[rseay267]

It appears I was infected by Trojan.FakeAV!Gen. - at least that is what my Symantec antivirus said it had deleted. But now I cannot access the internet at all. The wireless icon is showing that it is connected, but Firefox says it cannot connect to the server. My computer runs on Windows XP with SP3. I have already run through your Malware and Spyware cleaning guide.

Thank you for any input you can give me!
Renee Seay

Here are the logs:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/26 00:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: F:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA866D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: F:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5C0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: F:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA4904000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a3902e8

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a2cb338

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a596208

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a5386c0

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a542248

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a4ed270

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "F:\Program Files\Symantec\SYMEVENT.SYS" at address 0xa8c4b350

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a5476e8

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a542308

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a390268

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a3212b8

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a2f6090

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a2e62e8

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8a2f1420

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x8a320080

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a365318

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a30a758

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a3065c0

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a333978

#: 247 Function Name: NtSetValueKey
Status: Hooked by "F:\Program Files\Symantec\SYMEVENT.SYS" at address 0xa8c4b580

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a2f6058

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a5180d0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a2dfa60

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a310448

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a391448

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a593960

==EOF==

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/26/2009 12:23:12 AM
mbam-log-2009-11-26 (00-23-12).txt

Scan type: Quick Scan
Objects scanned: 110511
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 11/26/2009 12:50:30 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = L:\Fix the comp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
Drive D: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 12.68 Gb Total Space | 0.43 Gb Free Space | 3.39% Space Free | Partition Type: FAT32
Drive G: | 24.40 Gb Total Space | 20.78 Gb Free Space | 85.14% Space Free | Partition Type: FAT32
Drive H: | 195.77 Gb Total Space | 181.06 Gb Free Space | 92.49% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 24.41 Gb Total Space | 9.89 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive L: | 1.91 Gb Total Space | 0.50 Gb Free Space | 26.02% Space Free | Partition Type: FAT

Computer Name: SEAY-01
Current User Name: Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/25 23:56:26 | 00,531,456 | ---- | M] (OldTimer Tools) -- L:\Fix the comp\OTL.exe
PRC - [2009/07/27 19:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/01 19:13:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/01 19:13:40 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/09 16:09:30 | 00,068,136 | ---- | M] () -- F:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/10/27 10:27:18 | 00,317,992 | ---- | M] (Gigabyte) -- F:\Program Files\Gigabyte\GBTUpd\RunUpd.exe
PRC - [2008/09/18 09:14:10 | 00,880,640 | ---- | M] (brother) -- F:\Program Files\Brownie\BrStsWnd.exe
PRC - [2008/08/26 01:51:18 | 16,851,456 | R--- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\RTHDCPL.EXE
PRC - [2008/08/20 22:05:56 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/08/20 22:05:56 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/06/09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- F:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 10:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2008/04/14 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 08:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/14 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/03/25 17:21:56 | 00,219,656 | ---- | M] () -- F:\Program Files\Gigabyte\ET6\GUI.exe
PRC - [2008/02/08 11:10:00 | 00,394,856 | R--- | M] (WinZip Computing, S.L.) -- F:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/01/30 04:52:22 | 00,106,496 | ---- | M] (WDC) -- F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/01/30 04:50:26 | 00,438,272 | ---- | M] (WDC) -- F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/01/11 12:54:44 | 00,090,112 | ---- | M] (brother) -- F:\Program Files\Brownie\brpjp04a.exe
PRC - [2007/12/01 17:38:16 | 00,038,400 | R--- | M] () -- F:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
PRC - [2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007/06/27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 08:47:24 | 01,629,480 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 08:47:12 | 01,552,680 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 08:47:02 | 01,057,064 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- F:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/27 15:23:04 | 00,347,432 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/10/26 20:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006/10/24 19:33:00 | 00,125,120 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/10/24 19:32:50 | 01,813,184 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/10/24 19:32:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/15 15:04:20 | 00,425,984 | ---- | M] (MSI Technology, Corp.) -- F:\Program Files\MSI\Common\RaUI.exe
PRC - [2005/02/17 07:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wdfmgr.exe


========== Modules (SafeList) ==========

MOD - [2009/11/25 23:56:26 | 00,531,456 | ---- | M] (OldTimer Tools) -- L:\Fix the comp\OTL.exe
MOD - [2008/04/14 12:00:00 | 01,054,208 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 08:00:00 | 00,185,344 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NeroRegInCDSrv)
SRV - [2009/07/01 19:13:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/09 16:09:30 | 00,068,136 | ---- | M] () -- F:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/20 15:18:52 | 00,136,120 | ---- | M] (Google) -- F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/08/20 22:05:56 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/08/20 21:05:00 | 00,593,920 | ---- | M] () -- F:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/06/09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- F:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/04/14 08:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/30 04:52:22 | 00,106,496 | ---- | M] (WDC) -- F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/06/25 08:47:12 | 01,552,680 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- F:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/10/24 19:32:54 | 00,116,416 | ---- | M] (symantec) -- F:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/10/24 19:32:50 | 01,813,184 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/10/24 19:32:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 12:00:40 | 02,528,960 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: F:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/01 19:13:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2009/06/11 15:11:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2009/06/11 15:11:58 | 00,000,000 | ---D | M]

[2009/06/11 15:12:22 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Mozilla\Extensions
[2009/06/11 15:12:22 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/11 15:12:22 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\0y4ptdy0.default\extensions
[2009/07/03 11:20:28 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\0y4ptdy0.default\extensions\[email protected]

O1 HOSTS File: (734 bytes) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrStsWnd] F:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] F:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] F:\Program Files\Corel\Corel MediaOne\Corel PhotoDownloader.exe File not found
O4 - HKLM..\Run: [EasyTuneVI] F:\Program Files\Gigabyte\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GBTUpd] F:\Program Files\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [GrooveMonitor] G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] F:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISUSPM Startup] F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] G:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] F:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SecurDisc] F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] F:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WD Drive Manager] F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [LightScribe Control Panel] F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSI Wireless Utility.lnk = F:\Program Files\MSI\Common\RaUI.exe (MSI Technology, Corp.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = F:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: F:\Documents and Settings\Renee\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - F:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - F:\WINDOWS\system32\NavLogon.dll - F:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 00,000,309 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - J:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell - "" = AutoRun
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - F:\WINDOWS\system32\ias [2009/04/12 05:07:40 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - F:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892059130527744)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/26 00:20:07 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Renee\Application Data\Malwarebytes
[2009/11/26 00:20:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/26 00:20:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2009/11/26 00:20:03 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/25 01:31:50 | 00,000,000 | -HSD | C] -- F:\FOUND.000
[2009/11/16 11:45:11 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Renee\Application Data\QuosaDDM
[1 F:\WINDOWS\System32\drivers\*.tmp files -> F:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/26 00:51:30 | 00,612,736 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/26 00:51:30 | 00,507,192 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2009/11/26 00:51:30 | 00,093,160 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2009/11/26 00:47:52 | 00,024,944 | ---- | M] () -- F:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/11/26 00:47:52 | 00,000,004 | ---- | M] () -- F:\WINDOWS\System32\GVTunner.ref
[2009/11/26 00:47:46 | 00,000,441 | ---- | M] () -- F:\WINDOWS\Brownie.ini
[2009/11/26 00:47:38 | 00,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- F:\WINDOWS\gdrv.sys
[2009/11/26 00:47:02 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2009/11/26 00:47:00 | 00,044,964 | ---- | M] () -- F:\WINDOWS\System32\ativvaxx.cap
[2009/11/26 00:47:00 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2009/11/26 00:46:56 | 34,880,75776 | -HS- | M] () -- F:\hiberfil.sys
[2009/11/26 00:41:18 | 03,145,728 | -H-- | M] () -- F:\Documents and Settings\Renee\NTUSER.DAT
[2009/11/26 00:40:56 | 00,000,178 | -HS- | M] () -- F:\Documents and Settings\Renee\ntuser.ini
[2009/11/26 00:20:08 | 00,000,466 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 00:16:22 | 00,000,402 | ---- | M] () -- F:\Documents and Settings\Renee\Desktop\ERUNT.lnk
[2009/11/25 01:28:22 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/25 01:28:18 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB951066$
[2009/11/25 01:28:14 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB954459$
[2009/11/25 01:28:08 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB951748$
[2009/11/25 01:27:54 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB971486$
[2009/11/25 01:27:50 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB960803$
[2009/11/25 01:27:46 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB973815$
[2009/11/25 01:27:38 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB958644$
[2009/11/25 01:27:34 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB955069$
[2009/11/25 01:27:30 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB956802$
[2009/11/25 01:27:18 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB923561$
[2009/11/25 01:27:14 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB971961$
[2009/11/25 00:11:04 | 00,002,393 | ---- | M] () -- F:\Documents and Settings\Renee\Desktop\Microsoft Office Word 2007.lnk
[2009/11/24 23:48:42 | 00,043,008 | ---- | M] () -- F:\Documents and Settings\Renee\MSD final draft.doc
[2009/11/24 20:17:22 | 00,000,162 | -H-- | M] () -- F:\Documents and Settings\Renee\~$D final draft.doc
[2009/11/24 12:46:12 | 00,002,399 | ---- | M] () -- F:\Documents and Settings\Renee\Desktop\Microsoft Office Outlook 2007.lnk
[2009/11/24 09:26:32 | 00,013,646 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2009/11/23 13:45:20 | 00,000,426 | ---- | M] () -- F:\WINDOWS\BRWMARK.INI
[2009/11/20 10:16:02 | 00,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 F:\WINDOWS\System32\drivers\*.tmp files -> F:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/26 00:20:07 | 00,000,466 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 00:16:20 | 00,000,402 | ---- | C] () -- F:\Documents and Settings\Renee\Desktop\ERUNT.lnk
[2009/11/25 01:28:20 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/25 01:28:16 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB951066$
[2009/11/25 01:28:12 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB954459$
[2009/11/25 01:28:06 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB951748$
[2009/11/25 01:27:53 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB971486$
[2009/11/25 01:27:49 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB960803$
[2009/11/25 01:27:45 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB973815$
[2009/11/25 01:27:36 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB958644$
[2009/11/25 01:27:32 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB955069$
[2009/11/25 01:27:28 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB956802$
[2009/11/25 01:27:17 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB923561$
[2009/11/25 01:27:12 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB971961$
[2009/11/24 20:17:21 | 00,000,162 | -H-- | C] () -- F:\Documents and Settings\Renee\~$D final draft.doc
[2009/11/23 13:59:01 | 00,043,008 | ---- | C] () -- F:\Documents and Settings\Renee\MSD final draft.doc
[2009/07/11 17:31:50 | 00,000,034 | ---- | C] () -- F:\WINDOWS\NPinfotl.INI
[2009/06/12 01:36:34 | 06,428,108 | -H-- | C] () -- F:\Documents and Settings\Renee\Local Settings\Application Data\IconCache.db
[2009/06/11 14:56:58 | 00,071,000 | ---- | C] () -- F:\Documents and Settings\Renee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/11 14:56:38 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\Renee\Application Data\desktop.ini
[2009/06/10 20:05:47 | 00,000,114 | ---- | C] () -- F:\WINDOWS\System32\brlmw03a.ini
[2009/06/10 20:05:46 | 00,009,853 | ---- | C] () -- F:\WINDOWS\HL-2170W.INI
[2009/06/10 19:24:32 | 00,000,146 | ---- | C] () -- F:\WINDOWS\BRVIDEO.INI
[2009/06/10 19:24:32 | 00,000,000 | ---- | C] () -- F:\WINDOWS\brmx2001.ini
[2009/06/10 19:23:34 | 00,000,426 | ---- | C] () -- F:\WINDOWS\BRWMARK.INI
[2009/06/10 19:22:31 | 00,000,441 | ---- | C] () -- F:\WINDOWS\Brownie.ini
[2009/04/15 17:06:40 | 00,000,069 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2009/04/12 22:52:46 | 00,278,984 | ---- | C] () -- F:\WINDOWS\System32\drivers\atksgt.sys
[2009/04/12 22:52:45 | 00,025,416 | ---- | C] () -- F:\WINDOWS\System32\drivers\lirsgt.sys
[2009/04/12 22:04:40 | 00,003,140 | -HS- | C] () -- F:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/12 22:04:40 | 00,000,008 | RHS- | C] () -- F:\WINDOWS\System32\EBC19265BB.sys
[2009/04/12 22:00:46 | 00,024,944 | ---- | C] () -- F:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/04/12 21:11:02 | 00,021,791 | ---- | C] () -- F:\WINDOWS\System32\smtpctrs.ini
[2009/04/12 21:11:02 | 00,001,037 | ---- | C] () -- F:\WINDOWS\System32\ntfsdrct.ini
[2009/04/12 21:10:44 | 00,038,576 | ---- | C] () -- F:\WINDOWS\System32\w3ctrs.ini
[2009/04/12 21:10:44 | 00,010,225 | ---- | C] () -- F:\WINDOWS\System32\axperf.ini
[2009/04/12 21:10:42 | 00,011,435 | ---- | C] () -- F:\WINDOWS\System32\infoctrs.ini
[2009/04/12 21:10:41 | 00,001,793 | ---- | C] () -- F:\WINDOWS\System32\fxsperf.ini
[2009/04/12 19:34:24 | 00,000,000 | ---- | C] () -- F:\WINDOWS\vpc32.INI
[2009/04/12 19:07:55 | 00,290,918 | ---- | C] () -- F:\WINDOWS\System32\Install7x.dll
[2009/04/12 18:11:29 | 00,354,816 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2009/04/12 17:27:49 | 00,000,000 | ---- | C] () -- F:\WINDOWS\control.ini
[2009/04/12 17:24:48 | 00,000,037 | ---- | C] () -- F:\WINDOWS\vbaddin.ini
[2009/04/12 17:24:48 | 00,000,036 | ---- | C] () -- F:\WINDOWS\vb.ini
[2009/04/12 17:24:17 | 00,013,223 | ---- | C] () -- F:\WINDOWS\System32\tslabels.ini
[2009/04/12 17:24:16 | 00,001,931 | ---- | C] () -- F:\WINDOWS\System32\msdtcprf.ini
[2009/04/12 05:15:36 | 00,612,736 | ---- | C] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/12 05:15:36 | 00,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2009/04/12 05:15:09 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/04/14 12:00:00 | 01,288,192 | ---- | C] () -- F:\WINDOWS\System32\quartz.dll
[2008/04/14 12:00:00 | 01,015,477 | ---- | C] () -- F:\WINDOWS\System32\esentprf.ini
[2008/04/14 12:00:00 | 00,733,696 | ---- | C] () -- F:\WINDOWS\System32\qedwipes.dll
[2008/04/14 12:00:00 | 00,562,176 | ---- | C] () -- F:\WINDOWS\System32\qedit.dll
[2008/04/14 12:00:00 | 00,498,742 | ---- | C] () -- F:\WINDOWS\System32\dxmasf.dll
[2008/04/14 12:00:00 | 00,386,048 | ---- | C] () -- F:\WINDOWS\System32\qdvd.dll
[2008/04/14 12:00:00 | 00,355,112 | ---- | C] () -- F:\WINDOWS\System32\msjetoledb40.dll
[2008/04/14 12:00:00 | 00,279,040 | ---- | C] () -- F:\WINDOWS\System32\qdv.dll
[2008/04/14 12:00:00 | 00,270,848 | ---- | C] () -- F:\WINDOWS\System32\sbe.dll
[2008/04/14 12:00:00 | 00,252,928 | ---- | C] () -- F:\WINDOWS\System32\compatUI.dll
[2008/04/14 12:00:00 | 00,199,168 | ---- | C] () -- F:\WINDOWS\System32\ir32_32.dll
[2008/04/14 12:00:00 | 00,192,512 | ---- | C] () -- F:\WINDOWS\System32\qcap.dll
[2008/04/14 12:00:00 | 00,186,880 | ---- | C] () -- F:\WINDOWS\System32\encdec.dll
[2008/04/14 12:00:00 | 00,094,282 | ---- | C] () -- F:\WINDOWS\System32\msencode.dll
[2008/04/14 12:00:00 | 00,070,656 | ---- | C] () -- F:\WINDOWS\System32\amstream.dll
[2008/04/14 12:00:00 | 00,059,904 | ---- | C] () -- F:\WINDOWS\System32\devenum.dll
[2008/04/14 12:00:00 | 00,053,478 | ---- | C] () -- F:\WINDOWS\System32\tcpmon.ini
[2008/04/14 12:00:00 | 00,042,809 | ---- | C] () -- F:\WINDOWS\System32\key01.sys
[2008/04/14 12:00:00 | 00,042,537 | ---- | C] () -- F:\WINDOWS\System32\keyboard.sys
[2008/04/14 12:00:00 | 00,035,648 | ---- | C] () -- F:\WINDOWS\System32\ntio411.sys
[2008/04/14 12:00:00 | 00,035,424 | ---- | C] () -- F:\WINDOWS\System32\ntio412.sys
[2008/04/14 12:00:00 | 00,035,328 | ---- | C] () -- F:\WINDOWS\System32\mciqtz32.dll
[2008/04/14 12:00:00 | 00,034,560 | ---- | C] () -- F:\WINDOWS\System32\ntio804.sys
[2008/04/14 12:00:00 | 00,034,560 | ---- | C] () -- F:\WINDOWS\System32\ntio404.sys
[2008/04/14 12:00:00 | 00,033,840 | ---- | C] () -- F:\WINDOWS\System32\ntio.sys
[2008/04/14 12:00:00 | 00,029,370 | ---- | C] () -- F:\WINDOWS\System32\ntdos411.sys
[2008/04/14 12:00:00 | 00,029,274 | ---- | C] () -- F:\WINDOWS\System32\ntdos412.sys
[2008/04/14 12:00:00 | 00,029,146 | ---- | C] () -- F:\WINDOWS\System32\ntdos804.sys
[2008/04/14 12:00:00 | 00,029,146 | ---- | C] () -- F:\WINDOWS\System32\ntdos404.sys
[2008/04/14 12:00:00 | 00,027,866 | ---- | C] () -- F:\WINDOWS\System32\ntdos.sys
[2008/04/14 12:00:00 | 00,027,097 | ---- | C] () -- F:\WINDOWS\System32\country.sys
[2008/04/14 12:00:00 | 00,015,360 | ---- | C] () -- F:\WINDOWS\System32\tsd32.dll
[2008/04/14 12:00:00 | 00,014,336 | ---- | C] () -- F:\WINDOWS\System32\msdmo.dll
[2008/04/14 12:00:00 | 00,013,312 | ---- | C] () -- F:\WINDOWS\System32\win87em.dll
[2008/04/14 12:00:00 | 00,012,082 | ---- | C] () -- F:\WINDOWS\System32\rsvp.ini
[2008/04/14 12:00:00 | 00,010,240 | ---- | C] () -- F:\WINDOWS\System32\scriptpw.dll
[2008/04/14 12:00:00 | 00,010,110 | ---- | C] () -- F:\WINDOWS\System32\mqperf.ini
[2008/04/14 12:00:00 | 00,009,029 | ---- | C] () -- F:\WINDOWS\System32\ansi.sys
[2008/04/14 12:00:00 | 00,006,877 | ---- | C] () -- F:\WINDOWS\System32\pschdprf.ini
[2008/04/14 12:00:00 | 00,004,768 | ---- | C] () -- F:\WINDOWS\System32\himem.sys
[2008/04/14 12:00:00 | 00,004,126 | ---- | C] () -- F:\WINDOWS\System32\msdxmlc.dll
[2008/04/14 12:00:00 | 00,003,458 | ---- | C] () -- F:\WINDOWS\System32\rasctrs.ini
[2008/04/14 12:00:00 | 00,002,891 | ---- | C] () -- F:\WINDOWS\System32\perfci.ini
[2008/04/14 12:00:00 | 00,002,732 | ---- | C] () -- F:\WINDOWS\System32\perfwci.ini
[2008/04/14 12:00:00 | 00,002,656 | ---- | C] () -- F:\WINDOWS\System32\netware.drv
[2008/04/14 12:00:00 | 00,001,405 | ---- | C] () -- F:\WINDOWS\msdfmap.ini
[2008/04/14 12:00:00 | 00,001,152 | ---- | C] () -- F:\WINDOWS\System32\perffilt.ini
[2008/04/14 12:00:00 | 00,000,552 | ---- | C] () -- F:\WINDOWS\win.ini
[2008/04/14 12:00:00 | 00,000,343 | ---- | C] () -- F:\WINDOWS\System32\prodspec.ini
[2008/04/14 12:00:00 | 00,000,231 | ---- | C] () -- F:\WINDOWS\system.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini
[2007/02/09 15:33:58 | 00,030,808 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2007/02/09 15:33:58 | 00,029,779 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2007/02/09 15:33:58 | 00,026,489 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2007/02/09 15:33:58 | 00,026,040 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2001/08/17 22:36:28 | 00,157,696 | ---- | C] () -- F:\WINDOWS\System32\paqsp.dll

========== LOP Check ==========

[2009/04/12 05:14:52 | 00,000,000 | --SD | M] -- F:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/12 18:01:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Nero
[2009/04/12 18:04:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Ahead
[2009/04/12 18:15:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ATI
[2009/04/12 19:25:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/12 19:31:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/12 19:35:54 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/12 21:19:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/12 21:25:24 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Corel
[2009/04/12 21:36:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Roxio
[2009/04/12 21:37:16 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Sonic
[2009/04/12 21:37:18 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Uninstall
[2009/04/12 22:22:48 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LightScribe
[2009/04/15 02:12:42 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/15 19:35:44 | 00,000,000 | --SD | M] -- F:\Documents and Settings\All Users\Application Data\WD
[2009/04/15 22:11:38 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Memeo
[2009/06/10 18:51:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Brother
[2009/06/11 00:20:38 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/05 13:49:46 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\NOS
[2009/10/27 00:44:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/10/29 00:44:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/07 16:10:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Apple
[2009/11/07 16:10:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/11/26 00:20:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/12 05:14:52 | 00,000,000 | --SD | M] -- F:\Documents and Settings\Renee\Application Data\Microsoft
[2009/06/11 14:56:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Identities
[2009/06/11 14:56:58 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\ATI
[2009/06/11 15:02:06 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Help
[2009/06/11 15:03:38 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Adobe
[2009/06/11 15:03:38 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\AdobeUM
[2009/06/11 15:04:06 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Macromedia
[2009/06/11 15:04:24 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/11 15:04:26 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\U3
[2009/06/11 15:12:22 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Mozilla
[2009/06/12 16:21:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\SecondLife
[2009/06/12 16:30:52 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Windows Desktop Search
[2009/06/28 16:35:16 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Windows Search
[2009/07/01 19:12:38 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Sun
[2009/07/10 18:37:16 | 00,000,000 | R--D | M] -- F:\Documents and Settings\Renee\Application Data\Brother
[2009/07/11 17:01:20 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Corel
[2009/07/20 16:02:46 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\webex
[2009/09/03 23:54:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\InstallShield
[2009/11/16 11:45:12 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\QuosaDDM
[2009/11/26 00:20:08 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Renee\Application Data\Malwarebytes
[2008/04/14 08:00:00 | 00,000,065 | RH-- | M] () -- F:\WINDOWS\Tasks\desktop.ini
[2009/11/26 00:47:02 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\Tasks\SA.DAT
[2009/11/20 10:16:02 | 00,000,284 | ---- | M] () -- F:\WINDOWS\Tasks\AppleSoftwareUpdate.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

[1 F:\WINDOWS\system32\drivers\*.tmp files -> F:\WINDOWS\system32\drivers\*.tmp -> ]

< MD5 for: ATAPI.SYS >
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll
< End of report >


OTL Extras logfile created on: 11/26/2009 12:50:30 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = L:\Fix the comp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
Drive D: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 12.68 Gb Total Space | 0.43 Gb Free Space | 3.39% Space Free | Partition Type: FAT32
Drive G: | 24.40 Gb Total Space | 20.78 Gb Free Space | 85.14% Space Free | Partition Type: FAT32
Drive H: | 195.77 Gb Total Space | 181.06 Gb Free Space | 92.49% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 24.41 Gb Total Space | 9.89 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive L: | 1.91 Gb Total Space | 0.50 Gb Free Space | 26.02% Space Free | Partition Type: FAT

Computer Name: SEAY-01
Current User Name: Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- F:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- G:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"F:\Program Files\Gigabyte\EasySaver\UpdExe.exe" = F:\Program Files\Gigabyte\EasySaver\UpdExe.exe:*:Enabled:Exe File -- (GIGABYTE)
"F:\Program Files\Gigabyte\EasySaver\GBTUpd.exe" = F:\Program Files\Gigabyte\EasySaver\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"F:\Program Files\Gigabyte\GBTUpd\GBTUpd.exe" = F:\Program Files\Gigabyte\GBTUpd\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"F:\Program Files\Gigabyte\GBTUpd\RunUpd.exe" = F:\Program Files\Gigabyte\GBTUpd\RunUpd.exe:*:Enabled:RunUpd -- (Gigabyte)
"H:\Neverwinter\nwn2main.exe" = H:\Neverwinter\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"H:\Neverwinter\nwn2main_amdxp.exe" = H:\Neverwinter\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"H:\Neverwinter\nwupdate.exe" = H:\Neverwinter\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"H:\Neverwinter\nwn2server.exe" = H:\Neverwinter\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"F:\Program Files\SecondLife\SLVoice.exe" = F:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found
"G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"G:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = G:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"F:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe" = F:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe:*:Enabled:BRAdmin Light -- (Brother Industries, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022C4B5F-4A59-48DD-08A6-6EC5832DBFFE}" = Catalyst Control Center Localization Chinese Standard
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1208.1
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1148CE6F-6956-6ED3-1DBF-0A0046427A3E}" = CCC Help Swedish
"{1350E13C-A031-6574-961B-367DE4721E86}" = Catalyst Control Center Graphics Light
"{14A776EF-3904-3C55-508F-BB093954391E}" = Catalyst Control Center Localization Dutch
"{19762EA5-8279-8FA8-5F16-7DEEF571E5D6}" = CCC Help Russian
"{1A90FD8B-8A64-8B83-D486-E507AEC997EF}" = Catalyst Control Center Graphics Full Existing
"{1D4C0096-98D0-5290-A5F7-AAA05121FA0A}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2E73FAB9-7713-D109-24DB-28339CB7A3CC}" = Catalyst Control Center Localization Norwegian
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30517D85-B2C9-5920-77B2-6034DDC90B7C}" = CCC Help Czech
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A6DE92-DE2E-9FBB-C919-B9CA5079116D}" = Catalyst Control Center Localization Turkish
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39C1585C-1004-5091-180A-5AFCA3D505C2}" = Catalyst Control Center Localization Thai
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{41269776-CF11-AADD-A1A9-6E1701877F88}" = CCC Help Norwegian
"{455B46A4-17C2-DDDA-F695-7F157E2C6160}" = Catalyst Control Center Localization Danish
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1212.1
"{4E10FFCA-5C09-6E8E-4DA4-B71FFC58C435}" = CCC Help Korean
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"{4E568350-98BF-A31B-4E90-B23428023916}" = Catalyst Control Center Localization Spanish
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5827D56B-9A4D-6858-95C9-28B2D46F56EB}" = CCC Help German
"{5954C9DD-80C5-27FB-67FA-1DF0B5E2565A}" = Catalyst Control Center Localization Portuguese
"{5B6844F3-8C27-C589-E519-9AAE0AC87407}" = CCC Help Dutch
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5DC1DF0D-8B08-30D9-5F5F-857ADC69201A}" = Catalyst Control Center Graphics Full New
"{5DDBDE45-EB70-DC65-6D06-6D25906E7797}" = CCC Help Japanese
"{5E075172-D826-3CFC-51F4-C9E6CF6D0690}" = CCC Help Spanish
"{618EB4D7-7D67-9126-7D63-CA39F93673DE}" = Catalyst Control Center Graphics Previews Common
"{67F5A666-181F-8AA1-0D4E-BAD64AD43B42}" = CCC Help Chinese Standard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FB4970-45D2-1EA4-F131-A95EB60FFDDF}" = CCC Help Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A053172-1F36-0307-4CA0-6AA9317EBCC1}" = CCC Help Turkish
"{6B6F61D0-BBD0-E91F-8639-6EF30206ABD2}" = Catalyst Control Center Localization Japanese
"{71389CB1-6B6D-6FC2-0B74-0357D1ADC41E}" = CCC Help Finnish
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D005A-96E3-3B70-836C-14C80A137862}" = CCC Help French
"{8124C5F0-D59A-DEFE-C3F7-02697D9BE53E}" = CCC Help Thai
"{82357963-7536-629A-F921-A3E72A5E124C}" = Catalyst Control Center Localization Korean
"{8625D3E5-2159-3FA4-3A74-AB306360E63E}" = Catalyst Control Center Localization Russian
"{888FAC3D-87CB-AB4C-EC2C-D17E0C4418E7}" = Catalyst Control Center Localization French
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89FF3A82-A88F-4035-9E95-6E03B7BA9D9B}" = Catalyst Control Center Localization Swedish
"{8E5EDE0A-6B13-A0E2-7F00-5C2660C9F771}" = Catalyst Control Center Localization Hungarian
"{8EE7E7B0-CEA9-E3FD-A63F-B27F49E9EC42}" = CCC Help Portuguese
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{9418FEE4-28B4-96FD-C398-42654B956376}" = Skins
"{94AF0F78-E983-BD4B-1A26-80F2FBD5487C}" = Catalyst Control Center Localization Czech
"{9749C770-90C4-EE5A-D3BB-287F53622104}" = Catalyst Control Center Core Implementation
"{9952EC25-5089-44FC-A0EA-628E6035E3F7}" = Brother HL-2170W
"{99FC30C1-60A7-205F-1A00-367506E756F2}" = Catalyst Control Center Localization Greek
"{9F36EDCC-81A8-5D37-9EB1-8BF6D96CAA23}" = Catalyst Control Center Localization Finnish
"{A0100CB5-E6CE-F516-59C1-28CF0195A875}" = ccc-core-preinstall
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A336E48B-A46E-81B5-936E-5A9A8D7FE3D8}" = CCC Help Hungarian
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4CCE9FD-4A40-5669-97B3-262672CD6C38}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.04
"{B325EFE1-1301-5BC4-8788-B1C7D3702ED1}" = CCC Help Polish
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C8430789-D948-0314-C36B-A7D78AB67013}" = ccc-core-static
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2FFEB2-AC62-8DE2-8806-7C263437F132}" = CCC Help English
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{D0F69BED-0B44-8D65-5834-6A74D8F83805}" = Catalyst Control Center Localization Chinese Traditional
"{DB0BA61A-8295-4211-85F7-184FC2591033}" = Nero 7 Essentials
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.17.0002
"{DD45D741-53D9-80CF-D097-31131DD9C0B0}" = CCC Help Chinese Traditional
"{DE5730BC-81FB-633F-039D-5D8C8F787EDF}" = Catalyst Control Center Localization German
"{E5FEB4A0-1480-F22B-9822-B56BA6172421}" = ccc-utility
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EFF1802C-C1F1-03EC-F3E0-51048DF0009F}" = Catalyst Control Center Localization Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2
"{F46606AF-1E39-4E95-9C64-5B156DF7068A}" = Roxio Buzz
"{F9C22FF2-639F-1016-7926-9A1B06CDD516}" = Catalyst Control Center Localization Polish
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FCD71234-2287-41D2-96AD-3D3C66D60FBC}" = MSI Wireless LAN Card
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1212.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Picasa 3" = Picasa 3
"Windows Media Format Runtime" = Windows Media Format Runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2009 3:24:19 PM | Computer Name = SEAY-01 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 7/11/2009 4:09:33 PM | Computer Name = SEAY-01 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/11/2009 8:24:10 PM | Computer Name = SEAY-01 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3439, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2009 4:54:05 PM | Computer Name = SEAY-01 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/22/2009 4:55:11 PM | Computer Name = SEAY-01 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: E:\BONUS Files\Windows
Port Scanner\PORTER.EXE by: Auto-Protect scan. Action: Clean failed : Quarantine
failed. Action Description: The file was left unchanged.

Error - 7/22/2009 4:55:11 PM | Computer Name = SEAY-01 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: E:\BONUS Files\Windows Port
Scanner\PORTER.EXE by: Auto-Protect scan. Action: Clean failed : Quarantine failed
: Access denied. Action Description: The file was left unchanged.

Error - 7/22/2009 4:55:11 PM | Computer Name = SEAY-01 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: e:\bonus files\windows port
scanner\PORTER.EXE by: Auto-Protect scan. Action: Clean failed : Quarantine failed.
Action Description: The file was left unchanged.

Error - 7/22/2009 4:55:12 PM | Computer Name = SEAY-01 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: E:\BONUS Files\Windows
Port Scanner\PORTER.EXE by: Auto-Protect scan. Action: Clean failed : Quarantine
failed : Access denied. Action Description: Risk was partially removed.

Error - 8/6/2009 12:18:38 AM | Computer Name = SEAY-01 | Source = MsiInstaller | ID = 11905
Description = Product: Ask Toolbar -- Error 1905.Module F:\Program Files\Ask.com\GenericAskToolbar.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 8/18/2009 11:52:48 PM | Computer Name = SEAY-01 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3498, faulting module
npswf32.dll, version 10.0.32.18, fault address 0x0004f2df.

[ System Events ]
Error - 11/19/2009 8:08:24 PM | Computer Name = SEAY-01 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/22/2009 8:12:26 PM | Computer Name = SEAY-01 | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 11/22/2009 8:12:57 PM | Computer Name = SEAY-01 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/22/2009 8:12:57 PM | Computer Name = SEAY-01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/22/2009 8:13:00 PM | Computer Name = SEAY-01 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/22/2009 8:13:00 PM | Computer Name = SEAY-01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/22/2009 8:13:00 PM | Computer Name = SEAY-01 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/22/2009 8:13:00 PM | Computer Name = SEAY-01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/22/2009 8:18:35 PM | Computer Name = SEAY-01 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 002421432ECA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/22/2009 8:19:13 PM | Computer Name = SEAY-01 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.3
with the system having network hardware address 00:1D:72:BA:42:DF. Network operations
on this system may be disrupted as a result.


< End of report >

[Advertisements]

Hello rseay267,

Welcome to Geekstogo.

Looking at that OTL log I see you only have 3.39% space free on your System Drive.

Under 15% is less than optimum and once you get down to around the levels your machine is at you are in danger of messing up your Master File Table and rendering your computer unusable. You should consider uninstalling any programs you no-longer use and removing old data to a back up disk or some such.

If we run our tools on your machine we are in danger of crashing it to the point where it won't boot up.

Please free up some space on your F drive. After that come back and we will proceed with getting rid of any malware.

[emeraldnzl]

Hello rseay267,

Welcome to Geekstogo.

Looking at that OTL log I see you only have 3.39% space free on your System Drive.

Under 15% is less than optimum and once you get down to around the levels your machine is at you are in danger of messing up your Master File Table and rendering your computer unusable. You should consider uninstalling any programs you no-longer use and removing old data to a back up disk or some such.

If we run our tools on your machine we are in danger of crashing it to the point where it won't boot up.

Please free up some space on your F drive. After that come back and we will proceed with getting rid of any malware.

[rseay267]

Thank you for your response! I did as you asked and deleted several of the bigger programs off the F: drive. It is a computer my husband built and that drive is set up as the main one with the Windows operating system on it, so I don't think I can delete much more. The drive is 12GB and I now have 1.01GB free. Do you think that will be enough? If not, I will do some discussion with my husband and see what else can be removed.

Let me know! I look forward to working with you! Oh, one other question, could this trojan mess up my router so that other wireless computers would not be able to access it. I also have a netbook and have never had a problem with accessing the internet through the router (I have a WPA2 key on it), but now I cannot access the the router at home, thought when I am other places, I can.

Again, thank you for your willingness to work with me!
Renee

[emeraldnzl]

Hello rseay267,

could this trojan mess up my router so that other wireless computers would not be able to access it

Don't think so but you never know with malware until your done.

Now

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll File not found
  O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll File not found
  O4 - HKLM..\Run: [GEST] File not found
  O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell - "" = AutoRun
  O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
  
  :Commands
  [purity]
  [emptytemp]
  [resethosts]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

After that

• Close all windows and open OTL again.
• Click Run Scan and let the program run uninterrupted
• It will produce a log for you. Post the log here.

So when you return please post

• OTL fix log
• OTL scan log - OTL.txt

[rseay267]

Ok, I have run the OTL as you have requested. Below are the two logs.

Renee


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5554885e-2984-11de-ac9d-002421432eca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5554885e-2984-11de-ac9d-002421432eca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5554885e-2984-11de-ac9d-002421432eca}\ not found.
File move failed. D:\LaunchU3.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Administrator
->Temp folder emptied: 590524 bytes
->Temporary Internet Files folder emptied: 34194 bytes
->FireFox cache emptied: 3234828 bytes

User: Renee
->Temp folder emptied: 5532442 bytes
->Temporary Internet Files folder emptied: 1110896 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3604114 bytes

User: JW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes


OTL logfile created on: 12/7/2009 9:09:27 AM - Run 2
OTL by OldTimer - Version 3.1.10.1 Folder = L:\Fix the comp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
Drive D: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 12.68 Gb Total Space | 1.01 Gb Free Space | 7.98% Space Free | Partition Type: FAT32
Drive G: | 24.40 Gb Total Space | 20.75 Gb Free Space | 85.02% Space Free | Partition Type: FAT32
Drive H: | 195.77 Gb Total Space | 181.06 Gb Free Space | 92.49% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 24.41 Gb Total Space | 9.89 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive L: | 1.91 Gb Total Space | 0.67 Gb Free Space | 35.09% Space Free | Partition Type: FAT

Computer Name: SEAY-01
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/25 23:56:26 | 00,531,456 | ---- | M] (OldTimer Tools) -- L:\Fix the comp\OTL.exe
PRC - [2009/07/27 19:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/01 19:13:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/01 19:13:40 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/09 16:09:30 | 00,068,136 | ---- | M] () -- F:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/10/27 10:27:18 | 00,317,992 | ---- | M] (Gigabyte) -- F:\Program Files\Gigabyte\GBTUpd\RunUpd.exe
PRC - [2008/09/18 09:14:10 | 00,880,640 | ---- | M] (brother) -- F:\Program Files\Brownie\BrStsWnd.exe
PRC - [2008/08/26 01:51:18 | 16,851,456 | R--- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\RTHDCPL.EXE
PRC - [2008/08/20 22:05:56 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/08/20 22:05:56 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/06/09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- F:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 10:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/14 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/03/25 17:21:56 | 00,219,656 | ---- | M] () -- F:\Program Files\Gigabyte\ET6\GUI.exe
PRC - [2008/02/08 11:10:00 | 00,394,856 | R--- | M] (WinZip Computing, S.L.) -- F:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/01/30 04:52:22 | 00,106,496 | ---- | M] (WDC) -- F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/01/30 04:50:26 | 00,438,272 | ---- | M] (WDC) -- F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/01/11 12:54:44 | 00,090,112 | ---- | M] (brother) -- F:\Program Files\Brownie\brpjp04a.exe
PRC - [2007/08/02 14:20:16 | 01,100,824 | ---- | M] (Memeo Inc.) -- F:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
PRC - [2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007/06/27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 08:47:24 | 01,629,480 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 08:47:12 | 01,552,680 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 08:47:02 | 01,057,064 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- F:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006/10/24 19:33:00 | 00,125,120 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/10/24 19:32:50 | 01,813,184 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/10/24 19:32:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/15 15:04:20 | 00,425,984 | ---- | M] (MSI Technology, Corp.) -- F:\Program Files\MSI\Common\RaUI.exe
PRC - [2005/02/17 07:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wdfmgr.exe


========== Modules (SafeList) ==========

MOD - [2009/11/25 23:56:26 | 00,531,456 | ---- | M] (OldTimer Tools) -- L:\Fix the comp\OTL.exe
MOD - [2008/04/14 12:00:00 | 01,054,208 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 08:00:00 | 00,185,344 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NeroRegInCDSrv)
SRV - [2009/07/01 19:13:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/09 16:09:30 | 00,068,136 | ---- | M] () -- F:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/20 15:18:52 | 00,136,120 | ---- | M] (Google) -- F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/08/20 22:05:56 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/08/20 21:05:00 | 00,593,920 | ---- | M] () -- F:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/06/09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- F:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/04/14 08:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/30 04:52:22 | 00,106,496 | ---- | M] (WDC) -- F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/06/25 08:47:12 | 01,552,680 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- F:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/10/24 19:32:54 | 00,116,416 | ---- | M] (symantec) -- F:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/10/24 19:32:50 | 01,813,184 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/10/24 19:32:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 12:00:40 | 02,528,960 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)


========== Driver Services (SafeList) ==========

DRV - [2009/12/07 09:05:04 | 00,024,944 | ---- | M] () -- F:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2009/12/07 09:04:50 | 00,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- F:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/11/12 10:11:40 | 00,027,192 | ---- | M] (Resplendence Software Projects Sp.) -- F:\WINDOWS\system32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2009/09/06 23:09:38 | 00,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- F:\WINDOWS\etdrv.sys -- (etdrv)
DRV - [2009/08/29 13:09:38 | 00,102,448 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/27 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20091124.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/27 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20091124.017\NAVENG.SYS -- (NAVENG)
DRV - [2009/04/12 23:24:04 | 00,007,168 | ---- | M] () -- F:\Program Files\Gigabyte\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2009/04/12 22:52:48 | 00,278,984 | ---- | M] () -- F:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/04/12 22:52:46 | 00,025,416 | ---- | M] () -- F:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/04/12 18:46:38 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- F:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/11/20 15:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/27 05:22:24 | 04,754,432 | R--- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/25 23:28:10 | 03,684,352 | ---- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/08/21 00:52:40 | 03,299,840 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/07 07:14:56 | 00,111,360 | R--- | M] (Realtek Semiconductor Corporation ) -- F:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/02 15:38:14 | 00,089,600 | R--- | M] (ATI Research Inc.) -- F:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/05/26 09:42:06 | 00,017,408 | R--- | M] (Realtek Semiconductor Corporation ) -- F:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2008/05/13 12:58:50 | 00,035,840 | R--- | M] (Windows ® Codename Longhorn DDK provider) -- F:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2008/04/27 22:09:02 | 00,028,416 | R--- | M] (Realtek Semiconductor Corporation) -- F:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2008/04/14 12:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- F:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 12:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- F:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- F:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007/06/25 08:47:12 | 00,038,440 | ---- | M] (Nero AG) -- F:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 00,036,776 | ---- | M] (Nero AG) -- F:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 00,119,080 | ---- | M] (Nero AG) -- F:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/16 16:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- F:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/09/18 17:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/19 22:10:50 | 00,363,008 | ---- | M] (Ralink Technology Inc.) -- F:\WINDOWS\system32\drivers\rt61.sys -- (RT61)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - F:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: F:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/01 19:13:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2009/06/11 15:11:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2009/06/11 15:11:58 | 00,000,000 | ---D | M]

[2009/07/21 21:46:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/07/21 21:46:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/21 21:46:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o4y37vf0.default\extensions

O1 HOSTS File: (98 bytes) - F:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrStsWnd] F:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EasyTuneVI] F:\Program Files\Gigabyte\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GBTUpd] F:\Program Files\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O4 - HKLM..\Run: [GrooveMonitor] G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] F:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISUSPM Startup] F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] G:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] F:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SecurDisc] F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] F:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WD Drive Manager] F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [LightScribe Control Panel] F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSI Wireless Utility.lnk = F:\Program Files\MSI\Common\RaUI.exe (MSI Technology, Corp.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = F:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk = F:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - F:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - F:\WINDOWS\system32\NavLogon.dll - F:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 00,000,309 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - J:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell - "" = AutoRun
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O33 - MountPoints2\{b394f864-562e-11de-acb0-002421432eca}\Shell - "" = AutoRun
O33 - MountPoints2\{b394f864-562e-11de-acb0-002421432eca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b394f864-562e-11de-acb0-002421432eca}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/06 21:05:29 | 00,000,000 | -HSD | C] -- F:\Config.Msi
[2009/11/26 22:11:18 | 00,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- F:\WINDOWS\System32\drivers\rspSanity32.sys
[2009/11/26 00:20:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/26 00:20:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2009/11/26 00:20:03 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/24 18:37:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xpsp4res.dll
[2009/11/07 16:10:31 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/11/07 16:10:12 | 00,000,000 | ---D | C] -- F:\Program Files\Common Files\Apple
[2009/11/07 16:10:02 | 00,000,000 | ---D | C] -- F:\Program Files\Apple Software Update
[2009/11/07 16:10:02 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Apple
[2007/08/02 14:20:28 | 00,220,184 | ---- | C] ( ) -- F:\Documents and Settings\Administrator\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2005/12/13 17:12:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- F:\Documents and Settings\Administrator\Local Settings\Application Data\stdole.dll
[1 F:\WINDOWS\System32\drivers\*.tmp files -> F:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/07 09:08:40 | 00,612,736 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/07 09:08:40 | 00,507,192 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2009/12/07 09:08:40 | 00,093,160 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2009/12/07 09:05:46 | 00,002,393 | ---- | M] () -- F:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2009/12/07 09:05:04 | 00,024,944 | ---- | M] () -- F:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/12/07 09:05:04 | 00,002,483 | ---- | M] () -- F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
[2009/12/07 09:05:04 | 00,000,004 | ---- | M] () -- F:\WINDOWS\System32\GVTunner.ref
[2009/12/07 09:05:00 | 00,000,481 | ---- | M] () -- F:\WINDOWS\Brownie.ini
[2009/12/07 09:04:50 | 00,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- F:\WINDOWS\gdrv.sys
[2009/12/07 09:04:18 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2009/12/07 09:04:16 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2009/12/07 09:04:14 | 00,044,964 | ---- | M] () -- F:\WINDOWS\System32\ativvaxx.cap
[2009/12/07 09:04:12 | 34,880,75776 | -HS- | M] () -- F:\hiberfil.sys
[2009/12/07 09:01:22 | 02,097,152 | -H-- | M] () -- F:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/07 09:01:22 | 00,000,178 | -HS- | M] () -- F:\Documents and Settings\Administrator\ntuser.ini
[2009/12/06 20:54:32 | 00,001,379 | ---- | M] () -- F:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2009/12/06 20:54:30 | 00,071,000 | ---- | M] () -- F:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/06 20:53:28 | 00,013,646 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2009/11/27 10:16:02 | 00,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/26 00:20:08 | 00,000,466 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 01:28:22 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/25 01:28:18 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB951066$
[2009/11/25 01:28:14 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB954459$
[2009/11/25 01:28:08 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB951748$
[2009/11/25 01:27:54 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB971486$
[2009/11/25 01:27:50 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB960803$
[2009/11/25 01:27:46 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB973815$
[2009/11/25 01:27:38 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB958644$
[2009/11/25 01:27:34 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB955069$
[2009/11/25 01:27:30 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB956802$
[2009/11/25 01:27:18 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB923561$
[2009/11/25 01:27:14 | 00,008,192 | -H-- | M] () -- F:\WINDOWS\$NtUninstallKB971961$
[2009/11/23 13:45:20 | 00,000,426 | ---- | M] () -- F:\WINDOWS\BRWMARK.INI
[2009/11/12 10:11:40 | 00,027,192 | ---- | M] (Resplendence Software Projects Sp.) -- F:\WINDOWS\System32\drivers\rspSanity32.sys
[2009/11/07 16:10:44 | 00,001,386 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[1 F:\WINDOWS\System32\drivers\*.tmp files -> F:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/07 09:05:27 | 00,002,393 | ---- | C] () -- F:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2009/11/26 00:20:07 | 00,000,466 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 01:28:20 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/25 01:28:16 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB951066$
[2009/11/25 01:28:12 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB954459$
[2009/11/25 01:28:06 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB951748$
[2009/11/25 01:27:53 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB971486$
[2009/11/25 01:27:49 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB960803$
[2009/11/25 01:27:45 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB973815$
[2009/11/25 01:27:36 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB958644$
[2009/11/25 01:27:32 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB955069$
[2009/11/25 01:27:28 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB956802$
[2009/11/25 01:27:17 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB923561$
[2009/11/25 01:27:12 | 00,008,192 | -H-- | C] () -- F:\WINDOWS\$NtUninstallKB971961$
[2009/11/07 16:10:43 | 00,001,386 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/07 16:10:04 | 00,000,284 | ---- | C] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/11 17:31:50 | 00,000,034 | ---- | C] () -- F:\WINDOWS\NPinfotl.INI
[2009/06/10 20:05:47 | 00,000,114 | ---- | C] () -- F:\WINDOWS\System32\brlmw03a.ini
[2009/06/10 20:05:46 | 00,009,853 | ---- | C] () -- F:\WINDOWS\HL-2170W.INI
[2009/06/10 19:24:32 | 00,000,146 | ---- | C] () -- F:\WINDOWS\BRVIDEO.INI
[2009/06/10 19:24:32 | 00,000,000 | ---- | C] () -- F:\WINDOWS\brmx2001.ini
[2009/06/10 19:23:34 | 00,000,426 | ---- | C] () -- F:\WINDOWS\BRWMARK.INI
[2009/06/10 19:22:31 | 00,000,481 | ---- | C] () -- F:\WINDOWS\Brownie.ini
[2009/04/15 17:06:40 | 00,000,069 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2009/04/12 22:52:46 | 00,278,984 | ---- | C] () -- F:\WINDOWS\System32\drivers\atksgt.sys
[2009/04/12 22:52:45 | 00,025,416 | ---- | C] () -- F:\WINDOWS\System32\drivers\lirsgt.sys
[2009/04/12 22:04:40 | 00,003,140 | -HS- | C] () -- F:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/12 22:04:40 | 00,000,008 | RHS- | C] () -- F:\WINDOWS\System32\EBC19265BB.sys
[2009/04/12 22:00:46 | 00,024,944 | ---- | C] () -- F:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/04/12 21:11:02 | 00,021,791 | ---- | C] () -- F:\WINDOWS\System32\smtpctrs.ini
[2009/04/12 21:11:02 | 00,001,037 | ---- | C] () -- F:\WINDOWS\System32\ntfsdrct.ini
[2009/04/12 21:10:44 | 00,038,576 | ---- | C] () -- F:\WINDOWS\System32\w3ctrs.ini
[2009/04/12 21:10:44 | 00,010,225 | ---- | C] () -- F:\WINDOWS\System32\axperf.ini
[2009/04/12 21:10:42 | 00,011,435 | ---- | C] () -- F:\WINDOWS\System32\infoctrs.ini
[2009/04/12 21:10:41 | 00,001,793 | ---- | C] () -- F:\WINDOWS\System32\fxsperf.ini
[2009/04/12 19:34:24 | 00,000,000 | ---- | C] () -- F:\WINDOWS\vpc32.INI
[2009/04/12 19:07:55 | 00,290,918 | ---- | C] () -- F:\WINDOWS\System32\Install7x.dll
[2009/04/12 18:15:34 | 00,071,000 | ---- | C] () -- F:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/12 18:14:21 | 05,363,918 | -H-- | C] () -- F:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/04/12 18:11:29 | 00,354,816 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2009/04/12 17:57:25 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/04/12 17:27:49 | 00,000,000 | ---- | C] () -- F:\WINDOWS\control.ini
[2009/04/12 17:24:48 | 00,000,037 | ---- | C] () -- F:\WINDOWS\vbaddin.ini
[2009/04/12 17:24:48 | 00,000,036 | ---- | C] () -- F:\WINDOWS\vb.ini
[2009/04/12 17:24:17 | 00,013,223 | ---- | C] () -- F:\WINDOWS\System32\tslabels.ini
[2009/04/12 17:24:16 | 00,001,931 | ---- | C] () -- F:\WINDOWS\System32\msdtcprf.ini
[2009/04/12 05:15:36 | 00,612,736 | ---- | C] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/12 05:15:36 | 00,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2009/04/12 05:15:09 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/04/14 12:00:00 | 01,288,192 | ---- | C] () -- F:\WINDOWS\System32\quartz.dll
[2008/04/14 12:00:00 | 01,015,477 | ---- | C] () -- F:\WINDOWS\System32\esentprf.ini
[2008/04/14 12:00:00 | 00,733,696 | ---- | C] () -- F:\WINDOWS\System32\qedwipes.dll
[2008/04/14 12:00:00 | 00,562,176 | ---- | C] () -- F:\WINDOWS\System32\qedit.dll
[2008/04/14 12:00:00 | 00,498,742 | ---- | C] () -- F:\WINDOWS\System32\dxmasf.dll
[2008/04/14 12:00:00 | 00,386,048 | ---- | C] () -- F:\WINDOWS\System32\qdvd.dll
[2008/04/14 12:00:00 | 00,355,112 | ---- | C] () -- F:\WINDOWS\System32\msjetoledb40.dll
[2008/04/14 12:00:00 | 00,279,040 | ---- | C] () -- F:\WINDOWS\System32\qdv.dll
[2008/04/14 12:00:00 | 00,270,848 | ---- | C] () -- F:\WINDOWS\System32\sbe.dll
[2008/04/14 12:00:00 | 00,252,928 | ---- | C] () -- F:\WINDOWS\System32\compatUI.dll
[2008/04/14 12:00:00 | 00,199,168 | ---- | C] () -- F:\WINDOWS\System32\ir32_32.dll
[2008/04/14 12:00:00 | 00,192,512 | ---- | C] () -- F:\WINDOWS\System32\qcap.dll
[2008/04/14 12:00:00 | 00,186,880 | ---- | C] () -- F:\WINDOWS\System32\encdec.dll
[2008/04/14 12:00:00 | 00,094,282 | ---- | C] () -- F:\WINDOWS\System32\msencode.dll
[2008/04/14 12:00:00 | 00,070,656 | ---- | C] () -- F:\WINDOWS\System32\amstream.dll
[2008/04/14 12:00:00 | 00,059,904 | ---- | C] () -- F:\WINDOWS\System32\devenum.dll
[2008/04/14 12:00:00 | 00,053,478 | ---- | C] () -- F:\WINDOWS\System32\tcpmon.ini
[2008/04/14 12:00:00 | 00,042,809 | ---- | C] () -- F:\WINDOWS\System32\key01.sys
[2008/04/14 12:00:00 | 00,042,537 | ---- | C] () -- F:\WINDOWS\System32\keyboard.sys
[2008/04/14 12:00:00 | 00,035,648 | ---- | C] () -- F:\WINDOWS\System32\ntio411.sys
[2008/04/14 12:00:00 | 00,035,424 | ---- | C] () -- F:\WINDOWS\System32\ntio412.sys
[2008/04/14 12:00:00 | 00,035,328 | ---- | C] () -- F:\WINDOWS\System32\mciqtz32.dll
[2008/04/14 12:00:00 | 00,034,560 | ---- | C] () -- F:\WINDOWS\System32\ntio804.sys
[2008/04/14 12:00:00 | 00,034,560 | ---- | C] () -- F:\WINDOWS\System32\ntio404.sys
[2008/04/14 12:00:00 | 00,033,840 | ---- | C] () -- F:\WINDOWS\System32\ntio.sys
[2008/04/14 12:00:00 | 00,029,370 | ---- | C] () -- F:\WINDOWS\System32\ntdos411.sys
[2008/04/14 12:00:00 | 00,029,274 | ---- | C] () -- F:\WINDOWS\System32\ntdos412.sys
[2008/04/14 12:00:00 | 00,029,146 | ---- | C] () -- F:\WINDOWS\System32\ntdos804.sys
[2008/04/14 12:00:00 | 00,029,146 | ---- | C] () -- F:\WINDOWS\System32\ntdos404.sys
[2008/04/14 12:00:00 | 00,027,866 | ---- | C] () -- F:\WINDOWS\System32\ntdos.sys
[2008/04/14 12:00:00 | 00,027,097 | ---- | C] () -- F:\WINDOWS\System32\country.sys
[2008/04/14 12:00:00 | 00,015,360 | ---- | C] () -- F:\WINDOWS\System32\tsd32.dll
[2008/04/14 12:00:00 | 00,014,336 | ---- | C] () -- F:\WINDOWS\System32\msdmo.dll
[2008/04/14 12:00:00 | 00,013,312 | ---- | C] () -- F:\WINDOWS\System32\win87em.dll
[2008/04/14 12:00:00 | 00,012,082 | ---- | C] () -- F:\WINDOWS\System32\rsvp.ini
[2008/04/14 12:00:00 | 00,010,240 | ---- | C] () -- F:\WINDOWS\System32\scriptpw.dll
[2008/04/14 12:00:00 | 00,010,110 | ---- | C] () -- F:\WINDOWS\System32\mqperf.ini
[2008/04/14 12:00:00 | 00,009,029 | ---- | C] () -- F:\WINDOWS\System32\ansi.sys
[2008/04/14 12:00:00 | 00,006,877 | ---- | C] () -- F:\WINDOWS\System32\pschdprf.ini
[2008/04/14 12:00:00 | 00,004,768 | ---- | C] () -- F:\WINDOWS\System32\himem.sys
[2008/04/14 12:00:00 | 00,004,126 | ---- | C] () -- F:\WINDOWS\System32\msdxmlc.dll
[2008/04/14 12:00:00 | 00,003,458 | ---- | C] () -- F:\WINDOWS\System32\rasctrs.ini
[2008/04/14 12:00:00 | 00,002,891 | ---- | C] () -- F:\WINDOWS\System32\perfci.ini
[2008/04/14 12:00:00 | 00,002,732 | ---- | C] () -- F:\WINDOWS\System32\perfwci.ini
[2008/04/14 12:00:00 | 00,002,656 | ---- | C] () -- F:\WINDOWS\System32\netware.drv
[2008/04/14 12:00:00 | 00,001,405 | ---- | C] () -- F:\WINDOWS\msdfmap.ini
[2008/04/14 12:00:00 | 00,001,152 | ---- | C] () -- F:\WINDOWS\System32\perffilt.ini
[2008/04/14 12:00:00 | 00,000,552 | ---- | C] () -- F:\WINDOWS\win.ini
[2008/04/14 12:00:00 | 00,000,343 | ---- | C] () -- F:\WINDOWS\System32\prodspec.ini
[2008/04/14 12:00:00 | 00,000,231 | ---- | C] () -- F:\WINDOWS\system.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini
[2007/02/09 15:33:58 | 00,030,808 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2007/02/09 15:33:58 | 00,029,779 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2007/02/09 15:33:58 | 00,026,489 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2007/02/09 15:33:58 | 00,026,040 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2001/08/17 22:36:28 | 00,157,696 | ---- | C] () -- F:\WINDOWS\System32\paqsp.dll
< End of report >

[emeraldnzl]

Hello rseay267,

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[rseay267]

Combo-Fix is asking that I connect to the internet. As I mentioned before, I am unable to do this. Do you think this could remedied if I reload the router software? Or what do you think I should do?

Renee

[emeraldnzl]

Hello rseay267,

I should have thought of that. ComboFix will try to connect to check for updates and to install the Recovery Console.

Using a different computer download the Recovery Console file and then follow the instructions to save it next ComboFix.exe on the infected machine.

After that run ComboFix. If it asks to connect to the Internet just continue.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt for further review.

[rseay267]

Here is the ComboFix log. Should my computer be working now? It still is not accessing the internet, well the wireless network. Actually, let me rephrase that... it accesses our network but it keeps going in and out (connected then not connected). But, I may be jumping the gun... Here is the log:

ComboFix 09-12-06.A3 - Administrator 12/07/2009 22:11.1.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2609 [GMT -5:00]
Running from: f:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll
f:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-07 17:28 . 2009-12-07 17:28 -------- d-----w- f:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-07 17:26 . 2009-12-07 17:26 -------- d-----w- F:\FOUND.000
2009-11-27 03:11 . 2009-11-12 15:11 27192 ----a-w- f:\windows\system32\drivers\rspSanity32.sys
2009-11-26 05:20 . 2009-11-26 05:20 -------- d-----w- f:\documents and settings\Renee\Application Data\Malwarebytes
2009-11-26 05:20 . 2009-09-10 19:54 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-11-26 05:20 . 2009-11-26 05:20 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-26 05:20 . 2009-09-10 19:53 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-11-24 23:37 . 2008-05-03 11:55 2560 ------w- f:\windows\system32\xpsp4res.dll
2009-11-20 15:16 . 2009-11-20 15:16 -------- d-----w- f:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-11-16 16:45 . 2009-11-16 16:45 -------- d-----w- f:\documents and settings\Renee\Application Data\QuosaDDM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 03:08 . 2009-04-13 03:00 24944 ----a-w- f:\windows\system32\drivers\GVTDrv.sys
2009-12-08 03:08 . 2009-04-13 01:29 17488 ----a-w- f:\windows\gdrv.sys
2009-12-07 01:54 . 2009-04-12 23:15 71000 ----a-w- f:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 21:10 . 2009-11-07 21:10 -------- d-----w- f:\documents and settings\All Users\Application Data\Apple Computer
2009-11-07 21:10 . 2009-11-07 21:10 -------- d-----w- f:\program files\Common Files\Apple
2009-11-07 21:10 . 2009-11-07 21:10 -------- d-----w- f:\program files\Apple Software Update
2009-11-07 21:10 . 2009-11-07 21:10 -------- d-----w- f:\documents and settings\All Users\Application Data\Apple
2009-10-29 05:44 . 2009-10-29 05:44 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee
2009-10-27 05:44 . 2009-10-27 05:44 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-27 05:44 . 2009-10-27 05:44 -------- d-----w- f:\program files\McAfee Security Scan
2009-10-27 05:44 . 2009-10-27 05:43 1925024 ----a-w- f:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-09-11 14:18 . 2008-04-14 17:00 136192 ----a-w- f:\windows\system32\MSV1_0.DLL
2009-07-22 21:56 . 2009-04-13 03:04 3140 --sha-w- f:\windows\system32\KGyGaAvL.sys
2009-04-13 03:04 . 2009-04-13 03:04 8 --sh--r- f:\windows\system32\EBC19265BB.sys
.

------- Sigcheck -------

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\windows\system32\MSWSOCK.DLL
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . f:\windows\system32\dllcache\mswsock.dll

[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . f:\windows\system32\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . f:\windows\system32\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="f:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="f:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"SecurDisc"="f:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="f:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"ccApp"="f:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="f:\progra~1\SYMANT~1\VPTray.exe" [2006-10-25 125120]
"EasyTuneVI"="f:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"ISUSPM Startup"="f:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="f:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBTUpd"="f:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"WD Drive Manager"="f:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]
"BrStsWnd"="f:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
"GrooveMonitor"="g:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="g:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

f:\documents and settings\Renee\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - g:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

f:\documents and settings\Administrator\Start Menu\Programs\Startup\
WD Anywhere Backup Launcher.lnk - f:\documents and settings\Administrator\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2009-4-15 17542]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
MSI Wireless Utility.lnk - f:\program files\MSI\Common\RaUI.exe [2009-4-12 425984]
WinZip Quick Pick.lnk - f:\program files\WinZip\WZQKPICK.EXE [2008-2-8 394856]
Windows Search.lnk - f:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
McAfee Security Scan.lnk - f:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Gigabyte\\EasySaver\\UpdExe.exe"=
"f:\\Program Files\\Gigabyte\\EasySaver\\GBTUpd.exe"=
"f:\\Program Files\\Gigabyte\\GBTUpd\\GBTUpd.exe"=
"f:\\Program Files\\Gigabyte\\GBTUpd\\RunUpd.exe"=
"h:\\Neverwinter\\nwn2main.exe"=
"h:\\Neverwinter\\nwn2main_amdxp.exe"=
"h:\\Neverwinter\\nwupdate.exe"=
"h:\\Neverwinter\\nwn2server.exe"=
"g:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"g:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"g:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=

R2 ES lite Service;ES lite Service for program management.;f:\program files\Gigabyte\EasySaver\essvr.exe [4/12/2009 8:32 PM 68136]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;f:\windows\system32\drivers\RtNdPt5x.sys [4/12/2009 9:21 PM 35840]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;f:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
R3 AODDriver;AODDriver;f:\program files\Gigabyte\ET6\i386\AODDriver.sys [4/12/2009 11:24 PM 7168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;f:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/12/2009 8:45 PM 102448]
S0 rseb;rseb; [x]
S2 NeroRegInCDSrv;Nero Registry InCD Service;f:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> f:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 etdrv;etdrv;f:\windows\etdrv.sys [9/6/2009 11:09 PM 17488]
S3 rspSanity;rspSanity;f:\windows\system32\drivers\rspSanity32.sys [11/26/2009 10:11 PM 27192]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;f:\windows\system32\drivers\RTLTEAMING.SYS [4/12/2009 9:22 PM 28416]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;f:\windows\system32\drivers\RTLVLAN.SYS [4/12/2009 9:22 PM 17408]
S3 SavRoam;SAVRoam;f:\program files\Symantec AntiVirus\SavRoam.exe [10/24/2006 7:32 PM 116416]
SUnknown GVTDrv;GVTDrv; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- f:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o4y37vf0.default\
FF - plugin: g:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 22:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
f:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-07 22:16
ComboFix-quarantined-files.txt 2009-12-08 03:16

Pre-Run: 989,478,912 bytes free
Post-Run: 951,361,536 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

- - End Of File - - 9A745E1BCEB4276BDF965571554E832F

[emeraldnzl]

Hello rseay267,

But, I may be jumping the gun... Here is the log:

Yes I'm afraid we have to do some more work yet before your machine is properly fixed.

There are a number of corrupted/patched(infected) system files there.

We can fix one of them that might or might not help us with the Internet Connection.

The others don't have good copies showing up immediately in ComboFix but we will see if we can find some with a further look.

By the way do you have your Windows Installation Disk?

Tell me when you return after the next action.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
f:\windows\system32\dllcache\mswsock.dll | f:\windows\system32\MSWSOCK.DLL

MIA::
f:\windows\system32\ntoskrnl.exe
f:\windows\system32\ntkrnlpa.exe

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

[rseay267]

Hello emeraldnzl,

Well, I'm glad to know the computer is not supposed to be perfect yet!! As for Windows, yes, we do have the Installation Disk. My husband also backed up they system after he had everything loaded. I don't know if that will help anything in this process though.


Here is the second ComboFix log completed per your direction:

ComboFix 09-12-06.A3 - Administrator 12/08/2009 0:28.2.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2609 [GMT -5:00]
Running from: f:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

f:\windows\system32\dllcache\mswsock.dll --> f:\windows\system32\MSWSOCK.DLL
.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-07 17:28 . 2009-12-07 17:28 -------- d-----w- f:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-07 17:26 . 2009-12-07 17:26 -------- d-----w- F:\FOUND.000
2009-11-27 03:11 . 2009-11-12 15:11 27192 ----a-w- f:\windows\system32\drivers\rspSanity32.sys
2009-11-26 05:20 . 2009-11-26 05:20 -------- d-----w- f:\documents and settings\Renee\Application Data\Malwarebytes
2009-11-26 05:20 . 2009-09-10 19:54 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-11-26 05:20 . 2009-11-26 05:20 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-26 05:20 . 2009-09-10 19:53 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-11-24 23:37 . 2008-05-03 11:55 2560 ------w- f:\windows\system32\xpsp4res.dll
2009-11-20 15:16 . 2009-11-20 15:16 -------- d-----w- f:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-11-16 16:45 . 2009-11-16 16:45 -------- d-----w- f:\documents and settings\Renee\Application Data\QuosaDDM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 05:34 . 2009-04-13 03:00 24944 ----a-w- f:\windows\system32\drivers\GVTDrv.sys
2009-12-08 05:34 . 2009-04-13 01:29 17488 ----a-w- f:\windows\gdrv.sys
2009-12-07 01:54 . 2009-04-12 23:15 71000 ----a-w- f:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 21:10 . 2009-11-07 21:10 -------- d-----w- f:\documents and settings\All Users\Application Data\Apple Computer
2009-11-07 21:10 . 2009-11-07 21:10 -------- d-----w- f:\program files\Common Files\Apple
2009-11-07 21:10 . 2009-11-07 21:10 -------- d-----w- f:\program files\Apple Software Update
2009-11-07 21:10 . 2009-11-07 21:10 -------- d-----w- f:\documents and settings\All Users\Application Data\Apple
2009-10-29 05:44 . 2009-10-29 05:44 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee
2009-10-27 05:44 . 2009-10-27 05:44 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-27 05:44 . 2009-10-27 05:44 -------- d-----w- f:\program files\McAfee Security Scan
2009-10-27 05:44 . 2009-10-27 05:43 1925024 ----a-w- f:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-09-11 14:18 . 2008-04-14 17:00 136192 ----a-w- f:\windows\system32\MSV1_0.DLL
2009-07-22 21:56 . 2009-04-13 03:04 3140 --sha-w- f:\windows\system32\KGyGaAvL.sys
2009-04-13 03:04 . 2009-04-13 03:04 8 --sh--r- f:\windows\system32\EBC19265BB.sys
.

------- Sigcheck -------

[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . f:\windows\system32\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . f:\windows\system32\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . f:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="f:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="f:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-17 570664]
"SecurDisc"="f:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="f:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"ccApp"="f:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="f:\progra~1\SYMANT~1\VPTray.exe" [2006-10-25 125120]
"EasyTuneVI"="f:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"ISUSPM Startup"="f:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="f:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBTUpd"="f:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"WD Drive Manager"="f:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]
"BrStsWnd"="f:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
"GrooveMonitor"="g:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="g:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

f:\documents and settings\Renee\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - g:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

f:\documents and settings\Administrator\Start Menu\Programs\Startup\
WD Anywhere Backup Launcher.lnk - f:\documents and settings\Administrator\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2009-4-15 17542]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
MSI Wireless Utility.lnk - f:\program files\MSI\Common\RaUI.exe [2009-4-12 425984]
WinZip Quick Pick.lnk - f:\program files\WinZip\WZQKPICK.EXE [2008-2-8 394856]
Windows Search.lnk - f:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
McAfee Security Scan.lnk - f:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Gigabyte\\EasySaver\\UpdExe.exe"=
"f:\\Program Files\\Gigabyte\\EasySaver\\GBTUpd.exe"=
"f:\\Program Files\\Gigabyte\\GBTUpd\\GBTUpd.exe"=
"f:\\Program Files\\Gigabyte\\GBTUpd\\RunUpd.exe"=
"h:\\Neverwinter\\nwn2main.exe"=
"h:\\Neverwinter\\nwn2main_amdxp.exe"=
"h:\\Neverwinter\\nwupdate.exe"=
"h:\\Neverwinter\\nwn2server.exe"=
"g:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"g:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"g:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=

R2 ES lite Service;ES lite Service for program management.;f:\program files\Gigabyte\EasySaver\essvr.exe [4/12/2009 8:32 PM 68136]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;f:\windows\system32\drivers\RtNdPt5x.sys [4/12/2009 9:21 PM 35840]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;f:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
R3 AODDriver;AODDriver;f:\program files\Gigabyte\ET6\i386\AODDriver.sys [4/12/2009 11:24 PM 7168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;f:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/12/2009 8:45 PM 102448]
R3 GVTDrv;GVTDrv;f:\windows\system32\drivers\GVTDrv.sys [4/12/2009 10:00 PM 24944]
S0 rseb;rseb; [x]
S2 NeroRegInCDSrv;Nero Registry InCD Service;f:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> f:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 etdrv;etdrv;f:\windows\etdrv.sys [9/6/2009 11:09 PM 17488]
S3 rspSanity;rspSanity;f:\windows\system32\drivers\rspSanity32.sys [11/26/2009 10:11 PM 27192]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;f:\windows\system32\drivers\RTLTEAMING.SYS [4/12/2009 9:22 PM 28416]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;f:\windows\system32\drivers\RTLVLAN.SYS [4/12/2009 9:22 PM 17408]
S3 SavRoam;SAVRoam;f:\program files\Symantec AntiVirus\SavRoam.exe [10/24/2006 7:32 PM 116416]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AODDRIVER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- f:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o4y37vf0.default\
FF - plugin: g:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 00:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
f:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(312)
f:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
f:\program files\Common Files\Ahead\Lib\MFC71U.DLL
f:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
f:\program files\Windows Desktop Search\deskbar.dll
f:\program files\Windows Desktop Search\en-us\dbres.dll.mui
f:\program files\Windows Desktop Search\dbres.dll
f:\program files\Windows Desktop Search\wordwheel.dll
f:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
f:\program files\Windows Desktop Search\msnlExtRes.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\Ati2evxx.exe
f:\program files\Common Files\Symantec Shared\ccSetMgr.exe
f:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
f:\windows\system32\Ati2evxx.exe
f:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
f:\program files\Symantec AntiVirus\DefWatch.exe
f:\windows\system32\inetsrv\inetinfo.exe
f:\program files\Nero\Nero 7\InCD\InCDsrv.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\LightScribe\LSSrvc.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
f:\windows\system32\PSIService.exe
f:\windows\System32\snmp.exe
f:\program files\Symantec AntiVirus\Rtvscan.exe
f:\windows\system32\wdfmgr.exe
f:\windows\system32\SearchIndexer.exe
f:\windows\system32\wscntfy.exe
f:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
f:\program files\GIGABYTE\ET6\GUI.exe
f:\program files\Symantec AntiVirus\DoScan.exe
f:\windows\RTHDCPL.EXE
f:\program files\GIGABYTE\GBTUpd\RunUpd.exe
f:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
f:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
f:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
f:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2009-12-08 00:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 05:36
ComboFix2.txt 2009-12-08 03:16

Pre-Run: 956,235,776 bytes free
Post-Run: 915,636,224 bytes free

- - End Of File - - C4C5DF06570EC297A6C3A56ED36B68EE

[emeraldnzl]

Hello rseay267,

we do have the Installation Disk

Let's see if we can replace those bad files using the disk then.

Next

Use the Recovery Console to replace the missing or damaged files.

To do so, follow these steps:

1.Insert the Windows XP CD-ROM into the CD-ROM or DVD-ROM drive, and then restart the computer. Press any key to boot from CD when prompted

2.When the "Welcome to Setup" screen appears, press R to start Recovery Console.

3.If your computer is configured for dual booting or multiple booting, select the relevant Windows XP installation. If you only have one operating system press 1 here

4.When you are prompted to do so, type the administrator password, and then press ENTER. If you did not set a password just press ENTER

5. At the command prompt, type the following command, and then press ENTER:

expand x:\i386\ntoskrnl.ex_ c:\windows\system32 /Y
expand x:\i386\ntkrnlpa.ex_ c:\windows\system32 /Y

In the above example you would replace x: with the letter of your CD-ROM drive.

Type exit, press ENTER, and then restart the computer.

After that run ComboFix again and post the log back here.

[rseay267]

Hi emeraldnzl,

I have been having problems with these last instructions. I didn't have the right password for the recovery process and I could not get ahold of my husband. When he got home, he happened to just hit a button, thinking he was helping out. Turns out, he ended up re-installing XP. I'm not sure what will happen now as he did not reformat the drive. Will this destroy the trojans and/or repair the files? I know this will mean basically re-setting up the whole computer.

Any input will be helpful.
Renee

[emeraldnzl]

Hmm...he may have inadvertantly carried out a Repair Install.

Let's have a look at an OTL scan. Please run it if you still have it and post the scan results back here. I you don't have it I have posted instructions for downloading it below.

Also when you come back tell me if you have internet connection from that machine now.

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

[rseay267]

It looks like you were right and all he did was a recovery install. Everything that was on the desktop before was still on there. I ran OTL as you instructed, but it did not give me the Extras.txt file. Also, once the recovery install was done, the wireless continued to connect and disconnect.

Here is the new OTL.txt file:

OTL logfile created on: 12/8/2009 7:38:05 PM - Run 4
OTL by OldTimer - Version 3.1.10.1 Folder = F:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): f:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
Drive D: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 589.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 12.68 Gb Total Space | 1.49 Gb Free Space | 11.76% Space Free | Partition Type: FAT32
Drive G: | 24.40 Gb Total Space | 20.78 Gb Free Space | 85.16% Space Free | Partition Type: FAT32
Drive H: | 195.77 Gb Total Space | 181.10 Gb Free Space | 92.50% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 24.41 Gb Total Space | 13.43 Gb Free Space | 55.02% Space Free | Partition Type: NTFS
Drive L: | 1.91 Gb Total Space | 0.65 Gb Free Space | 34.26% Space Free | Partition Type: FAT

Computer Name: SEAY-01
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - F:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - F:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - F:\Program Files\Gigabyte\EasySaver\essvr.exe ()
PRC - F:\Program Files\Brownie\BrStsWnd.exe (brother)
PRC - F:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - F:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - F:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - F:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - F:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - F:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - F:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - F:\Program Files\Gigabyte\ET6\GUI.exe ()
PRC - F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
PRC - F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
PRC - F:\Program Files\Brownie\brpjp04a.exe (brother)
PRC - F:\Program Files\Brownie\BRNIPMON.exe (Brother Industries, Ltd.)
PRC - F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
PRC - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - F:\WINDOWS\system32\PSIService.exe ()
PRC - G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - F:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - F:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - F:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - F:\Program Files\MSI\Common\RaUI.exe (MSI Technology, Corp.)
PRC - F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - F:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - F:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NeroRegInCDSrv) -- File not found
SRV - (JavaQuickStarterService) -- F:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ES lite Service) -- F:\Program Files\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (gusvc) -- F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Ati HotKey Poller) -- F:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- F:\WINDOWS\system32\ati2sgag.exe ()
SRV - (LightScribeService) -- F:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (SNMP) -- F:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- F:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (helpsvc) -- F:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WDBtnMgrSvc.exe) -- F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV - (clr_optimization_v2.0.50727_32) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NBService) -- F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (InCDsrv) -- F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (ProtexisLicensing) -- F:\WINDOWS\system32\PSIService.exe ()
SRV - (Microsoft Office Groove Audit Service) -- G:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (SavRoam) -- F:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- F:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (IDriverT) -- F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UMWdf) -- F:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (GVTDrv) -- F:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (gdrv) -- F:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (rspSanity) -- F:\WINDOWS\system32\drivers\rspSanity32.sys (Resplendence Software Projects Sp.)
DRV - (etdrv) -- F:\WINDOWS\etdrv.sys (Windows ® 2000 DDK provider)
DRV - (EraserUtilRebootDrv) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20091124.017\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20091124.017\NAVENG.SYS (Symantec Corporation)
DRV - (AODDriver) -- F:\Program Files\Gigabyte\ET6\i386\AODDriver.sys ()
DRV - (atksgt) -- F:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- F:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- F:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (PxHelp20) -- F:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- F:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- F:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- F:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- F:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AtiHdmiService) -- F:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (RTLVLAN) -- F:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation )
DRV - (RtNdPt5x) -- F:\WINDOWS\system32\drivers\RtNdPt5x.sys (Windows ® Codename Longhorn DDK provider)
DRV - (HDAudBus) -- F:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- F:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- F:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTLTEAMING) -- F:\WINDOWS\system32\drivers\RTLTEAMING.SYS (Realtek Semiconductor Corporation)
DRV - (incdrm) -- F:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- F:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- F:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (AmdPPM) -- F:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (SymEvent) -- F:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- F:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- F:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- F:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- F:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (RT61) -- F:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - F:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - F:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: F:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/01 19:13:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2009/06/11 15:11:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2009/06/11 15:11:58 | 00,000,000 | ---D | M]

[2009/07/21 21:46:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/07/21 21:46:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/21 21:46:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o4y37vf0.default\extensions

O1 HOSTS File: (27 bytes) - F:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - F:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - F:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - F:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrStsWnd] F:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EasyTuneVI] F:\Program Files\Gigabyte\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GBTUpd] F:\Program Files\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O4 - HKLM..\Run: [GrooveMonitor] G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] F:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISUSPM Startup] F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] G:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] F:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SecurDisc] F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] F:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WD Drive Manager] F:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSI Wireless Utility.lnk = F:\Program Files\MSI\Common\RaUI.exe (MSI Technology, Corp.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = F:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - F:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - F:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - F:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - F:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - F:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - F:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - F:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - F:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - F:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - F:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - F:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - F:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - F:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - F:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - F:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - F:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - F:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - F:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - F:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - F:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - F:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - F:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - F:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - F:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - F:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - F:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - F:\WINDOWS\system32\NavLogon.dll - F:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - F:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - F:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - F:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - F:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - F:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - F:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - F:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - F:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - F:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - F:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - F:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - F:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - F:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - F:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - F:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - F:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - F:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - F:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - F:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - F:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - F:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - F:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 00,000,309 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/05/07 07:00:00 | 00,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - J:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell - "" = AutoRun
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5554885e-2984-11de-ac9d-002421432eca}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/08 19:35:57 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/12/08 19:24:41 | 00,531,456 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/08 19:20:32 | 00,000,000 | ---D | C] -- F:\WINDOWS\LastGood
[2009/12/08 19:07:44 | 00,000,000 | ---D | C] -- F:\WINDOWS\Prefetch
[2009/12/08 19:04:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winzm.ime
[2009/12/08 19:04:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winsp.ime
[2009/12/08 19:04:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winpy.ime
[2009/12/08 19:04:24 | 00,079,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winar30.ime
[2009/12/08 19:04:24 | 00,072,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wingb.ime
[2009/12/08 19:04:24 | 00,065,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winime.ime
[2009/12/08 19:04:23 | 00,041,600 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/12/08 19:04:23 | 00,031,232 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/12/08 19:04:22 | 00,086,073 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\voicesub.dll
[2009/12/08 19:04:22 | 00,048,256 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\w32.dll
[2009/12/08 19:04:21 | 00,426,041 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\voicepad.dll
[2009/12/08 19:04:20 | 00,076,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\uniime.dll
[2009/12/08 19:04:20 | 00,065,024 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\unicdime.ime
[2009/12/08 19:04:19 | 00,014,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tsprof.exe
[2009/12/08 19:04:18 | 00,571,392 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/12/08 19:04:18 | 00,455,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/12/08 19:04:18 | 00,044,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/12/08 19:04:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/12/08 19:04:17 | 00,185,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/12/08 19:04:17 | 00,021,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tdipx.sys
[2009/12/08 19:04:17 | 00,019,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tdspx.sys
[2009/12/08 19:04:17 | 00,013,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tdasync.sys
[2009/12/08 19:04:14 | 00,101,376 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/12/08 19:04:13 | 00,143,422 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\softkey.dll
[2009/12/08 19:04:13 | 00,039,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/12/08 19:04:12 | 00,259,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/12/08 19:04:12 | 00,031,744 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smb6w.dll
[2009/12/08 19:04:12 | 00,031,744 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sma3w.dll
[2009/12/08 19:04:11 | 00,038,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/12/08 19:04:11 | 00,030,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm87w.dll
[2009/12/08 19:04:11 | 00,029,184 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/12/08 19:04:11 | 00,026,624 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm93w.dll
[2009/12/08 19:04:11 | 00,026,624 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm92w.dll
[2009/12/08 19:04:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm90w.dll
[2009/12/08 19:04:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/12/08 19:04:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/12/08 19:04:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm89w.dll
[2009/12/08 19:04:10 | 00,030,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm81w.dll
[2009/12/08 19:04:10 | 00,025,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm59w.dll
[2009/12/08 19:04:10 | 00,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\simptcp.dll
[2009/12/08 19:04:07 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- F:\WINDOWS\System32\dllcache\rwia330.dll
[2009/12/08 19:04:07 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- F:\WINDOWS\System32\dllcache\rwia001.dll
[2009/12/08 19:04:07 | 00,029,184 | ---- | C] (Ricoh Co., Ltd.) -- F:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/12/08 19:04:07 | 00,027,648 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/12/08 19:04:06 | 00,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\romanime.ime
[2009/12/08 19:04:05 | 00,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\register.exe
[2009/12/08 19:04:04 | 00,020,736 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/12/08 19:04:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\quser.exe
[2009/12/08 19:04:03 | 00,077,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\quick.ime
[2009/12/08 19:04:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\query.exe
[2009/12/08 19:04:01 | 00,131,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/12/08 19:04:01 | 00,070,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/12/08 19:04:01 | 00,067,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/12/08 19:04:01 | 00,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/12/08 19:04:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/12/08 19:04:00 | 00,482,304 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/12/08 19:04:00 | 00,079,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\phon.ime
[2009/12/08 19:04:00 | 00,053,760 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/12/08 19:03:59 | 00,036,927 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\padrs411.dll
[2009/12/08 19:03:59 | 00,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\padrs404.dll
[2009/12/08 19:03:59 | 00,015,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\padrs804.dll
[2009/12/08 19:03:59 | 00,014,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\padrs412.dll
[2009/12/08 19:03:54 | 00,229,439 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\multibox.dll
[2009/12/08 19:03:54 | 00,119,808 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/12/08 19:03:50 | 01,875,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/12/08 19:03:50 | 00,098,304 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/12/08 19:03:45 | 00,092,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mga.sys
[2009/12/08 19:03:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\migregdb.exe
[2009/12/08 19:03:44 | 00,092,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mga.dll
[2009/12/08 19:03:43 | 00,022,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/12/08 19:03:43 | 00,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lprmon.dll
[2009/12/08 19:03:40 | 00,070,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/12/08 19:03:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/12/08 19:03:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/12/08 19:03:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/12/08 19:03:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/12/08 19:03:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/12/08 19:03:38 | 00,009,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/12/08 19:03:38 | 00,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/12/08 19:03:38 | 00,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/12/08 19:03:38 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/12/08 19:03:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/12/08 19:03:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/12/08 19:03:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/12/08 19:03:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/12/08 19:03:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/12/08 19:03:37 | 00,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/12/08 19:03:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/12/08 19:03:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/12/08 19:03:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/12/08 19:03:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/12/08 19:03:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/12/08 19:03:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/12/08 19:03:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/12/08 19:03:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/12/08 19:03:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/12/08 19:03:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/12/08 19:03:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/12/08 19:03:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/12/08 19:03:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/12/08 19:03:36 | 00,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/12/08 19:03:36 | 00,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/12/08 19:03:35 | 00,018,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\jupiw.dll
[2009/12/08 19:03:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/12/08 19:03:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/12/08 19:03:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbd101.dll
[2009/12/08 19:03:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbda3.dll
[2009/12/08 19:03:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbda2.dll
[2009/12/08 19:03:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbda1.dll
[2009/12/08 19:03:35 | 00,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/12/08 19:03:34 | 00,035,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iprip.dll
[2009/12/08 19:03:33 | 00,471,102 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imskdic.dll
[2009/12/08 19:03:33 | 00,315,455 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imskf.dll
[2009/12/08 19:03:32 | 00,274,489 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/12/08 19:03:32 | 00,262,200 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjputy.exe
[2009/12/08 19:03:32 | 00,102,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imlang.dll
[2009/12/08 19:03:32 | 00,059,904 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/12/08 19:03:32 | 00,045,109 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/12/08 19:03:31 | 00,233,527 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjprw.exe
[2009/12/08 19:03:31 | 00,208,952 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/12/08 19:03:31 | 00,155,705 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/12/08 19:03:30 | 00,716,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/12/08 19:03:30 | 00,368,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/12/08 19:03:30 | 00,307,257 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/12/08 19:03:30 | 00,081,976 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/12/08 19:03:30 | 00,057,398 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/12/08 19:03:29 | 00,811,064 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/12/08 19:03:29 | 00,340,023 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjp81.ime
[2009/12/08 19:03:29 | 00,311,359 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/12/08 19:03:29 | 00,102,463 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/12/08 19:03:29 | 00,044,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/12/08 19:03:28 | 00,106,496 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/12/08 19:03:28 | 00,094,720 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imekr61.ime
[2009/12/08 19:03:28 | 00,086,016 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/12/08 19:03:23 | 10,129,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/12/08 19:03:13 | 10,096,640 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/12/08 19:03:12 | 00,036,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/12/08 19:03:10 | 00,125,952 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/12/08 19:03:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/12/08 19:03:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/12/08 19:03:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/12/08 19:03:09 | 00,024,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/12/08 19:03:09 | 00,020,541 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/12/08 19:03:09 | 00,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\flattemp.exe
[2009/12/08 19:03:08 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- F:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/12/08 19:03:08 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- F:\WINDOWS\System32\dllcache\esunid.dll
[2009/12/08 19:03:08 | 00,025,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\et4000.sys
[2009/12/08 19:03:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/12/08 19:03:07 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- F:\WINDOWS\System32\dllcache\esucmd.dll
[2009/12/08 19:03:02 | 00,078,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\dayi.ime
[2009/12/08 19:03:01 | 00,057,399 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cplexe.exe
[2009/12/08 19:03:01 | 00,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cprofile.exe
[2009/12/08 19:03:00 | 00,480,256 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/12/08 19:02:59 | 00,198,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cintime.dll
[2009/12/08 19:02:59 | 00,097,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/12/08 19:02:59 | 00,056,320 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/12/08 19:02:59 | 00,021,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/12/08 19:02:58 | 01,677,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/12/08 19:02:58 | 00,838,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/12/08 19:02:57 | 00,078,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chajei.ime
[2009/12/08 19:02:57 | 00,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chgport.exe
[2009/12/08 19:02:57 | 00,014,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chgusr.exe
[2009/12/08 19:02:57 | 00,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chglogon.exe
[2009/12/08 19:02:57 | 00,009,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\change.exe
[2009/12/08 19:02:56 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- F:\WINDOWS\System32\dllcache\cap7146.sys
[2009/12/08 19:02:55 | 00,218,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/12/08 19:02:55 | 00,010,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/12/08 19:02:55 | 00,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/12/08 19:02:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0804.dll
[2009/12/08 19:02:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0412.dll
[2009/12/08 19:02:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0411.dll
[2009/12/08 19:02:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt040d.dll
[2009/12/08 19:02:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0404.dll
[2009/12/08 19:02:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0401.dll
[2009/12/08 19:02:42 | 00,032,827 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tcptest.exe
[2009/12/08 19:02:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/12/08 19:02:41 | 00,020,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shtml.dll
[2009/12/08 19:02:41 | 00,016,437 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shtml.exe
[2009/12/08 19:02:38 | 00,598,071 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/12/08 19:02:38 | 00,208,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/12/08 19:02:38 | 00,188,494 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpcount.exe
[2009/12/08 19:02:38 | 00,020,541 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/12/08 19:02:38 | 00,020,538 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/12/08 19:02:37 | 00,876,653 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/12/08 19:02:37 | 00,109,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/12/08 19:02:37 | 00,102,509 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/12/08 19:02:37 | 00,049,212 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/12/08 19:02:37 | 00,049,210 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/12/08 19:02:37 | 00,041,020 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/12/08 19:02:37 | 00,032,826 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/12/08 19:02:37 | 00,014,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/12/08 19:02:36 | 00,184,435 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/12/08 19:02:36 | 00,147,513 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/12/08 19:02:36 | 00,082,035 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/12/08 19:02:35 | 00,188,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/12/08 19:02:35 | 00,020,540 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\author.dll
[2009/12/08 19:02:35 | 00,016,439 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\author.exe
[2009/12/08 19:02:35 | 00,016,439 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\admin.exe
[2009/12/08 19:02:33 | 00,020,540 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\admin.dll
[2009/12/08 19:01:01 | 00,000,000 | ---D | C] -- F:\Program Files\Online Services
[2009/12/08 18:59:35 | 00,000,000 | ---D | C] -- F:\Program Files\ComPlus Applications
[2009/12/08 18:59:26 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\Cache
[2009/12/08 18:58:57 | 00,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/12/08 17:15:58 | 00,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\irclass.dll
[2009/12/08 17:15:58 | 00,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\irclass.dll
[2009/12/08 17:15:57 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- F:\WINDOWS\System32\spxcoins.dll
[2009/12/08 17:15:57 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- F:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/12/08 17:06:07 | 00,000,000 | ---D | C] -- F:\WINDOWS\Connection Wizard
[2009/12/08 09:10:57 | 00,000,000 | -HSD | C] -- F:\Recycled
[2009/12/08 00:31:02 | 00,000,000 | ---D | C] -- F:\WINDOWS\temp
[2009/12/08 00:27:54 | 00,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2009/12/08 00:27:54 | 00,161,792 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2009/12/08 00:27:54 | 00,136,704 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2009/12/08 00:27:54 | 00,031,232 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2009/12/08 00:27:49 | 00,000,000 | ---D | C] -- F:\ComboFix
[2009/12/07 22:10:46 | 00,000,000 | RHSD | C] -- F:\cmdcons
[2009/12/07 12:28:31 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/12/07 12:26:14 | 00,000,000 | ---D | C] -- F:\FOUND.000
[2009/12/07 12:22:11 | 00,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2009/12/07 12:21:50 | 00,000,000 | ---D | C] -- F:\Qoobox
[2009/12/06 21:05:29 | 00,000,000 | ---D | C] -- F:\Config.Msi
[2009/11/26 22:11:18 | 00,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- F:\WINDOWS\System32\drivers\rspSanity32.sys
[2009/11/26 00:20:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/26 00:20:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2009/11/26 00:20:03 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/24 18:37:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xpsp4res.dll
[2007/08/02 14:20:28 | 00,220,184 | ---- | C] ( ) -- F:\Documents and Settings\Administrator\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2005/12/13 17:12:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- F:\Documents and Settings\Administrator\Local Settings\Application Data\stdole.dll
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\drivers\*.tmp files -> F:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/08 19:27:46 | 00,612,736 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/08 19:27:46 | 00,507,192 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2009/12/08 19:27:46 | 00,093,160 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2009/12/08 19:21:50 | 00,001,379 | ---- | M] () -- F:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2009/12/08 19:20:08 | 00,024,944 | ---- | M] () -- F:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/12/08 19:20:08 | 00,000,004 | ---- | M] () -- F:\WINDOWS\System32\GVTunner.ref
[2009/12/08 19:19:54 | 00,000,500 | ---- | M] () -- F:\WINDOWS\Brownie.ini
[2009/12/08 19:19:52 | 00,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- F:\WINDOWS\gdrv.sys
[2009/12/08 19:19:34 | 00,021,760 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2009/12/08 19:19:34 | 00,021,760 | ---- | M] () -- F:\WINDOWS\System32\wpa.bak
[2009/12/08 19:18:46 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2009/12/08 19:18:40 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2009/12/08 19:18:38 | 00,044,964 | ---- | M] () -- F:\WINDOWS\System32\ativvaxx.cap
[2009/12/08 19:18:34 | 34,880,75776 | -HS- | M] () -- F:\hiberfil.sys
[2009/12/08 19:13:18 | 02,097,152 | -H-- | M] () -- F:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/08 19:13:18 | 00,000,178 | -HS- | M] () -- F:\Documents and Settings\Administrator\ntuser.ini
[2009/12/08 19:07:30 | 00,274,168 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/08 19:05:34 | 00,000,288 | ---- | M] () -- F:\WINDOWS\System32\$winnt$.inf
[2009/12/08 19:02:04 | 00,316,640 | ---- | M] () -- F:\WINDOWS\WMSysPr9.prx
[2009/12/08 19:02:02 | 00,023,392 | ---- | M] () -- F:\WINDOWS\System32\nscompat.tlb
[2009/12/08 19:02:02 | 00,016,832 | ---- | M] () -- F:\WINDOWS\System32\amcompat.tlb
[2009/12/08 19:01:54 | 00,004,161 | ---- | M] () -- F:\WINDOWS\ODBCINST.INI
[2009/12/08 19:01:14 | 00,000,488 | RH-- | M] () -- F:\WINDOWS\System32\WindowsLogon.manifest
[2009/12/08 19:01:14 | 00,000,488 | RH-- | M] () -- F:\WINDOWS\System32\logonui.exe.manifest
[2009/12/08 19:01:10 | 00,000,749 | RH-- | M] () -- F:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/08 19:01:10 | 00,000,749 | RH-- | M] () -- F:\WINDOWS\WindowsShell.Manifest
[2009/12/08 19:01:10 | 00,000,749 | RH-- | M] () -- F:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/08 19:01:10 | 00,000,749 | RH-- | M] () -- F:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/08 19:01:10 | 00,000,749 | RH-- | M] () -- F:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/08 19:01:10 | 00,000,749 | RH-- | M] () -- F:\WINDOWS\System32\cdplayer.exe.manifest
[2009/12/08 19:01:02 | 00,000,552 | ---- | M] () -- F:\WINDOWS\win.ini
[2009/12/08 18:59:48 | 00,025,472 | ---- | M] () -- F:\WINDOWS\System32\emptyregdb.dat
[2009/12/08 18:59:22 | 00,000,535 | ---- | M] () -- F:\WINDOWS\System32\mapisvc.inf
[2009/12/08 18:57:18 | 00,004,444 | ---- | M] () -- F:\WINDOWS\System32\pid.PNF
[2009/12/08 17:16:02 | 00,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
[2009/12/08 17:13:36 | 00,000,512 | -HS- | M] () -- F:\bootsect.dos
[2009/12/08 17:13:36 | 00,000,332 | -HS- | M] () -- F:\boot.ini
[2009/12/07 13:09:10 | 03,583,346 | R--- | M] () -- F:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/12/07 09:21:46 | 00,002,393 | ---- | M] () -- F:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2009/12/06 20:54:30 | 00,071,000 | ---- | M] () -- F:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/30 09:39:40 | 00,037,892 | ---- | M] () -- F:\WINDOWS\setupapi.old
[2009/11/27 10:16:02 | 00,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/26 00:20:08 | 00,000,466 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 23:56:26 | 00,531,456 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/11/25 01:28:22 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/25 01:28:18 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB951066$
[2009/11/25 01:28:14 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB954459$
[2009/11/25 01:28:08 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB951748$
[2009/11/25 01:27:54 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB971486$
[2009/11/25 01:27:50 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB960803$
[2009/11/25 01:27:46 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB973815$
[2009/11/25 01:27:38 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB958644$
[2009/11/25 01:27:34 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB955069$
[2009/11/25 01:27:30 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB956802$
[2009/11/25 01:27:18 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB923561$
[2009/11/25 01:27:14 | 00,008,192 | ---- | M] () -- F:\WINDOWS\$NtUninstallKB971961$
[2009/11/23 13:45:20 | 00,000,426 | ---- | M] () -- F:\WINDOWS\BRWMARK.INI
[2009/11/14 01:47:58 | 00,260,608 | ---- | M] () -- F:\WINDOWS\PEV.exe
[2009/11/12 10:11:40 | 00,027,192 | ---- | M] (Resplendence Software Projects Sp.) -- F:\WINDOWS\System32\drivers\rspSanity32.sys
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\drivers\*.tmp files -> F:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/08 19:04:30 | 00,028,288 | ---- | C] () -- F:\WINDOWS\System32\dllcache\xjis.nls
[2009/12/08 19:04:02 | 00,083,748 | ---- | C] () -- F:\WINDOWS\System32\dllcache\prcp.nls
[2009/12/08 19:04:02 | 00,083,748 | ---- | C] () -- F:\WINDOWS\System32\dllcache\prc.nls
[2009/12/08 19:04:00 | 00,175,104 | ---- | C] () -- F:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/12/08 19:03:40 | 01,158,818 | ---- | C] () -- F:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/12/08 19:03:40 | 00,047,066 | ---- | C] () -- F:\WINDOWS\System32\dllcache\ksc.nls
[2009/12/08 19:03:33 | 00,059,392 | ---- | C] () -- F:\WINDOWS\System32\dllcache\imscinst.exe
[2009/12/08 19:03:31 | 00,196,665 | ---- | C] () -- F:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/12/08 19:03:28 | 00,134,339 | ---- | C] () -- F:\WINDOWS\System32\dllcache\imekr.lex
[2009/12/08 19:03:17 | 13,463,552 | ---- | C] () -- F:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/12/08 19:03:12 | 00,108,827 | ---- | C] () -- F:\WINDOWS\System32\dllcache\hanja.lex
[2009/12/08 19:03:10 | 00,094,208 | ---- | C] () -- F:\WINDOWS\System32\dllcache\fpencode.dll
[2009/12/08 19:02:59 | 00,173,568 | ---- | C] () -- F:\WINDOWS\System32\dllcache\chtskf.dll
[2009/12/08 19:02:55 | 00,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_864.nls
[2009/12/08 19:02:55 | 00,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_862.nls
[2009/12/08 19:02:55 | 00,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_858.nls
[2009/12/08 19:02:55 | 00,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_720.nls
[2009/12/08 19:02:55 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_870.nls
[2009/12/08 19:02:54 | 00,180,770 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20932.nls
[2009/12/08 19:02:54 | 00,177,698 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20949.nls
[2009/12/08 19:02:54 | 00,173,602 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20936.nls
[2009/12/08 19:02:54 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_708.nls
[2009/12/08 19:02:54 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_28596.nls
[2009/12/08 19:02:54 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_21027.nls
[2009/12/08 19:02:54 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_21025.nls
[2009/12/08 19:02:54 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20924.nls
[2009/12/08 19:02:54 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20880.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20871.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20838.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20833.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20424.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20423.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20420.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20297.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20290.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20285.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20284.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20280.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20278.nls
[2009/12/08 19:02:53 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20277.nls
[2009/12/08 19:02:52 | 00,187,938 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20005.nls
[2009/12/08 19:02:52 | 00,185,378 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20003.nls
[2009/12/08 19:02:52 | 00,180,258 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20004.nls
[2009/12/08 19:02:52 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20273.nls
[2009/12/08 19:02:52 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20269.nls
[2009/12/08 19:02:52 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20108.nls
[2009/12/08 19:02:52 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20107.nls
[2009/12/08 19:02:52 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20106.nls
[2009/12/08 19:02:52 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20105.nls
[2009/12/08 19:02:51 | 00,189,986 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1361.nls
[2009/12/08 19:02:51 | 00,186,402 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20001.nls
[2009/12/08 19:02:51 | 00,180,258 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20000.nls
[2009/12/08 19:02:51 | 00,173,602 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20002.nls
[2009/12/08 19:02:51 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1149.nls
[2009/12/08 19:02:51 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1148.nls
[2009/12/08 19:02:51 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1147.nls
[2009/12/08 19:02:51 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1146.nls
[2009/12/08 19:02:50 | 00,173,602 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10008.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1145.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1144.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1143.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1142.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1141.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1140.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1047.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10021.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10005.nls
[2009/12/08 19:02:50 | 00,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10004.nls
[2009/12/08 19:02:49 | 00,195,618 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10002.nls
[2009/12/08 19:02:49 | 00,177,698 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10003.nls
[2009/12/08 19:02:49 | 00,162,850 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10001.nls
[2009/12/08 19:02:49 | 00,082,172 | ---- | C] () -- F:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/12/08 19:02:48 | 00,066,728 | ---- | C] () -- F:\WINDOWS\System32\dllcache\big5.nls
[2009/12/08 19:01:12 | 00,000,488 | RH-- | C] () -- F:\WINDOWS\System32\logonui.exe.manifest
[2009/12/08 19:01:08 | 00,000,749 | RH-- | C] () -- F:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/08 19:01:08 | 00,000,749 | RH-- | C] () -- F:\WINDOWS\WindowsShell.Manifest
[2009/12/08 19:01:08 | 00,000,749 | RH-- | C] () -- F:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/08 19:01:08 | 00,000,749 | RH-- | C] () -- F:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/08 19:01:08 | 00,000,749 | RH-- | C] () -- F:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/08 17:15:40 | 00,144,484 | ---- | C] () -- F:\WINDOWS\System32\dllcache\netfx.cat
[2009/12/08 17:15:40 | 00,026,991 | ---- | C] () -- F:\WINDOWS\System32\dllcache\msn7.cat
[2009/12/08 17:15:40 | 00,014,433 | ---- | C] () -- F:\WINDOWS\System32\dllcache\msn9.cat
[2009/12/08 17:15:39 | 02,144,487 | ---- | C] () -- F:\WINDOWS\System32\dllcache\NT5.CAT
[2009/12/08 17:15:39 | 01,296,669 | ---- | C] () -- F:\WINDOWS\System32\dllcache\SP3.CAT
[2009/12/08 17:15:39 | 01,088,840 | ---- | C] () -- F:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/12/08 17:15:39 | 00,797,189 | ---- | C] () -- F:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/12/08 17:15:39 | 00,522,220 | ---- | C] () -- F:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/12/08 17:15:39 | 00,399,645 | ---- | C] () -- F:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/12/08 17:15:39 | 00,112,918 | ---- | C] () -- F:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/12/08 17:15:39 | 00,037,484 | ---- | C] () -- F:\WINDOWS\System32\dllcache\MW770.CAT
[2009/12/08 17:15:39 | 00,034,747 | ---- | C] () -- F:\WINDOWS\System32\dllcache\mediactr.cat
[2009/12/08 17:15:39 | 00,034,063 | ---- | C] () -- F:\WINDOWS\System32\dllcache\FP4.CAT
[2009/12/08 17:15:39 | 00,016,535 | ---- | C] () -- F:\WINDOWS\System32\dllcache\IMS.CAT
[2009/12/08 17:15:39 | 00,013,472 | ---- | C] () -- F:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/12/08 17:15:39 | 00,012,363 | ---- | C] () -- F:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/12/08 17:15:39 | 00,010,027 | ---- | C] () -- F:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/12/08 17:15:39 | 00,008,574 | ---- | C] () -- F:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/12/08 17:15:39 | 00,007,382 | ---- | C] () -- F:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/12/08 17:15:39 | 00,007,334 | ---- | C] () -- F:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/12/08 17:13:34 | 00,000,512 | -HS- | C] () -- F:\bootsect.dos
[2009/12/08 00:34:42 | 00,000,004 | ---- | C] () -- F:\WINDOWS\System32\GVTunner.ref
[2009/12/08 00:27:54 | 00,260,608 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2009/12/08 00:27:54 | 00,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2009/12/08 00:27:54 | 00,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2009/12/08 00:27:54 | 00,077,312 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2009/12/08 00:27:54 | 00,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2009/12/07 22:10:48 | 00,260,272 | ---- | C] () -- F:\cmldr
[2009/12/07 12:23:06 | 03,583,346 | R--- | C] () -- F:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/12/07 09:05:27 | 00,002,393 | ---- | C] () -- F:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2009/11/26 00:20:07 | 00,000,466 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 01:28:20 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/25 01:28:16 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB951066$
[2009/11/25 01:28:12 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB954459$
[2009/11/25 01:28:06 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB951748$
[2009/11/25 01:27:53 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB971486$
[2009/11/25 01:27:49 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB960803$
[2009/11/25 01:27:45 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB973815$
[2009/11/25 01:27:36 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB958644$
[2009/11/25 01:27:32 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB955069$
[2009/11/25 01:27:28 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB956802$
[2009/11/25 01:27:17 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB923561$
[2009/11/25 01:27:12 | 00,008,192 | ---- | C] () -- F:\WINDOWS\$NtUninstallKB971961$
[2009/07/11 17:31:50 | 00,000,034 | ---- | C] () -- F:\WINDOWS\NPinfotl.INI
[2009/06/10 20:05:47 | 00,000,114 | ---- | C] () -- F:\WINDOWS\System32\brlmw03a.ini
[2009/06/10 20:05:46 | 00,009,853 | ---- | C] () -- F:\WINDOWS\HL-2170W.INI
[2009/06/10 19:24:32 | 00,000,146 | ---- | C] () -- F:\WINDOWS\BRVIDEO.INI
[2009/06/10 19:24:32 | 00,000,000 | ---- | C] () -- F:\WINDOWS\brmx2001.ini
[2009/06/10 19:23:34 | 00,000,426 | ---- | C] () -- F:\WINDOWS\BRWMARK.INI
[2009/06/10 19:22:31 | 00,000,500 | ---- | C] () -- F:\WINDOWS\Brownie.ini
[2009/04/15 17:06:40 | 00,000,069 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2009/04/12 22:52:46 | 00,278,984 | ---- | C] () -- F:\WINDOWS\System32\drivers\atksgt.sys
[2009/04/12 22:52:45 | 00,025,416 | ---- | C] () -- F:\WINDOWS\System32\drivers\lirsgt.sys
[2009/04/12 22:04:40 | 00,003,140 | -HS- | C] () -- F:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/12 22:04:40 | 00,000,008 | RHS- | C] () -- F:\WINDOWS\System32\EBC19265BB.sys
[2009/04/12 22:00:46 | 00,024,944 | ---- | C] () -- F:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/04/12 21:11:02 | 00,021,791 | ---- | C] () -- F:\WINDOWS\System32\smtpctrs.ini
[2009/04/12 21:11:02 | 00,001,037 | ---- | C] () -- F:\WINDOWS\System32\ntfsdrct.ini
[2009/04/12 21:10:44 | 00,038,576 | ---- | C] () -- F:\WINDOWS\System32\w3ctrs.ini
[2009/04/12 21:10:44 | 00,010,225 | ---- | C] () -- F:\WINDOWS\System32\axperf.ini
[2009/04/12 21:10:42 | 00,011,435 | ---- | C] () -- F:\WINDOWS\System32\infoctrs.ini
[2009/04/12 21:10:41 | 00,001,793 | ---- | C] () -- F:\WINDOWS\System32\fxsperf.ini
[2009/04/12 19:34:24 | 00,000,000 | ---- | C] () -- F:\WINDOWS\vpc32.INI
[2009/04/12 19:07:55 | 00,290,918 | ---- | C] () -- F:\WINDOWS\System32\Install7x.dll
[2009/04/12 18:15:34 | 00,071,000 | ---- | C] () -- F:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/12 18:14:21 | 05,363,918 | -H-- | C] () -- F:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/04/12 17:57:25 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/04/12 17:27:49 | 00,000,000 | ---- | C] () -- F:\WINDOWS\control.ini
[2009/04/12 17:24:48 | 00,000,037 | ---- | C] () -- F:\WINDOWS\vbaddin.ini
[2009/04/12 17:24:48 | 00,000,036 | ---- | C] () -- F:\WINDOWS\vb.ini
[2009/04/12 17:24:17 | 00,013,223 | ---- | C] () -- F:\WINDOWS\System32\tslabels.ini
[2009/04/12 17:24:16 | 00,001,931 | ---- | C] () -- F:\WINDOWS\System32\msdtcprf.ini
[2009/04/12 05:15:36 | 00,612,736 | ---- | C] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/12 05:15:36 | 00,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2009/04/12 05:15:09 | 00,000,062 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/07 12:00:00 | 01,288,192 | ---- | C] () -- F:\WINDOWS\System32\quartz.dll
[2008/05/07 12:00:00 | 01,015,477 | ---- | C] () -- F:\WINDOWS\System32\esentprf.ini
[2008/05/07 12:00:00 | 00,733,696 | ---- | C] () -- F:\WINDOWS\System32\qedwipes.dll
[2008/05/07 12:00:00 | 00,562,176 | ---- | C] () -- F:\WINDOWS\System32\qedit.dll
[2008/05/07 12:00:00 | 00,498,742 | ---- | C] () -- F:\WINDOWS\System32\dxmasf.dll
[2008/05/07 12:00:00 | 00,386,048 | ---- | C] () -- F:\WINDOWS\System32\qdvd.dll
[2008/05/07 12:00:00 | 00,355,112 | ---- | C] () -- F:\WINDOWS\System32\msjetoledb40.dll
[2008/05/07 12:00:00 | 00,279,040 | ---- | C] () -- F:\WINDOWS\System32\qdv.dll
[2008/05/07 12:00:00 | 00,270,848 | ---- | C] () -- F:\WINDOWS\System32\sbe.dll
[2008/05/07 12:00:00 | 00,252,928 | ---- | C] () -- F:\WINDOWS\System32\compatUI.dll
[2008/05/07 12:00:00 | 00,199,168 | ---- | C] () -- F:\WINDOWS\System32\ir32_32.dll
[2008/05/07 12:00:00 | 00,192,512 | ---- | C] () -- F:\WINDOWS\System32\qcap.dll
[2008/05/07 12:00:00 | 00,186,880 | ---- | C] () -- F:\WINDOWS\System32\encdec.dll
[2008/05/07 12:00:00 | 00,094,282 | ---- | C] () -- F:\WINDOWS\System32\msencode.dll
[2008/05/07 12:00:00 | 00,070,656 | ---- | C] () -- F:\WINDOWS\System32\amstream.dll
[2008/05/07 12:00:00 | 00,059,904 | ---- | C] () -- F:\WINDOWS\System32\devenum.dll
[2008/05/07 12:00:00 | 00,053,478 | ---- | C] () -- F:\WINDOWS\System32\tcpmon.ini
[2008/05/07 12:00:00 | 00,042,809 | ---- | C] () -- F:\WINDOWS\System32\key01.sys
[2008/05/07 12:00:00 | 00,042,537 | ---- | C] () -- F:\WINDOWS\System32\keyboard.sys
[2008/05/07 12:00:00 | 00,035,648 | ---- | C] () -- F:\WINDOWS\System32\ntio411.sys
[2008/05/07 12:00:00 | 00,035,424 | ---- | C] () -- F:\WINDOWS\System32\ntio412.sys
[2008/05/07 12:00:00 | 00,035,328 | ---- | C] () -- F:\WINDOWS\System32\mciqtz32.dll
[2008/05/07 12:00:00 | 00,034,560 | ---- | C] () -- F:\WINDOWS\System32\ntio804.sys
[2008/05/07 12:00:00 | 00,034,560 | ---- | C] () -- F:\WINDOWS\System32\ntio404.sys
[2008/05/07 12:00:00 | 00,033,840 | ---- | C] () -- F:\WINDOWS\System32\ntio.sys
[2008/05/07 12:00:00 | 00,029,370 | ---- | C] () -- F:\WINDOWS\System32\ntdos411.sys
[2008/05/07 12:00:00 | 00,029,274 | ---- | C] () -- F:\WINDOWS\System32\ntdos412.sys
[2008/05/07 12:00:00 | 00,029,146 | ---- | C] () -- F:\WINDOWS\System32\ntdos804.sys
[2008/05/07 12:00:00 | 00,029,146 | ---- | C] () -- F:\WINDOWS\System32\ntdos404.sys
[2008/05/07 12:00:00 | 00,027,866 | ---- | C] () -- F:\WINDOWS\System32\ntdos.sys
[2008/05/07 12:00:00 | 00,027,097 | ---- | C] () -- F:\WINDOWS\System32\country.sys
[2008/05/07 12:00:00 | 00,015,360 | ---- | C] () -- F:\WINDOWS\System32\tsd32.dll
[2008/05/07 12:00:00 | 00,014,336 | ---- | C] () -- F:\WINDOWS\System32\msdmo.dll
[2008/05/07 12:00:00 | 00,013,312 | ---- | C] () -- F:\WINDOWS\System32\win87em.dll
[2008/05/07 12:00:00 | 00,012,082 | ---- | C] () -- F:\WINDOWS\System32\rsvp.ini
[2008/05/07 12:00:00 | 00,010,240 | ---- | C] () -- F:\WINDOWS\System32\scriptpw.dll
[2008/05/07 12:00:00 | 00,010,110 | ---- | C] () -- F:\WINDOWS\System32\mqperf.ini
[2008/05/07 12:00:00 | 00,009,029 | ---- | C] () -- F:\WINDOWS\System32\ansi.sys
[2008/05/07 12:00:00 | 00,006,877 | ---- | C] () -- F:\WINDOWS\System32\pschdprf.ini
[2008/05/07 12:00:00 | 00,004,768 | ---- | C] () -- F:\WINDOWS\System32\himem.sys
[2008/05/07 12:00:00 | 00,004,126 | ---- | C] () -- F:\WINDOWS\System32\msdxmlc.dll
[2008/05/07 12:00:00 | 00,003,458 | ---- | C] () -- F:\WINDOWS\System32\rasctrs.ini
[2008/05/07 12:00:00 | 00,002,891 | ---- | C] () -- F:\WINDOWS\System32\perfci.ini
[2008/05/07 12:00:00 | 00,002,732 | ---- | C] () -- F:\WINDOWS\System32\perfwci.ini
[2008/05/07 12:00:00 | 00,002,656 | ---- | C] () -- F:\WINDOWS\System32\netware.drv
[2008/05/07 12:00:00 | 00,001,405 | ---- | C] () -- F:\WINDOWS\msdfmap.ini
[2008/05/07 12:00:00 | 00,001,152 | ---- | C] () -- F:\WINDOWS\System32\perffilt.ini
[2008/05/07 12:00:00 | 00,000,343 | ---- | C] () -- F:\WINDOWS\System32\prodspec.ini
[2008/04/14 12:00:00 | 00,000,552 | ---- | C] () -- F:\WINDOWS\win.ini
[2008/04/14 12:00:00 | 00,000,227 | ---- | C] () -- F:\WINDOWS\system.ini
[2008/04/14 05:42:04 | 00,363,520 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini
[2007/02/09 15:33:58 | 00,030,808 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2007/02/09 15:33:58 | 00,029,779 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2007/02/09 15:33:58 | 00,026,489 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2007/02/09 15:33:58 | 00,026,040 | ---- | C] () -- F:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2001/08/17 22:36:28 | 00,157,696 | ---- | C] () -- F:\WINDOWS\System32\paqsp.dll

========== LOP Check ==========

[2009/04/12 05:14:52 | 00,000,000 | --SD | M] -- F:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/12 18:01:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Nero
[2009/04/12 18:04:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Ahead
[2009/04/12 18:15:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ATI
[2009/04/12 19:25:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/12 19:31:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/12 19:35:54 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/12 21:19:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/12 21:25:24 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Corel
[2009/04/12 21:36:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Roxio
[2009/04/12 21:37:16 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Sonic
[2009/04/12 21:37:18 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Uninstall
[2009/04/12 22:22:48 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LightScribe
[2009/04/15 02:12:42 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/15 19:35:44 | 00,000,000 | --SD | M] -- F:\Documents and Settings\All Users\Application Data\WD
[2009/04/15 22:11:38 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Memeo
[2009/06/10 18:51:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Brother
[2009/06/11 00:20:38 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/05 13:49:46 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\NOS
[2009/10/27 00:44:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/10/29 00:44:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/07 16:10:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Apple
[2009/11/07 16:10:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/11/26 00:20:04 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/12 05:14:52 | 00,000,000 | --SD | M] -- F:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/04/12 17:57:34 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Identities
[2009/04/12 18:04:16 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Ahead
[2009/04/12 18:15:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\ATI
[2009/04/12 19:37:24 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Adobe
[2009/04/12 19:37:26 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/04/12 20:38:24 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\InstallShield
[2009/04/12 21:39:24 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\AdobeUM
[2009/04/12 22:04:42 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Corel
[2009/04/12 22:06:10 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Roxio
[2009/04/15 02:12:52 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\U3
[2009/06/10 19:32:56 | 00,000,000 | R--D | M] -- F:\Documents and Settings\Administrator\Application Data\Brother
[2009/07/11 16:01:20 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/07/21 21:46:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/12/07 12:28:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/12/08 19:35:58 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Administrator\Application Data\Windows Search
[2008/04/14 08:00:00 | 00,000,065 | RH-- | M] () -- F:\WINDOWS\Tasks\desktop.ini
[2009/12/08 19:18:46 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\Tasks\SA.DAT
[2009/11/27 10:16:02 | 00,000,284 | ---- | M] () -- F:\WINDOWS\Tasks\AppleSoftwareUpdate.job

========== Purity Check ==========


< End of report >