Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Several viruses - Packed.Generic, Bloodhound, etc.

Started by jsaklas , May 27 2009 11:06 PM

  • Please log in to reply

#1
jsaklas
Posted 27 May 2009 - 11:06 PM

jsaklas

    Member

  • Member
  • PipPipPip
  • 333 posts
First, the bad news, I GOT A BLUE SCREEN mad.gif , so I know something was amiss. Because I was in the panic mode, I neglected to write down the message; it was something about checking disc space and said if this was the first time the blue screen appeared, don't worry, just reboot.

I rebooted, and I got the dreaded blue screen again mad.gif . Still in a state of panic, I again forgot to write down what was on the screen.

I started to reboot again, but hit F8 while rebooting and from the several options (Safe Mode, etc.) I chose to reboot with the option that was titled something similar to: Last Configuration That Worked. The machine rebooted. While doing some email work and surfing, Norton Anti-Virus found:

Packed.Generic.225 and Bloodhound.Exploit.196 and Hacktool.Rootkit.


I then did the following:

I ran Norton, AVG 8.5.339 and the most recent Malwarebytes'Anti-Malware. Norton found nothing; AVG found a couple of Spyware. It appears that MBAM found and zapped most of them, especially after rebooting. However, the machine still seems a bit slow, but it may be due to all the anti-virus and anti-spyware I run.



Below is the log from the last run of MBAM, OTListIt2 and Rootkit:


Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 3

5/27/2009 9:19:07 PM
mbam-log-2009-05-27 (21-19-07).txt

Scan type: Quick Scan
Objects scanned: 112542
Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\system32\msdriver.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdriver (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Downloader) -> Data: c:\windows\system32\msdriver.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\WINDOWS\system32\msdriver.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msdriver.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\new_drv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.




OTListIt Extras logfile created on: 5/28/2009 12:22:55 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\James Saklas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 235.91 Mb Available Physical Memory | 46.12% Memory free
1.22 Gb Paging File | 0.68 Gb Available in Paging File | 55.61% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 28.29 Gb Free Space | 37.97% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY-COMPUTER
Current User Name: James Saklas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = jsfile] -- C:\Corel\Suite8\Programs\CCWin\Cscape.exe (Netscape Communications Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Kodak\Kodak EasyShare software\BIN\EasyShare.exe:*:Enabled:EasyShare ()
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1132694188\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1132694188\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Common Files\AOL\1146660718\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1146660718\ee\aim6.exe:*:Enabled:AIM File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Computer, Inc.)
C:\WINDOWS\system32\rdtmTIC\XPNETDIAG.EXE File not found
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA File not found
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent File not found
C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{16f3c478-50ba-4aa7-8a56-df6c01f6bff1}" = DFX 8 for Windows Media Player
"{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{53F6009E-756A-4D3D-A0D3-B6D4CBEDA819}" = FloorPlan 3D v8
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6200E744-E10A-4F3F-9B41-4115424D6059}" = Driver Detective
"{638FE33C-FD84-4B5F-82CD-C01EF4B335BA}" = TurboCAD Deluxe v9
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{7135DAB0-ACA8-4EFB-B700-FAF66363491A}" = Symbols for FloorPlan v8
"{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{8619D8AC-9B4F-4C42-A71E-F842B8247EE6}" = TurboCAD Symbols
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AB4862FB-0396-4E75-A523-850577EBFC73}" = Security Advisor
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D13D318A-43CB-4D0C-9EF6-E1B01FF25279}" = DriverGuide Toolkit
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D25122BC-A60E-4663-B602-B01718F12044}" = US DOT VPN Client
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC18317E-BB91-4502-8909-E5AB70BC1033}" = Nero 7 Essentials
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"afreeCodecVT2" = afreeCodecVT
"ASAP Utilities_is1" = ASAP Utilities
"AVG8Uninstall" = AVG 8.5
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"CCleaner" = CCleaner (remove only)
"CD/DVD Data Recovery_is1" = CD/DVD Data Recovery version 1.0
"CleanUp!" = CleanUp!
"Click'N Design 3D" = Click'N Design 3D
"C-Media PCI Sound" = Xtreme Sound PCI
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"DSMT5" = MathType 5
"eDATA Unerase" = eDATA Unerase
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Excel Utilities 1.5" = Excel Utilities 1.5
"Excel VBA Code Cleaner 4.4" = Excel VBA Code Cleaner 4.4
"Excel VBA Code Documentor 4.0" = Excel VBA Code Documentor 4.0
"Family Lawyer 99" = Family Lawyer '99
"FreeZip" = FreeZip
"Gyula's Navigator_is1" = Gyula's Windows Navigator 1.27
"HaxFix_is1" = HaxFix 4.48
"HijackThis" = HijackThis 2.0.2
"Hijackthis_is1" = Hijackthis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"Java Web Start" = Java Web Start
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Ken Ward's Zipper_is1" = Ken Ward's Zipper 1.4000
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MovieJoiner" = Movie Joiner
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.2)" = Netscape (7.2)
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NUCLEUS KERNEL for CD-DVD_is1" = NUCLEUS KERNEL for CD-DVD 1.8
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Panda ActiveScan" = Panda ActiveScan
"PrimoPDF3.1" = PrimoPDF
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.20
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 5.2
"RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"RSX2Uninst" = Intel RSX 3D
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"ST4UNST #1" = Peck's Power Join
"SymSetup.{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2005 (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"XY Chart Labeler 6.22" = XY Chart Labeler 6.22

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Juniper_Networks_Cache_Cleaner 5.5.0" = Juniper Networks Cache Cleaner 5.5.0
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"MediaJoin" = MediaJoin
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2009 11:40:38 PM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/31/2009 4:20:33 PM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/31/2009 4:25:33 PM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/31/2009 4:30:33 PM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/25/2009 7:52:55 PM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/25/2009 7:58:02 PM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/26/2009 3:11:38 AM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/26/2009 3:16:38 AM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/26/2009 10:57:23 PM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/26/2009 11:02:23 PM | Computer Name = FAMILY-COMPUTER | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

[ System Events ]
Error - 5/27/2009 7:25:43 PM | Computer Name = FAMILY-COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 5/27/2009 7:30:24 PM | Computer Name = FAMILY-COMPUTER | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 5/27/2009 7:30:24 PM | Computer Name = FAMILY-COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 1/1/2003 12:09:30 AM | Computer Name = FAMILY-COMPUTER | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 80647d4e, parameter3
f8b44828, parameter4 00000000.

Error - 1/1/2003 12:09:51 AM | Computer Name = FAMILY-COMPUTER | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 80647d4e, parameter3
f8b44828, parameter4 00000000.

Error - 1/1/2003 12:10:08 AM | Computer Name = FAMILY-COMPUTER | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 1/1/2003 12:10:08 AM | Computer Name = FAMILY-COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 5/27/2009 9:23:47 PM | Computer Name = FAMILY-COMPUTER | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 5/27/2009 9:28:53 PM | Computer Name = FAMILY-COMPUTER | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 5/27/2009 9:28:53 PM | Computer Name = FAMILY-COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep IntelIde


< End of report >




HKLM\SECURITY\Policy\Secrets\SAC* 8/31/2005 12:29 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/31/2005 12:29 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 5/27/2009 10:44 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 5/27/2009 10:44 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\rdtmmctk.exe 11/13/2008 9:52 PM 47 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\rdtmmctk.exe 11/13/2008 9:52 PM 47 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\rdtmmctk.exe 11/13/2008 9:52 PM 47 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\03601642d01 5/27/2009 11:30 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\048456C9d01 5/27/2009 11:27 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\076F485Ad01 5/27/2009 11:26 PM 23.42 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\08601642d01 5/27/2009 11:29 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\09601642d01 5/27/2009 11:29 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\0A601642d01 5/27/2009 11:29 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\0B601642d01 5/27/2009 11:29 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\0C601642d01 5/27/2009 11:30 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\0D601642d01 5/27/2009 11:29 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\0E601642d01 5/27/2009 11:29 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\0F601642d01 5/27/2009 11:29 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\123399CBd01 5/27/2009 11:30 PM 16.41 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\256452A8d01 5/27/2009 11:30 PM 30.17 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\332CA3D3d01 5/27/2009 11:30 PM 39.16 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\39409DC1d01 5/27/2009 11:30 PM 19.19 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\4C039690d01 5/27/2009 11:21 PM 17.88 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\5221D7D1d01 5/27/2009 11:21 PM 36.36 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\684892F4d01 5/27/2009 11:26 PM 122.64 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\83BC63D1d01 5/27/2009 11:21 PM 17.35 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\A285042Fd01 5/27/2009 11:27 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\A385042Fd01 5/27/2009 11:28 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\A485042Fd01 5/27/2009 11:28 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\A585042Fd01 5/27/2009 11:28 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\A685042Fd01 5/27/2009 11:28 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\A785042Fd01 5/27/2009 11:28 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\A885042Fd01 5/27/2009 11:28 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\A985042Fd01 5/27/2009 11:29 PM 52.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B0030A32d01 5/27/2009 11:26 PM 36.36 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B744001Ad01 5/27/2009 11:24 PM 63.20 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B745001Ad01 5/27/2009 11:24 PM 78.85 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B748001Ad01 5/27/2009 11:23 PM 70.29 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B749001Ad01 5/27/2009 11:23 PM 96.97 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B74D001Ad01 5/27/2009 11:23 PM 49.92 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B74E001Ad01 5/27/2009 11:23 PM 73.32 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B74F001Ad01 5/27/2009 11:23 PM 123.36 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B754001Ad01 5/27/2009 11:25 PM 132.73 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B755001Ad01 5/27/2009 11:25 PM 86.97 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B758001Ad01 5/27/2009 11:24 PM 89.71 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B759001Ad01 5/27/2009 11:24 PM 123.73 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B75A001Ad01 5/27/2009 11:25 PM 142.00 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B75B001Ad01 5/27/2009 11:25 PM 83.18 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B75E001Ad01 5/27/2009 11:24 PM 119.33 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B75F001Ad01 5/27/2009 11:24 PM 69.60 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B764001Ad01 5/27/2009 11:26 PM 97.15 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B765001Ad01 5/27/2009 11:26 PM 66.37 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B768001Ad01 5/27/2009 11:26 PM 73.90 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B769001Ad01 5/27/2009 11:26 PM 75.52 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B76B001Ad01 5/27/2009 11:26 PM 48.12 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B76C001Ad01 5/27/2009 11:25 PM 98.59 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B76D001Ad01 5/27/2009 11:25 PM 126.44 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B76E001Ad01 5/27/2009 11:26 PM 115.49 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B76F001Ad01 5/27/2009 11:26 PM 94.05 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\B77C001Ad01 5/27/2009 11:24 PM 140.85 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\BAC459ADd01 5/27/2009 11:26 PM 58.89 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\C24FD7CDd01 5/27/2009 11:30 PM 33.89 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\E34F0ABBd01 5/27/2009 11:29 PM 27.29 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\E34F0AFBd01 5/27/2009 11:28 PM 22.63 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\E34F0B5Bd01 5/27/2009 11:28 PM 31.02 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\E34F0B9Bd01 5/27/2009 11:28 PM 35.43 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\E34F0BBBd01 5/27/2009 11:28 PM 29.23 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F041Bd01 5/27/2009 11:28 PM 43.44 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F049Bd01 5/27/2009 11:27 PM 48.71 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F04ABd01 5/27/2009 11:27 PM 41.74 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F04BBd01 5/27/2009 11:27 PM 53.77 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F04DBd01 5/27/2009 11:29 PM 55.51 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F04FBd01 5/27/2009 11:28 PM 61.76 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F050Bd01 5/27/2009 11:30 PM 42.79 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F051Bd01 5/27/2009 11:29 PM 53.73 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F058Bd01 5/27/2009 11:29 PM 37.93 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F059Bd01 5/27/2009 11:29 PM 45.45 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F05BBd01 5/27/2009 11:29 PM 65.37 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F05CBd01 5/27/2009 11:29 PM 52.45 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\F71F05DBd01 5/27/2009 11:29 PM 44.89 KB Hidden from Windows API.
C:\Documents and Settings\James Saklas\Local Settings\Application Data\Mozilla\Firefox\Profiles\mxas3z42.default\Cache\FC664FC3d01 5/27/2009 11:21 PM 48.98 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00803442 5/26/2009 1:44 AM 4.35 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803443.bin 5/25/2009 11:45 PM 288 bytes Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803444 5/26/2009 1:31 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803445 5/26/2009 1:32 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803446 5/26/2009 1:34 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803447 5/26/2009 1:35 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803448 5/26/2009 1:36 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803449 5/26/2009 1:38 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803450 5/14/2009 8:28 AM 1000.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803451 5/26/2009 1:39 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803452 5/26/2009 1:41 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803453 5/26/2009 1:42 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803454 5/26/2009 1:44 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803455 5/26/2009 1:45 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803456 5/26/2009 1:46 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803457 5/26/2009 1:48 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803458 5/26/2009 1:49 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803459 5/26/2009 1:51 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803460 5/26/2009 1:52 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803461 5/26/2009 1:54 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803462 5/26/2009 1:55 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803463 5/26/2009 1:57 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803464 5/26/2009 1:58 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803466 5/26/2009 2:00 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803467 5/13/2009 11:57 PM 1000.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803468 5/26/2009 2:02 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803469 5/26/2009 2:03 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803470 5/26/2009 2:05 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803471 5/26/2009 2:06 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803472 5/26/2009 2:08 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803473 5/26/2009 2:09 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803474 5/26/2009 2:11 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803475 5/26/2009 2:12 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803476 5/26/2009 2:14 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803477 5/26/2009 2:15 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803478 5/26/2009 2:17 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803479 5/26/2009 2:18 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803480 5/26/2009 2:19 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803481 5/26/2009 2:20 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803482 5/26/2009 2:21 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803483 5/26/2009 2:22 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803484 5/26/2009 2:24 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803485 5/26/2009 2:25 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803486 5/26/2009 2:26 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803487 5/26/2009 2:27 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803488 5/26/2009 2:28 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803489 5/26/2009 2:29 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803490 5/26/2009 2:30 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803491 5/26/2009 2:32 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803492 5/26/2009 2:33 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803493 5/26/2009 2:34 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803494 5/26/2009 2:35 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803495 5/26/2009 2:36 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803496 5/26/2009 2:37 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803497 5/26/2009 2:38 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803498 5/26/2009 2:40 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803499.edb 5/26/2009 2:46 AM 64.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803500 5/26/2009 2:41 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803501 5/26/2009 2:42 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803502 5/26/2009 2:43 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803503 5/26/2009 2:44 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803504 5/26/2009 2:45 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803505 5/26/2009 2:46 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803506 5/26/2009 2:47 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803507 5/26/2009 2:48 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803508 5/26/2009 2:49 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803509 5/26/2009 2:50 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00803510 5/26/2009 2:52 AM 1000.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Recycled\NPROTECT\00805425 5/27/2009 11:05 PM 9.41 MB Hidden from Windows API.
C:\Recycled\NPROTECT\00805428.SQL 5/27/2009 11:12 PM 3.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805429.SQL 5/27/2009 11:12 PM 164.82 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805432.SQL 5/27/2009 11:20 PM 5.54 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805433.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805434.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805435.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805436.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805437.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805438.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805439.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805440.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805441.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805442.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805443.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805444.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805445.SQL 5/27/2009 11:21 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805446.SQL 5/27/2009 11:22 PM 5.54 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805447.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805448.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805449.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805450.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805451.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805452.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805453.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805454.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805455.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805456.SQL 5/27/2009 11:22 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805457.SQL 5/27/2009 11:23 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805458.SQL 5/27/2009 11:23 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805459.SQL 5/27/2009 11:23 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805460.SQL 5/27/2009 11:23 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805461.SQL 5/27/2009 11:23 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805462.SQL 5/27/2009 11:23 PM 4.53 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805463.SQL 5/27/2009 11:23 PM 3.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805464.SQL 5/27/2009 11:24 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805465.SQL 5/27/2009 11:24 PM 4.53 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805466.SQL 5/27/2009 11:24 PM 3.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805467.SQL 5/27/2009 11:25 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805468.SQL 5/27/2009 11:25 PM 4.53 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805469.SQL 5/27/2009 11:25 PM 3.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805470.SQL 5/27/2009 11:26 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805473.SQL 5/27/2009 11:26 PM 5.54 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805474.SQL 5/27/2009 11:26 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805475.SQL 5/27/2009 11:26 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805476.SQL 5/27/2009 11:27 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805477.SQL 5/27/2009 11:27 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805478.SQL 5/27/2009 11:27 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805479.SQL 5/27/2009 11:28 PM 5.54 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805480.SQL 5/27/2009 11:28 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805481.SQL 5/27/2009 11:28 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805482.SQL 5/27/2009 11:28 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805483.SQL 5/27/2009 11:29 PM 4.53 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805484.SQL 5/27/2009 11:29 PM 3.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805485.SQL 5/27/2009 11:29 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805486.SQL 5/27/2009 11:29 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805487.SQL 5/27/2009 11:29 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805488.SQL 5/27/2009 11:30 PM 4.53 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805489.SQL 5/27/2009 11:30 PM 3.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805490.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805491.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805492.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805493.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805494.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805495.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805496.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805497.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
C:\Recycled\NPROTECT\00805498.SQL 5/27/2009 11:30 PM 2.52 KB Hidden from Windows API.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP