Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run either Root Repeal or GMER

Started by bob~c , Sep 06 2009 04:24 PM

  • Please log in to reply

#1
bob~c
Posted 06 September 2009 - 04:24 PM

bob~c

    New Member

  • Member
  • Pip
  • 4 posts
Hi folks,

Just walked thru the steps of your guide and all's well until trying to run mbam.exe
Tried renaming--still wouldn't run

Downloaded GMER
Followed notes in post above and clicked "Scan" Partway thru I get BSOD and the computer reboots. Briefly, a file is shown on the BSOD.

Prior to hitting Scan, 2 services show up on the screen in red:
Posted Image
Posted Image

Following steps elsewhere, I right-clicked on both, deleted them, immediately rebooted and tried mbam.exe but just as before, it closes shortly after the scan starts.

I can delete the UAC one shown in GMER but the SKYNET pops back shortly afterwards.

I have also tried Root Repeal but it disappears after it starts scanning for files. It's tough to see but it appears to go as far as the C:/Windows/Minidump folder before closing.

Any thoughts as to what the next step would be??

Thanks for your time!

Cheers,
-bob

Edited by bob~c, 07 September 2009 - 08:06 AM.

  • 0

Advertisements

#2
bob~c
Posted 07 September 2009 - 08:06 AM

bob~c

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
bump
  • 0

#3
kahdah
Posted 07 September 2009 - 10:07 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello bob~c

Welcome to G2Go. :)
Bumping your topic set's you back further to get answered as it appears that you have already been helped if your topic has a reply to it already
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
  • 0

#4
bob~c
Posted 08 September 2009 - 09:42 AM

bob~c

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your help Kahdah,

The machine spiraled downward fast and I lost the ability to run most commands and access to the Internet.

I just did a Computer Restore (Vista) at via DOS and I'm back up and running. A system restore now seems like an easier way to go rather than fighting the malware.

thanks again for your reply...

Cheers,
-bob
  • 0

#5
kahdah
Posted 08 September 2009 - 12:05 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
There may be items leftover.

Please proceed with the OTl scan and a new gmer scan if you can get it.
  • 0

#6
bob~c
Posted 08 September 2009 - 04:34 PM

bob~c

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks! All looks good:

GMER flew through everything with no warnings. And, OTL came back with this output file:

OTL logfile created on: 9/8/2009 5:48:26 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\bobc\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.73 Gb Total Space | 157.31 Gb Free Space | 67.59% Space Free | Partition Type: NTFS
Drive D: | 1.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 1395.75 Gb Total Space | 1260.02 Gb Free Space | 90.28% Space Free | Partition Type: NTFS
Drive M: | 1395.75 Gb Total Space | 1260.02 Gb Free Space | 90.28% Space Free | Partition Type: NTFS
Drive S: | 1395.75 Gb Total Space | 1260.02 Gb Free Space | 90.28% Space Free | Partition Type: NTFS

Computer Name: CT-BCH
Current User Name: bobc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Windows\System32\WISPTIS.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WISPTIS.EXE (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Windows\system\HsMgr.exe ()
PRC - C:\Program Files\Display Fusion-Allows different wallpaper on each monitor\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
PRC - C:\Program Files\Thumbnail Sizer - Allows adjustment of thumbnail size\32bits\AveThumbnailSizer.exe (Andreas Verhoeven)
PRC - C:\Program Files\Switcher - Controls tiling of open windows on desktop\Switcher.exe (Bao_Nguyen)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\User Picture in 3D - rotates user picture in Start menu\3duserpic.exe (Andreas Verhoeven)
PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\KatMouse - Scrolling and seeing the window below the current one\KatMouse.exe ()
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE (CMedia)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Users\bobc\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdminService9.1D [Disabled | Stopped]) -- C:\CCURE800DLC\bin\AdmSrvc.exe ()
SRV - (Ati External Event Utility [On_Demand | Stopped]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Autodesk Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\Windows\System32\hpzipm12.dll (Hewlett-Packard)
SRV - (ProService9.1D [On_Demand | Stopped]) -- C:\CCURE800DLC\bin\ProSrvc.exe (Progress Software)
SRV - (ScsiAccess [On_Demand | Stopped]) -- C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe ()
SRV - (TabletServiceWacom [Auto | Running]) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (cmudaxp [On_Demand | Running]) -- C:\Windows\System32\drivers\cmudaxp.sys (C-Media Inc)
DRV - (e1express [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HECI [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeapfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (scsiscan [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\scsiscan.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Spyder2 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\Spyder2.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (wacmoumonitor [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\WacomVKHid.sys (Wacom Technology)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://photo.net/http://pandora.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blackboard.unh.edu/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.library.u...p://photo.net/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.7
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.6
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.60
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.1pre
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:1.4.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:2.0.0.38
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 15:21:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/08 16:04:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/08 16:04:13 | 00,000,000 | ---D | M]

[2008/08/31 15:49:42 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Extensions
[2008/08/31 15:49:42 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/08 17:20:49 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions
[2008/09/03 14:31:48 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2008/09/20 10:34:58 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2008/09/20 10:48:55 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/09/20 10:41:31 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}
[2009/09/08 16:09:09 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/08 10:33:52 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/09/20 11:21:46 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2008/09/03 14:33:35 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\mozilla\Firefox\Profiles\zqtcr19b.default\extensions\[email protected]
[2008/08/31 14:21:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/08 10:32:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/08 10:32:20 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/08 10:32:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/08 10:32:25 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/09/07 19:25:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/09/07 19:25:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/09/07 19:25:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/09/07 19:25:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/09/07 19:25:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/09/07 19:25:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/09/07 19:25:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/08 10:32:27 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/08 10:32:27 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/08 10:32:27 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/08 10:32:27 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/08 10:32:27 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/08 10:32:27 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/08 10:32:27 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for IE\fsaddin-0.60.dll ()
O3 - HKLM\..\Toolbar: (QT TabBar) - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (QT Tab Standard Buttons) - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Cmaudio8788] File not found
O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe ()
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AveThumbnail] C:\Program Files\Thumbnail Sizer - Allows adjustment of thumbnail size\32bits\AveThumbnailSizer.exe (Andreas Verhoeven)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files\Display Fusion-Allows different wallpaper on each monitor\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Switcher] C:\Program Files\Switcher - Controls tiling of open windows on desktop\Switcher.exe (Bao_Nguyen)
O4 - Startup: C:\Users\bobc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Autodesk Plotter Manager
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Default Programs
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = Folder Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = Game Controllers
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = Internet Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = iSCSI Initiator
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = Mail
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 10 = Offline Files
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 11 = People Near Me
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 12 = Phone and Modem Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 13 = Problem Reports and Solutions
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 14 = ProControl
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 15 = Quicktime
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 16 = Regional and Language Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 17 = SoundMAX AudioESP
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 18 = Sync Center
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 19 = Taskbar and Start Menu
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 20 = Welcome Center
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 21 = Windows Anytime Upgrade
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 22 = Windows Cardspace
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 23 = Windows Sideshow
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.h...osticsVista.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 132.177.216.53 132.177.102.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.unh.edu
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/07 16:24:02 | 00,000,083 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2008/08/06 01:23:05 | 00,189,808 | R--- | M] (Adobe Systems Incorporated) - D:\Autoplay.exe -- [ UDF ]
O32 - AutoRun File - [2008/08/06 01:23:05 | 00,189,808 | R--- | M] (Adobe Systems Incorporated) - D:\Autoplay.exe -- [ UDF ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autoplay.exe -- [2008/08/06 01:23:05 | 00,189,808 | R--- | M] (Adobe Systems Incorporated)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\Windows\System32\*.tmp files]
[2009/09/08 17:24:15 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\bobc\Desktop\OTL.exe
[2009/09/08 16:17:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\%%DATA_DIR%%
[2009/09/08 16:03:31 | 00,000,000 | ---D | C] -- C:\temp
[2009/09/08 15:25:43 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/08 15:25:43 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/08 15:25:43 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/08 15:25:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/08 15:25:43 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/08 15:25:42 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/08 15:25:42 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/08 15:25:42 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/08 15:25:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/08 15:25:41 | 00,813,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/08 15:25:41 | 00,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/09/08 15:25:41 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/09/08 15:25:41 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/09/08 15:24:50 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/08 15:24:49 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/08 15:24:49 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/08 15:24:49 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/08 15:24:49 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/08 15:24:49 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/09/08 15:24:49 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/08 15:24:08 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/08 15:24:08 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/09/08 15:24:08 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/09/08 15:24:08 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/09/08 15:24:08 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/09/08 15:24:07 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/08 15:20:52 | 00,000,000 | ---D | C] -- C:\Users\bobc\AppData\Local\Deployment
[2009/09/08 15:19:47 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 14:51:01 | 00,000,000 | ---D | C] -- C:\Users\bobc\AppData\Roaming\ASUS
[2009/09/08 14:51:00 | 00,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2009/09/08 14:50:41 | 00,122,880 | R--- | C] (CMedia Electronics Inc.) -- C:\Windows\System32\Cm_Oal.dll
[2009/09/08 14:50:40 | 00,204,800 | R--- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv2.dll
[2009/09/08 14:50:40 | 00,204,800 | R--- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv.dll
[2009/09/08 14:50:40 | 00,200,704 | R--- | C] () -- C:\Windows\System\HsMgr.exe
[2009/09/08 14:50:37 | 07,680,000 | R--- | C] (C-Media Corporation) -- C:\Windows\System\CmiCnfgP.cpl
[2009/09/08 14:50:35 | 00,139,264 | R--- | C] () -- C:\Windows\System\VmixP8.dll
[2009/09/08 14:50:35 | 00,043,520 | R--- | C] (C-Media Electronics Inc.) -- C:\Windows\System32\cmasiop.dll
[2009/09/08 14:50:34 | 00,712,704 | R--- | C] (Sensaura Ltd) -- C:\Windows\System32\Audio3Dp.dll
[2009/09/08 14:50:34 | 00,712,704 | R--- | C] (Sensaura Ltd) -- C:\Windows\System32\a3d.dll
[2009/09/08 14:50:32 | 00,040,358 | R--- | C] () -- C:\Windows\Xonar D1 Audio.ico
[2009/09/08 14:50:32 | 00,000,000 | ---D | C] -- C:\MediaCenterAudio
[2009/09/08 14:50:22 | 00,499,712 | R--- | C] () -- C:\Windows\System32\Cmeauoxy.exe
[2009/09/08 14:50:22 | 00,043,126 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2009/09/08 14:50:22 | 00,000,118 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2009/09/08 14:50:22 | 00,000,000 | ---D | C] -- C:\Program Files\ASUS Xonar D1 Audio
[2009/09/08 14:50:01 | 02,021,760 | ---- | C] (C-Media Inc) -- C:\Windows\System32\drivers\cmudaxp.sys
[2009/09/08 14:50:01 | 00,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\CmiFltr.dll
[2009/09/08 14:50:01 | 00,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System32\cmudaxp.dll
[2009/09/08 14:49:54 | 00,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009/09/08 14:49:54 | 00,007,214 | R--- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2009/09/08 14:49:54 | 00,000,862 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2009/09/08 14:49:54 | 00,000,801 | ---- | C] () -- C:\Windows\System\Cmicnfgp.ini
[2009/09/08 14:49:46 | 00,319,968 | R--- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2009/09/08 14:49:45 | 00,000,567 | R--- | C] () -- C:\Windows\cmudaxp.ini
[2009/09/08 14:21:36 | 00,000,000 | ---D | C] -- C:\Users\bobc\AppData\Roaming\DisplayFusion
[2009/09/08 13:39:43 | 00,000,000 | -HSD | C] -- C:\ProgramData\System Restore
[2009/09/08 13:39:43 | 00,000,000 | ---D | C] -- C:\Users\bobc\AppData\Roaming\FireShot
[2009/09/08 12:22:58 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily).job
[2009/09/08 12:17:38 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/09/08 12:17:37 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/09/08 12:17:05 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/08 12:16:58 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/09/08 10:40:18 | 00,000,000 | ---D | C] -- C:\Users\bobc\AppData\Roaming\Malwarebytes
[2009/09/08 10:40:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/07 19:25:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/09/07 19:21:37 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/09/07 19:21:37 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/09/07 19:21:37 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/09/07 19:20:50 | 02,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/09/07 19:20:06 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/09/07 19:20:06 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/09/07 19:20:06 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/09/07 19:20:06 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/09/07 19:20:06 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/09/07 19:20:06 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/09/07 19:18:56 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/09/07 19:18:12 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/09/07 19:17:30 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/09/07 19:15:59 | 00,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/09/07 19:15:18 | 00,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/09/07 19:15:18 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/09/07 19:14:36 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/09/07 19:13:48 | 01,871,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/09/07 19:13:48 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/09/07 19:13:48 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/09/07 19:13:00 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/09/07 19:13:00 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/09/07 19:12:15 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/09/07 19:11:09 | 11,315,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/09/07 19:10:19 | 00,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/09/07 19:09:38 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/09/07 19:09:38 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/09/07 19:09:38 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/09/07 19:09:38 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/09/07 19:09:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/09/07 19:09:38 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/09/07 19:08:58 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/09/07 19:08:13 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/09/07 19:08:13 | 00,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/09/07 19:08:13 | 00,408,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/09/07 19:08:13 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/09/07 19:08:13 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/09/07 19:08:13 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/09/07 19:08:13 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/09/07 19:08:12 | 00,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/09/07 19:06:26 | 00,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/09/07 19:06:25 | 03,503,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/09/07 19:06:25 | 03,469,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/09/07 19:06:25 | 00,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/09/07 19:06:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/09/07 19:06:23 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/09/07 19:06:23 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/09/07 19:06:23 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/09/07 19:06:23 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/09/07 19:05:34 | 00,875,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/09/07 19:05:33 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/09/07 19:05:33 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/09/07 19:04:49 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/09/07 19:04:49 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/09/07 19:04:49 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/09/07 19:03:43 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/09/07 19:03:43 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/09/07 19:03:42 | 02,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/09/07 19:03:42 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/09/07 19:03:42 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/09/07 19:03:42 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/09/07 19:03:42 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/09/07 19:03:41 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/09/07 19:03:41 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/09/07 19:03:41 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/09/07 19:03:41 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/09/07 19:03:40 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/09/07 19:03:40 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/09/07 19:03:39 | 06,067,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/09/07 19:03:38 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/09/07 19:03:38 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/09/07 19:03:38 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/09/07 19:03:38 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/09/07 19:03:37 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/09/07 19:03:37 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/09/07 19:03:36 | 01,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/09/07 19:03:36 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/09/07 19:03:36 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/09/07 19:03:35 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/09/07 19:03:34 | 01,159,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/09/07 19:03:34 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/09/07 19:03:34 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/09/07 19:03:33 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/09/07 19:03:33 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/09/07 19:03:33 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/09/07 19:03:33 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/09/07 19:02:23 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/09/07 19:02:23 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/09/07 19:01:31 | 10,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/09/07 19:01:31 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/09/07 19:01:30 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/09/07 19:01:30 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/09/07 19:01:30 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/09/07 19:01:28 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/09/07 19:01:28 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/09/07 19:01:27 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/09/07 19:00:26 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/09/07 18:56:19 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/09/07 18:56:19 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/09/07 18:56:19 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/09/07 18:56:19 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/09/07 18:56:13 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/09/07 18:56:11 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/09/07 18:56:11 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/09/07 18:56:11 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/09/07 18:35:34 | 31,391,744 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/09/07 18:35:34 | 00,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/09/07 18:35:34 | 00,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/09/07 18:33:36 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/09/07 18:33:36 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/09/07 18:33:34 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/09/07 18:33:34 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/09/07 18:33:34 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/09/07 18:12:42 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/07 18:12:42 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/09/07 18:12:42 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/07 18:11:40 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/09/07 18:11:40 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/09/07 18:10:14 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/09/07 18:09:55 | 00,788,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/09/07 18:08:46 | 01,341,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/09/07 18:08:45 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/09/07 16:59:38 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/09/07 16:59:38 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/09/07 16:59:38 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/09/07 16:59:38 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/09/07 16:58:14 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/09/07 16:58:14 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/09/07 16:58:14 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/09/07 16:57:28 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/09/07 16:57:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/09/20 16:27:51 | 00,044,344 | ---- | C] () -- C:\Windows\System32\drivers\SEQCAL.SYS
[2008/09/20 16:27:51 | 00,044,344 | ---- | C] () -- C:\Windows\System32\drivers\EyeOneDp.sys
[2008/09/20 16:27:41 | 00,045,056 | ---- | C] () -- C:\Windows\System32\Mplps.dll
[2008/09/12 19:08:00 | 00,000,000 | ---- | C] () -- C:\Windows\proctrl.INI
[2008/09/12 19:07:26 | 00,000,000 | ---- | C] () -- C:\Windows\proobjvw.INI
[2008/09/12 19:06:41 | 00,000,077 | ---- | C] () -- C:\Windows\SHED.INI
[2008/09/12 19:03:03 | 00,000,000 | ---- | C] () -- C:\Windows\watcher.INI
[2008/09/12 13:47:24 | 00,024,064 | ---- | C] () -- C:\Windows\System32\V900P6StringParser.dll
[2008/09/12 13:43:17 | 00,000,060 | ---- | C] () -- C:\Windows\vpdreg.ini
[2008/09/12 13:43:17 | 00,000,052 | ---- | C] () -- C:\Windows\idreg.ini
[2008/09/12 13:42:06 | 00,000,204 | ---- | C] () -- C:\Windows\itcsetup.ini
[2008/09/12 13:42:06 | 00,000,204 | ---- | C] () -- C:\Windows\CCUREID.ini
[2008/09/12 13:41:41 | 00,100,352 | ---- | C] () -- C:\Windows\System32\pg32conv.dll
[2008/09/12 13:41:40 | 00,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/09/12 13:41:33 | 00,387,220 | ---- | C] () -- C:\Windows\System32\prosql32.dll
[2008/09/12 13:41:32 | 01,138,688 | ---- | C] () -- C:\Windows\System32\BII_V1100.dll
[2008/09/12 13:41:32 | 00,143,446 | ---- | C] () -- C:\Windows\System32\telenorcom.dll
[2008/09/12 13:41:32 | 00,045,056 | ---- | C] () -- C:\Windows\System32\tjpegcodec.dll
[2008/09/12 13:41:32 | 00,040,960 | ---- | C] () -- C:\Windows\System32\ITCC.dll
[2008/09/12 13:41:31 | 00,450,560 | ---- | C] () -- C:\Windows\System32\bii_dll.dll
[2008/09/12 13:41:31 | 00,024,064 | ---- | C] () -- C:\Windows\System32\StringParser.dll
[2008/09/12 13:41:31 | 00,010,752 | ---- | C] () -- C:\Windows\System32\ImageProc.dll
[2008/09/12 13:41:31 | 00,002,537 | ---- | C] () -- C:\Windows\SigPlus.ini
[2008/09/12 13:40:56 | 00,053,248 | ---- | C] () -- C:\Windows\System32\CCUREIDFPCapture.dll
[2008/09/10 10:03:03 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/10 10:01:30 | 00,000,044 | ---- | C] () -- C:\Windows\PERFV700SERIES.ini
[2008/08/31 15:21:43 | 00,000,173 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/08/30 14:42:31 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/08/30 14:16:29 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/04 12:08:55 | 00,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007/02/13 17:16:04 | 00,012,288 | ---- | C] () -- C:\Windows\System32\drivers\Spyder2.sys
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/11 06:43:28 | 00,172,032 | ---- | C] () -- C:\Windows\System32\libssl32.dll
[2005/11/11 06:43:24 | 00,887,296 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/09/28 16:06:02 | 00,905,290 | R--- | C] () -- C:\Windows\System32\libmmd.dll
[2005/08/31 04:20:00 | 00,233,557 | ---- | C] () -- C:\Windows\System32\esint54.dll

========== Files - Modified Within 30 Days ==========

[3 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/09/08 17:49:59 | 00,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F39CCF4-1731-4FD9-A1A1-96135D3EAF28}.job
[2009/09/08 17:24:47 | 00,733,440 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/08 17:24:47 | 00,629,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/08 17:24:47 | 00,108,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/08 17:24:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\bobc\Desktop\OTL.exe
[2009/09/08 17:18:53 | 00,000,173 | ---- | M] () -- C:\Windows\hpbafd.ini
[2009/09/08 17:18:45 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/08 17:18:44 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/08 17:18:38 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/08 17:18:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/08 17:18:36 | 34,871,54176 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/08 17:17:41 | 07,540,479 | -H-- | M] () -- C:\Users\bobc\AppData\Local\IconCache.db
[2009/09/08 16:46:57 | 00,000,021 | ---- | M] () -- C:\Windows\vb.ini
[2009/09/08 15:25:43 | 00,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/08 15:25:43 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/08 15:25:43 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/08 15:25:43 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/08 15:25:43 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/08 15:25:42 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/08 15:25:42 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/08 15:25:42 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/08 15:25:42 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/08 15:25:41 | 00,813,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/08 15:25:41 | 00,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/09/08 15:25:41 | 00,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/09/08 15:25:41 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/09/08 15:24:50 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/08 15:24:49 | 01,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2009/09/08 15:24:49 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/08 15:24:49 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/08 15:24:49 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/08 15:24:49 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/09/08 15:24:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/08 15:24:09 | 02,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/08 15:24:08 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/09/08 15:24:08 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/09/08 15:24:08 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/09/08 15:24:08 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/09/08 15:24:07 | 02,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/08 15:19:48 | 00,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 14:52:43 | 01,780,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/08 14:51:03 | 00,137,024 | ---- | M] () -- C:\Users\bobc\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/08 14:50:59 | 00,043,126 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl
[2009/09/08 14:50:34 | 00,000,118 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2009/09/08 14:50:29 | 00,000,862 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2009/09/08 14:50:29 | 00,000,801 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini
[2009/09/08 14:33:05 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily).job
[2009/09/08 14:22:10 | 00,872,448 | ---- | M] () -- C:\Users\bobc\AppData\Local\filesync.metadata
[2009/09/08 11:21:01 | 00,006,836 | ---- | M] () -- C:\Users\bobc\AppData\Local\d3d9caps.dat
[2009/09/08 10:17:18 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/09/07 19:25:56 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/09/07 19:21:37 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/09/07 19:21:37 | 00,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/09/07 19:21:37 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/09/07 19:20:50 | 02,028,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/09/07 19:20:06 | 00,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/09/07 19:20:06 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/09/07 19:20:06 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/09/07 19:20:06 | 00,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/09/07 19:20:06 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/09/07 19:20:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/09/07 19:18:56 | 00,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/09/07 19:18:12 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/09/07 19:17:30 | 00,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/09/07 19:15:59 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/09/07 19:15:18 | 00,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/09/07 19:15:18 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/09/07 19:14:36 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/09/07 19:13:48 | 01,871,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/09/07 19:13:48 | 00,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/09/07 19:13:48 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/09/07 19:13:00 | 01,194,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/09/07 19:13:00 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/09/07 19:12:15 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/09/07 19:11:09 | 11,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/09/07 19:10:19 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/09/07 19:09:38 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/09/07 19:09:38 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/09/07 19:09:38 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/09/07 19:09:38 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/09/07 19:09:38 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/09/07 19:09:38 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/09/07 19:08:58 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/09/07 19:08:13 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/09/07 19:08:13 | 00,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/09/07 19:08:13 | 00,408,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/09/07 19:08:13 | 00,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/09/07 19:08:13 | 00,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/09/07 19:08:13 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/09/07 19:08:13 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/09/07 19:08:12 | 00,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/09/07 19:06:26 | 00,549,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/09/07 19:06:25 | 03,503,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/09/07 19:06:25 | 03,469,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/09/07 19:06:25 | 00,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/09/07 19:06:25 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/09/07 19:06:23 | 00,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/09/07 19:06:23 | 00,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/09/07 19:06:23 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/09/07 19:06:23 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/09/07 19:05:34 | 00,875,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/09/07 19:05:33 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/09/07 19:05:33 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/09/07 19:04:49 | 00,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/09/07 19:04:49 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/09/07 19:04:49 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/09/07 19:03:43 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/09/07 19:03:43 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/09/07 19:03:42 | 02,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/09/07 19:03:42 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/09/07 19:03:42 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/09/07 19:03:42 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/09/07 19:03:42 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/09/07 19:03:41 | 00,827,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/09/07 19:03:41 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/09/07 19:03:41 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/09/07 19:03:41 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/09/07 19:03:40 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/09/07 19:03:40 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/09/07 19:03:39 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/09/07 19:03:38 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/09/07 19:03:38 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/09/07 19:03:38 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/09/07 19:03:38 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/09/07 19:03:37 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/09/07 19:03:37 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/09/07 19:03:36 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/09/07 19:03:36 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/09/07 19:03:36 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/09/07 19:03:35 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/09/07 19:03:34 | 01,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/09/07 19:03:34 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/09/07 19:03:34 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/09/07 19:03:33 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/09/07 19:03:33 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/09/07 19:03:33 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/09/07 19:03:33 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/09/07 19:02:23 | 00,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/09/07 19:02:23 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/09/07 19:01:31 | 10,621,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/09/07 19:01:31 | 08,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/09/07 19:01:30 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/09/07 19:01:30 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/09/07 19:01:30 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/09/07 19:01:28 | 00,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/09/07 19:01:28 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/09/07 19:01:28 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/09/07 19:00:26 | 00,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/09/07 18:56:19 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/09/07 18:56:19 | 00,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/09/07 18:56:19 | 00,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/09/07 18:56:19 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/09/07 18:56:13 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/09/07 18:56:11 | 00,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/09/07 18:56:11 | 00,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/09/07 18:56:11 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/09/07 18:45:22 | 31,391,744 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/09/07 18:45:22 | 00,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/09/07 18:45:21 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/09/07 18:33:36 | 00,096,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/09/07 18:33:36 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/09/07 18:33:34 | 00,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/09/07 18:33:34 | 00,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/09/07 18:33:34 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/09/07 18:12:42 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/07 18:12:42 | 01,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/09/07 18:12:42 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/07 18:11:40 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/09/07 18:11:40 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/09/07 18:10:14 | 01,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/09/07 18:09:55 | 00,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/09/07 18:08:46 | 01,341,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/09/07 18:08:45 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/09/07 16:59:38 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/09/07 16:59:38 | 01,524,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/09/07 16:59:38 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/09/07 16:59:38 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/09/07 16:58:14 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/09/07 16:58:14 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/09/07 16:58:14 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/09/07 16:57:28 | 00,162,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/09/07 16:57:28 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

========== LOP Check ==========

[2009/09/08 14:51:01 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming
[2009/09/08 14:51:01 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\ASUS
[2008/08/30 17:23:31 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\ATI
[2008/09/11 11:48:24 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Autodesk
[2008/09/06 09:35:44 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Bao_Nguyen
[2008/08/31 19:35:32 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\CyberLink
[2008/09/20 14:23:55 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Desktopicon
[2009/09/08 14:21:43 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\DisplayFusion
[2008/09/10 13:57:02 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\EPSON
[2009/09/08 13:39:43 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\FireShot
[2008/09/22 08:50:21 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Lasersoft Imaging
[2008/09/10 10:04:35 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Leadertech
[2008/08/31 16:46:07 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Netscape
[2008/09/04 16:39:35 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Nikon
[2008/09/05 16:32:58 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Nuance
[2008/08/31 16:43:46 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Photodex
[2008/09/06 15:11:39 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\Windows Sidebar Styler
[2009/09/08 17:18:58 | 00,000,000 | ---D | M] -- C:\Users\bobc\AppData\Roaming\WTablet
[2009/09/08 14:33:05 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily).job
[2009/09/08 17:18:38 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/08 17:17:43 | 00,031,754 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/08 17:49:59 | 00,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3F39CCF4-1731-4FD9-A1A1-96135D3EAF28}.job

========== Purity Check ==========


< End of report >


So, I think I'm good!

Cheers,
-bob
  • 0

#7
kahdah
Posted 08 September 2009 - 05:06 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yep you were lucky typically it will also infect restore points but this one did not.

Delete\uninstall anything that we have used.

=====================================
After that your all set. :)


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP