella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\John Casella\Desktop\Malware Correction May 2011\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe (Research In Motion)
PRC - C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\John Casella\Desktop\Malware Correction May 2011\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (AsfAlrt) -- C:\WINDOWS\system32\drivers\Asfalrt.sys (Intel Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25437
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 25437
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/02/02 12:37:16 | 000,000,000 | ---D | M]
 
[2011/02/23 15:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Casella\Application Data\Mozilla\Extensions
[2011/02/23 15:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Casella\Application Data\Mozilla\Firefox\Profiles\in75u71w.default\extensions
[2011/02/23 15:30:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Casella\Application Data\Mozilla\Firefox\Profiles\in75u71w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 15:59:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/02/23 15:19:52 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
 
O1 HOSTS File: ([2011/02/23 13:25:46 | 000,002,213 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 204.152.194.148 google.com 
O1 - Hosts: 204.152.194.148 google.com.au 
O1 - Hosts: 204.152.194.148 google.be 
O1 - Hosts: 204.152.194.148 www.google.be
O1 - Hosts: 204.152.194.148 google.com.br 
O1 - Hosts: 204.152.194.148 google.ca 
O1 - Hosts: 204.152.194.148 www.google.ca
O1 - Hosts: 204.152.194.148 google.ch 
O1 - Hosts: 204.152.194.148 www.google.ch
O1 - Hosts: 204.152.194.148 google.de 
O1 - Hosts: 204.152.194.148 www.google.de
O1 - Hosts: 204.152.194.148 google.dk 
O1 - Hosts: 204.152.194.148 www.google.dk
O1 - Hosts: 204.152.194.148 google.fr 
O1 - Hosts: 204.152.194.148 www.google.fr
O1 - Hosts: 204.152.194.148 google.ie 
O1 - Hosts: 204.152.194.148 www.google.ie
O1 - Hosts: 204.152.194.148 google.it 
O1 - Hosts: 204.152.194.148 www.google.it
O1 - Hosts: 204.152.194.148 google.co.jp 
O1 - Hosts: 204.152.194.148 www.google.co.jp
O1 - Hosts: 204.152.194.148 google.nl 
O1 - Hosts: 204.152.194.148 www.google.nl
O1 - Hosts: 21 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110223153900.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [DW6]  File not found
O4 - HKCU..\Run: [SUPERAntiSpyware]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250015127132 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B9BE4AC6-505E-480F-BAC1-35512FBA992F} http://24.229.31.33:7000/eDVR.cab (EFOcx Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://padli.webex.com/client/T26L/training/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.144.187.37 204.186.0.201 207.44.96.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\John Casella\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John Casella\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4b3d9283-dabd-11df-b74d-0023ae9d1786}\Shell\AutoRun\command - "" = dwm.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/05/06 13:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/06 12:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/06 11:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Casella\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/06 11:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Casella\Desktop\Malware Correction May 2011
[2011/05/05 13:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Casella\Application Data\SUPERAntiSpyware.com
[2011/05/04 11:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/15 07:45:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/05/10 14:31:09 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\John Casella\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/05/06 14:06:14 | 000,466,450 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/06 14:06:14 | 000,079,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/06 14:02:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/06 14:01:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/06 13:26:58 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/04 15:40:03 | 000,000,474 | RHS- | M] () -- C:\Documents and Settings\John Casella\ntuser.pol
[2011/05/03 06:54:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 08:50:40 | 000,013,704 | -HS- | M] () -- C:\Documents and Settings\John Casella\Local Settings\Application Data\23632tqd15c66kbesf6gf6o1531yloq3la6gi1ul1ms60n2
[2011/05/02 08:50:40 | 000,013,704 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\23632tqd15c66kbesf6gf6o1531yloq3la6gi1ul1ms60n2
[2011/04/29 07:37:55 | 000,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/04/20 11:08:22 | 000,394,115 | ---- | M] () -- C:\Documents and Settings\John Casella\Desktop\CDE Logo.jpg
[2011/04/20 10:22:21 | 000,111,416 | ---- | M] () -- C:\Documents and Settings\John Casella\Desktop\PPLlogo4C.jpg
[2011/04/18 08:51:12 | 000,754,052 | ---- | M] () -- C:\Documents and Settings\John Casella\My Documents\LoaderBackup-(2011-04-18).ipd
[2011/04/15 07:52:12 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 07:44:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/05/06 13:26:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/06 13:26:58 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/04 15:40:03 | 000,000,474 | RHS- | C] () -- C:\Documents and Settings\John Casella\ntuser.pol
[2011/05/02 07:46:04 | 000,013,704 | -HS- | C] () -- C:\Documents and Settings\John Casella\Local Settings\Application Data\23632tqd15c66kbesf6gf6o1531yloq3la6gi1ul1ms60n2
[2011/05/02 07:46:04 | 000,013,704 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\23632tqd15c66kbesf6gf6o1531yloq3la6gi1ul1ms60n2
[2011/04/20 11:08:22 | 000,394,115 | ---- | C] () -- C:\Documents and Settings\John Casella\Desktop\CDE Logo.jpg
[2011/04/20 10:22:21 | 000,111,416 | ---- | C] () -- C:\Documents and Settings\John Casella\Desktop\PPLlogo4C.jpg
[2011/04/18 08:51:12 | 000,754,052 | ---- | C] () -- C:\Documents and Settings\John Casella\My Documents\LoaderBackup-(2011-04-18).ipd
[2011/03/23 08:09:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 15:19:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/16 15:23:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Casella\Local Settings\Application Data\housecall.guid.cache
[2011/02/02 13:47:32 | 000,077,377 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2011/02/02 12:25:05 | 000,176,364 | ---- | C] () -- C:\WINDOWS\hpwins24.dat
[2011/02/02 12:25:05 | 000,001,879 | ---- | C] () -- C:\WINDOWS\hpwmdl24.dat
[2010/08/19 15:18:07 | 001,241,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/11 14:23:07 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/10 12:33:00 | 008,206,880 | ---- | C] () -- C:\WINDOWS\SUPERAntiSpyware.exe
[2010/04/12 13:40:45 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/08/15 08:20:51 | 000,170,217 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/08/13 14:39:44 | 000,137,594 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2009/08/13 14:39:43 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2009/08/13 14:29:17 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\John Casella\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 10:14:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/08 12:21:08 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/08 12:21:08 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/08 12:21:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/07/08 12:20:23 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/08 09:36:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/08 09:31:13 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 12:16:22 | 000,466,450 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 12:16:22 | 000,079,666 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 05:21:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/19 06:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 06:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/02/23 11:19:10 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\cc7f45
[2010/12/09 10:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/23 11:18:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\ISKBRE
[2011/01/06 15:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/01/06 15:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Casella\Application Data\Blackberry Desktop
[2011/05/06 11:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Casella\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/23 11:19:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\John Casella\Application Data\Internet Security Essentials
[2011/01/06 15:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Casella\Application Data\Research In Motion
[2011/03/16 09:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Casella\Application Data\webex
[2009/07/08 09:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Casella\Application Data\Windows Desktop Search
[2009/08/04 13:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Casella\Application Data\Windows Search
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >