Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible CW infection? [Solved]


  • This topic is locked This topic is locked

#1
crdenny

crdenny

    Member

  • Member
  • PipPip
  • 67 posts
Hi,

After many years of determined do-it-myself spyware removal, I've reached the point where I think it makes sense to ask for help. My processor has been running at 100% a great deal recently, feeling much slower than normal, and as a result I've done every diagnostic procedure I know: full virus scans with updated McAfee and Panda, plus McAfee Stinger, rootkit scan, MBAM and now HJT. In recent days, I've had a couple of, "Your computer has recovered from a serious error" warnings, with the Event Viewer saying, "McAfee McShield service received an invalid filename from the NaiFiltr device driver. Received name = Process = C:\windows\system32\SearchIndexer.exe."

Tonight, after updating HJT to v. 2.0.4, I suddenly see a brand-new pair of red-flagged entries (according to the automated analysis site, hjt.networktechs.com), "SharedTaskScheduler Registry Key autorun", with the comment, "Only a CWS variant has been known to use this. Consult a HJT expert before cleaning." I figure something's definitely up, and so I think I need to do just that.

Hoping you're willing to take a look at it, here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:12:21 AM, on 4/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\windows\Explorer.EXE
C:\windows\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\windows\system32\ICO.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\windows\system32\mmc.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100415150852.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open In &New Window - C:\Documents and Settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: View old version at &archives.org - C:\Documents and Settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187330032593
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} - http://us-download.m...ted/mvt/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.0_03) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://www.driverage...driveragent.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Google Update Service (gupdate1c8ee19b2d69640) (gupdate1c8ee19b2d69640) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe


I'd be very grateful for any help you can provide to clean up my system. Thank you very much!
  • 0

Advertisements


#2
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi crdenny,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Please follow the instructions found in the Malware and Spyware Cleaning Guide, and post back with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log
If you find you can't do one of the steps listed, simply make note of it and move on to the next one.
  • 0

#3
crdenny

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Thanks, mpascal - I really appreciate the help.

Below are the MBAM, GMER and OTL logs. Just in case it's relevant to reading the GMER log, I had to run that scan twice because the laptop crashed (blue screen error "due to a device or driver") in the middle of the first scan. After doing a little research to make GMER could be run this way, I ran it successfully in safe mode.

Looking forward to your reply.

Regards,

crdenny

______________________________________________________________________________

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4033

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

4/24/2010 11:50:04 PM
mbam-log-2010-04-24 (23-50-04).txt

Scan type: Quick scan
Objects scanned: 121945
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_________________________________________________________________________________

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 06:24:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\uxldapod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\winlogon.exe[204] USERENV.dll!UnloadUserProfile + CF83 76A2A8AA 1 Byte [85]
.text C:\windows\system32\winlogon.exe[204] USERENV.dll!UnloadUserProfile + CF93 76A2A8BA 1 Byte [FF]
.text C:\windows\system32\winlogon.exe[204] USERENV.dll!UnloadUserProfile + D6A3 76A2AFCA 1 Byte [74]
.text C:\windows\Explorer.EXE[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVD Region+CSS Free\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected]del Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0x05 0x73 0x21 0xDD ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[email protected]\4 0x04 0x00 0x00 0x00

---- EOF - GMER 1.0.15 ----

___________________________________________________________________________________

OTL logfile created on: 4/25/2010 6:55:53 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = D:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 455.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 15.90 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive D: | 66.41 Gb Total Space | 8.53 Gb Free Space | 12.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRDLAPTOP
Current User Name: Christopher Denny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/25 06:41:02 | 000,562,688 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/05 18:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/01/05 18:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/08 17:08:10 | 000,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2006/02/15 00:31:26 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2003/03/25 20:39:02 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
PRC - [2003/03/20 00:02:38 | 000,675,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PRC - [2003/03/17 12:00:00 | 000,081,920 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKServ.exe
PRC - [2003/03/14 13:00:00 | 000,266,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKWnd.exe
PRC - [2003/02/10 16:11:12 | 000,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
PRC - [2002/08/20 13:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/03/14 19:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (SafeList) ==========

MOD - [2010/04/25 06:41:02 | 000,562,688 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/01/05 18:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/07/11 17:25:20 | 000,025,640 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/01/25 13:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/08 17:08:10 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2006/10/05 17:22:36 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/02/15 00:31:26 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/02/14 23:11:36 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2003/03/25 20:39:02 | 000,262,144 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/03/20 00:02:38 | 000,675,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/03/20 00:02:38 | 000,675,840 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/03/18 20:03:24 | 000,536,648 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/02/10 16:11:12 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/02/10 16:11:12 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 14:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2010/01/05 18:04:02 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/05 18:04:02 | 000,312,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/01/05 18:04:02 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/05 18:04:02 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/05 18:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/01/05 18:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/01/05 18:04:02 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/05 18:04:02 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/01/05 18:04:02 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/01/05 18:04:02 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/12/07 06:02:33 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/12/02 14:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/09/30 17:00:57 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 11:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 11:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/22 21:12:13 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/01/25 23:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2007/01/25 13:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/13 14:53:20 | 000,213,888 | R--- | M] (Mediafour Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2006/09/05 03:16:04 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006/08/16 10:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006/05/08 21:07:10 | 000,079,361 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1008.sys -- (RDID1008)
DRV - [2006/04/30 10:57:06 | 000,016,640 | R--- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2006/02/15 01:34:34 | 000,015,232 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2006/02/15 01:34:16 | 000,015,488 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2006/02/15 00:29:26 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\windows\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/02/14 23:17:54 | 000,107,008 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/04/19 18:14:00 | 000,014,671 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2004/03/10 17:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/09/02 22:47:00 | 000,596,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/10 19:35:58 | 000,093,700 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/04/11 07:40:40 | 000,056,234 | R--- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdwm1027.sys -- (RDID1027)
DRV - [2003/03/18 18:50:00 | 000,022,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/03/18 18:48:00 | 000,161,024 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/03/18 18:46:00 | 000,622,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/18 18:45:00 | 001,107,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/19 04:12:04 | 000,036,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
DRV - [2002/10/04 14:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/08/29 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/08/28 19:00:48 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2002/05/22 13:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2002/03/19 11:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/12/03 13:55:14 | 000,155,264 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/12/03 13:55:12 | 000,026,560 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2000/03/17 15:11:16 | 000,007,812 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\visorusb.dll -- (VisorUsb)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.co...l={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local.,;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "UserLogos"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..network.proxy.no_proxies_on: "local.,"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/20 21:23:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2010/04/21 05:30:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2010/04/17 18:15:03 | 000,000,000 | ---D | M]

[2008/04/20 22:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Extensions
[2010/04/25 02:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions
[2008/07/25 04:23:11 | 000,000,000 | ---D | M] (Screen grab!) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}(2)
[2009/06/24 13:47:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/16 03:47:13 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2009/11/19 05:56:23 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}(2)
[2008/07/25 04:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/13 20:37:04 | 000,000,000 | ---D | M] (deskCut) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
[2008/07/25 04:23:11 | 000,000,000 | ---D | M] (Hyperwords™) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}(2)
[2010/04/16 04:03:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/09 03:59:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/16 04:03:33 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/30 18:20:02 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/03/30 18:20:27 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/09/10 23:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected](2).us
[2009/07/25 16:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected]
[2010/03/30 18:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected]
[2008/09/10 23:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected]
[2009/10/08 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected]
[2010/04/24 22:26:42 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\searchplugins\btjunkie.xml
[2008/02/05 00:20:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\searchplugins\siteadvisor.xml
[2009/02/24 03:30:00 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\searchplugins\surf-canyon.xml
[2009/01/06 03:36:43 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\searchplugins\userlogos.xml
[2008/02/02 19:39:52 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2009/09/30 10:22:14 | 000,339,671 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 11646 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100415150852.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Pop-Up Blocker) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\windows\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - Startup: C:\Documents and Settings\Christopher Denny\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open In &New Window - C:\Documents and Settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm ()
O8 - Extra context menu item: View old version at &archives.org - C:\Documents and Settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.micros.../i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187330032593 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Reg Error: Key error.)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} http://us-download.m...ted/mvt/mvt.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (Reg Error: Key error.)
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} http://messenger.zon...nt.cab55762.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8048.1475231481 (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driverage...driveragent.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.130 68.87.77.130
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\windows\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/09 00:15:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e509080-8f80-11da-aef0-080046bc08e1}\Shell - "" = AutoRun
O33 - MountPoints2\{1e509080-8f80-11da-aef0-080046bc08e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e509080-8f80-11da-aef0-080046bc08e1}\Shell\AutoRun\command - "" = C:\windows\System32\url.dll -- [2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3fe7d390-14d2-11dc-9065-080046bc08e1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe7d390-14d2-11dc-9065-080046bc08e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe7d390-14d2-11dc-9065-080046bc08e1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{669b5380-8f7a-11da-aeee-080046bc08e1}\Shell - "" = AutoRun
O33 - MountPoints2\{669b5380-8f7a-11da-aeee-080046bc08e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{669b5380-8f7a-11da-aeee-080046bc08e1}\Shell\AutoRun\command - "" = C:\windows\System32\url.dll -- [2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c9ff2191-2af5-11de-bff2-080046bc08e1}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

File not found -- C:\Documents and Settings\Christopher Denny\Desktop\RE_ Missing emails...
File not found -- C:\Documents and Settings\Christopher Denny\Desktop\Just on the crazy, random chance you'll get this...
[2010/04/24 23:36:27 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/04/24 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/16 03:27:28 | 000,000,000 | ---D | C] -- D:\Christopher Denny's Documents\Tax Forms - filed 2010
[2010/04/15 15:08:51 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeclnk.sys
[2010/04/15 15:08:31 | 000,312,584 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfefirek.sys
[2010/04/15 15:08:31 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeapfk.sys
[2010/04/15 15:08:31 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfendisk.sys
[2010/04/15 15:08:31 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdet.sys
[2010/04/15 15:08:31 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfetdi2k.sys
[2010/04/15 15:08:31 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\cfwids.sys
[2010/04/08 00:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Application Data\Sibelius Software
[2010/04/05 22:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Application Data\Amazon
[2010/04/05 22:09:28 | 000,000,000 | ---D | C] -- D:\Christopher Denny's Documents\My Kindle Content
[2010/04/05 22:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\Amazon
[2010/03/31 04:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/23 12:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Desktop\CE
[2010/03/04 09:38:04 | 000,000,000 | ---D | C] -- D:\Christopher Denny's Documents\Ask and Record Toolbar
[2010/03/02 18:16:23 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Application Data\setup_ldm.iss
[2010/03/01 10:28:01 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(5).sys
[2010/03/01 10:27:29 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(4).sys
[2010/03/01 10:27:01 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(3).sys
[2010/03/01 10:26:38 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(2).sys
[2010/03/01 10:25:41 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(1).sys
[2010/03/01 10:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2010/02/22 22:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/02/20 18:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/20 18:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/09 17:08:13 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2010/02/08 04:51:12 | 000,000,000 | ---D | C] -- D:\Christopher Denny's Documents\Moyea
[2010/02/08 04:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Application Data\Moyea
[2010/02/08 04:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/02/08 00:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\mdnslib
[2010/02/08 00:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\FLVService
[2010/02/07 01:20:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/02/07 01:20:30 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/02/07 01:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/03 22:02:38 | 021,757,952 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\ntuser.dat
[2010/02/02 13:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Desktop\Lee B.'s work

========== Files - Modified Within 90 Days ==========

File not found -- C:\Documents and Settings\Christopher Denny\Desktop\RE_ Missing emails...
File not found -- C:\Documents and Settings\Christopher Denny\Desktop\Just on the crazy, random chance you'll get this...
[2010/04/25 06:31:45 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/04/25 06:31:15 | 000,000,868 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2010/04/25 06:31:14 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 06:31:03 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/25 06:31:00 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/25 06:30:58 | 1005,637,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/25 06:25:25 | 021,757,952 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\ntuser.dat
[2010/04/25 06:25:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Christopher Denny\ntuser.ini
[2010/04/25 03:27:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 01:33:00 | 000,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/04/24 23:36:05 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/24 22:23:24 | 000,000,067 | ---- | M] () -- C:\windows\DVDRegionFree.INI
[2010/04/23 02:54:51 | 000,093,640 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/23 01:16:10 | 001,252,276 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\pp-i-once-knew - must use debit no as pwd.pdf
[2010/04/21 23:50:26 | 010,336,953 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Not_Afraid_Benj_Pasek_sings_song_by_Michael_Arden.mp4
[2010/04/21 23:49:53 | 009,777,471 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Anytime_U_of_Michigan_MTs__Jake_Wilson_and_Benj_Pasek.mp4
[2010/04/21 05:55:04 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 05:49:50 | 000,004,320 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Fw_ Song list from jess.eml
[2010/04/21 05:49:40 | 000,013,162 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Adam's song list.eml
[2010/04/21 00:03:17 | 000,156,672 | ---- | M] (Radioactive) -- C:\windows\System32\rmc_fixasf.exe
[2010/04/21 00:03:10 | 000,237,568 | ---- | M] () -- C:\windows\System32\rmc_rtspdl.dll
[2010/04/20 21:17:42 | 000,324,320 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/04/19 04:50:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\~$B 2010 Script - CRD - with likely music cues.doc
[2010/04/17 21:23:07 | 000,063,398 | ---- | M] () -- D:\Christopher Denny's Documents\Happy To Keep His Dinner Warm.pdf
[2010/04/17 21:21:22 | 000,101,706 | ---- | M] () -- D:\Christopher Denny's Documents\The Prayer.pdf
[2010/04/17 17:35:55 | 000,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2010/04/17 02:19:39 | 000,001,068 | ---- | M] () -- C:\windows\win.ini
[2010/04/17 02:19:39 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/04/17 02:19:39 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/16 16:31:21 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 20:53:21 | 000,029,550 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\LGA-ORD Flight Itinerary - AA.com 4-24-10.eml
[2010/04/14 00:44:10 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2010/04/12 04:21:12 | 000,068,196 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2010/04/08 15:21:53 | 000,002,987 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Peter Fox sent you a message on FacebooK.eml
[2010/04/05 22:09:16 | 000,001,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kindle For PC.lnk
[2010/04/05 19:17:11 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\BRENT - Re Schedule.eml
[2010/04/05 05:11:40 | 000,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2010/03/31 04:30:30 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\iTunes.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/03/23 03:48:31 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\are you available_.eml
[2010/03/14 12:56:48 | 000,495,716 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/03/14 12:56:48 | 000,091,564 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/03/14 12:56:47 | 000,598,116 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/03/02 18:16:23 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\setup_ldm.iss
[2010/03/02 08:49:04 | 000,000,306 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/03/02 01:18:29 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/03/01 10:20:07 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\inst.exe
[2010/03/01 10:20:06 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Christopher Denny\Application Data\pcouffin.sys
[2010/03/01 10:20:06 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\pcouffin.cat
[2010/03/01 10:20:06 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\pcouffin.inf
[2010/02/26 19:39:34 | 000,114,762 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Tammy Grimes - Wikipedia.pdf
[2010/02/24 17:59:30 | 000,150,779 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Chocolate rugelach, with gluten-free variation - Salon.com 2-24-10.pdf
[2010/02/20 01:28:27 | 000,013,504 | ---- | M] () -- D:\Christopher Denny's Documents\How To Make Gluten-Free Flour Tortillas.htm
[2010/02/18 02:33:14 | 000,018,511 | ---- | M] () -- D:\Christopher Denny's Documents\finale-b-lyrics-rent.html
[2010/02/14 02:22:42 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/02/08 00:43:41 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\windows\System32\AUDIOGENIE2.DLL
[2010/01/29 06:11:25 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Classical KUSC, L.A. - LIVE.url

========== Files Created - No Company Name ==========

[2010/04/25 06:30:58 | 1005,637,632 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/24 23:36:05 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/24 04:33:36 | 001,252,276 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\pp-i-once-knew - must use debit no as pwd.pdf
[2010/04/22 01:45:14 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\TAMMY GRIMES.doc
[2010/04/22 00:17:33 | 009,777,471 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Anytime_U_of_Michigan_MTs__Jake_Wilson_and_Benj_Pasek.mp4
[2010/04/22 00:17:23 | 010,336,953 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Not_Afraid_Benj_Pasek_sings_song_by_Michael_Arden.mp4
[2010/04/21 18:32:00 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\SONG LISTS - Adam & Jess.doc
[2010/04/21 05:49:50 | 000,004,320 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Fw_ Song list from jess.eml
[2010/04/21 05:49:40 | 000,013,162 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Adam's song list.eml
[2010/04/19 04:50:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\~$B 2010 Script - CRD - with likely music cues.doc
[2010/04/17 21:22:42 | 000,063,398 | ---- | C] () -- D:\Christopher Denny's Documents\Happy To Keep His Dinner Warm.pdf
[2010/04/17 21:21:14 | 000,101,706 | ---- | C] () -- D:\Christopher Denny's Documents\The Prayer.pdf
[2010/04/16 16:31:21 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 20:53:20 | 000,029,550 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\LGA-ORD Flight Itinerary - AA.com 4-24-10.eml
[2010/04/08 15:21:53 | 000,002,987 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Peter Fox sent you a message on FacebooK.eml
[2010/04/05 22:09:16 | 000,001,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kindle For PC.lnk
[2010/04/05 19:17:11 | 000,002,149 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\BRENT - Re Schedule.eml
[2010/03/31 04:30:30 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\iTunes.lnk
[2010/03/23 03:48:31 | 000,002,105 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\are you available_.eml
[2010/02/26 19:39:28 | 000,114,762 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Tammy Grimes - Wikipedia.pdf
[2010/02/24 17:59:29 | 000,150,779 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Chocolate rugelach, with gluten-free variation - Salon.com 2-24-10.pdf
[2010/02/20 01:28:25 | 000,013,504 | ---- | C] () -- D:\Christopher Denny's Documents\How To Make Gluten-Free Flour Tortillas.htm
[2010/02/18 02:33:13 | 000,018,511 | ---- | C] () -- D:\Christopher Denny's Documents\finale-b-lyrics-rent.html
[2010/02/14 02:22:42 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/02/03 07:34:00 | 000,068,196 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/01/29 06:10:44 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Classical KUSC, L.A. - LIVE.url
[2009/09/24 18:51:18 | 000,000,204 | ---- | C] () -- C:\windows\struct~.ini
[2009/05/20 02:35:36 | 000,010,886 | ---- | C] () -- C:\windows\System32\RdCi1008.dll
[2009/02/26 05:29:07 | 000,237,568 | ---- | C] () -- C:\windows\System32\rmc_rtspdl.dll
[2008/12/31 17:04:42 | 000,693,792 | ---- | C] () -- C:\windows\System32\OGACheckControl.DLL
[2008/12/22 06:43:41 | 000,000,171 | ---- | C] () -- C:\windows\wininit.ini
[2008/12/19 08:17:54 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2008/11/03 06:07:32 | 000,000,067 | ---- | C] () -- C:\windows\DVDRegionFree.INI
[2008/10/28 18:20:09 | 000,000,032 | ---- | C] () -- C:\windows\System32\thxcfg.ini
[2008/09/30 15:54:12 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2008/08/05 02:07:20 | 000,065,216 | ---- | C] () -- C:\windows\System32\PDFreDirectMonNT.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2008/04/02 07:27:03 | 000,000,001 | ---- | C] () -- C:\windows\pvc11.dll
[2008/03/21 05:04:01 | 000,000,014 | ---- | C] () -- C:\windows\System32\SysEngine2.SYS
[2008/03/03 20:07:58 | 000,021,504 | ---- | C] () -- C:\windows\System32\WBCustomizer.dll
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\windows\System32\OnlineScannerLang.dll
[2007/11/08 06:59:30 | 000,051,712 | ---- | C] () -- C:\windows\wc98pp.dll
[2007/10/13 03:11:42 | 000,394,240 | ---- | C] () -- C:\windows\System32\Smab.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2007/08/20 20:26:52 | 000,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2007/08/20 20:26:52 | 000,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest
[2007/08/15 18:33:14 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007/08/15 18:30:26 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\windows\System32\lnod32apiA.dll
[2007/04/20 00:43:33 | 001,936,528 | ---- | C] () -- C:\windows\System32\ltmm15.dll
[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\windows\System32\AVSredirect.dll
[2007/03/06 05:14:48 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2007/03/06 05:14:48 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2007/01/31 05:37:46 | 000,066,482 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2007/01/25 23:45:02 | 000,006,784 | ---- | C] () -- C:\windows\System32\drivers\whfltr2k.sys
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2007/01/05 06:17:56 | 000,086,016 | ---- | C] () -- C:\windows\System32\ati2evxx.dll
[2006/12/24 03:47:38 | 000,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2006/12/24 03:47:37 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2006/12/22 00:47:35 | 000,000,029 | ---- | C] () -- C:\windows\atid.ini
[2006/11/04 22:11:08 | 000,684,032 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2006/11/04 22:11:08 | 000,155,648 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2006/10/08 13:26:13 | 000,049,152 | ---- | C] () -- C:\windows\System32\OctaneARM.dll
[2006/09/08 22:18:06 | 000,000,037 | ---- | C] () -- C:\windows\cdplayer.ini
[2006/07/20 19:07:44 | 000,000,048 | ---- | C] () -- C:\windows\System32\msvcsv60.dll
[2006/07/20 03:45:12 | 000,000,003 | ---- | C] () -- C:\windows\System32\ceme11.dll
[2006/07/20 01:19:40 | 000,217,088 | ---- | C] () -- C:\windows\System32\qtmlClient.dll
[2006/06/02 18:15:44 | 000,294,912 | ---- | C] () -- C:\windows\System32\LDecVorbis.dll
[2006/03/20 07:44:24 | 000,684,032 | ---- | C] () -- C:\windows\libeay32.dll
[2006/03/20 07:44:24 | 000,155,648 | ---- | C] () -- C:\windows\ssleay32.dll
[2006/02/24 04:41:59 | 000,438,272 | ---- | C] () -- C:\windows\System32\OpenQuicktimeLib.dll
[2006/02/24 04:41:59 | 000,061,440 | ---- | C] () -- C:\windows\System32\libfaac.dll
[2006/02/23 12:36:20 | 001,798,144 | ---- | C] () -- C:\windows\System32\ltmm_n.dll
[2006/02/23 12:36:20 | 000,262,144 | ---- | C] () -- C:\windows\System32\LMOggSpl.dll
[2006/02/23 12:36:20 | 000,237,568 | ---- | C] () -- C:\windows\System32\LMOggMux.dll
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\windows\System32\lnod32upd.dll
[2004/11/24 05:50:48 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2004/03/18 09:44:29 | 001,663,068 | ---- | C] () -- C:\windows\System32\libmmd.dll
[2004/03/06 23:58:27 | 000,007,812 | ---- | C] () -- C:\windows\System32\visorusb.dll
[2004/03/04 02:00:51 | 000,000,210 | ---- | C] () -- C:\windows\System32\sr2spec.ini
[2004/03/04 01:24:01 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2003/12/19 22:36:10 | 000,000,031 | ---- | C] () -- C:\windows\AuthMgr.INI
[2003/04/09 20:21:42 | 000,000,052 | ---- | C] () -- C:\windows\intuprof.ini
[2003/04/09 20:21:18 | 000,000,626 | ---- | C] () -- C:\windows\QUICKEN.INI
[2003/04/09 20:13:19 | 000,041,068 | ---- | C] () -- C:\windows\System32\ActPanel.dll
[2003/04/09 20:02:09 | 000,019,968 | ---- | C] () -- C:\windows\System32\Cpuinf32.dll
[2003/04/09 19:59:43 | 000,262,416 | ---- | C] () -- C:\windows\System32\ASFV2.DLL
[2003/04/09 19:50:34 | 000,524,288 | ---- | C] () -- C:\windows\System32\TDI-SonyOMG.dll
[2003/04/09 14:40:11 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2003/04/09 00:33:31 | 000,000,805 | ---- | C] () -- C:\windows\orun32.ini
[2003/04/08 23:59:00 | 000,000,682 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\windows\System32\streamhlp.dll
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\windows\streamhlp.dll
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\windows\System32\winchip.dll
[1997/08/19 01:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1997/08/19 01:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

========== LOP Check ==========

[2006/08/08 01:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/08/02 18:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/07/27 07:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/01/01 22:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2009/11/10 19:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/03/04 08:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/12/05 05:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/01/25 23:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\j2 Messenger 4.4 Output
[2010/04/18 22:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/10/06 19:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/01/12 06:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2005/02/18 23:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/09/24 18:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrettyMay
[2006/07/20 01:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/02/14 02:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/11/01 13:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/09/25 03:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solero
[2009/11/07 20:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/18 06:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/04 04:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/10/11 01:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/02/11 19:01:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2008/09/26 08:15:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1DC85608-1717-479C-A3DD-EB460E4D4F9C}
[2009/04/30 01:04:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{203DB912-4B39-4636-930F-102CFD1E9177}
[2010/03/31 04:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/06 04:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/01 05:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/29 19:28:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2005/04/03 03:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\3M
[2006/07/20 02:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Ableton
[2006/12/22 01:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\acccore
[2004/11/19 02:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Aim
[2010/04/05 22:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Amazon
[2009/12/06 05:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\AnvSoft
[2010/03/05 17:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Any Audio Converter
[2009/11/07 21:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Any DVD Converter Professional
[2009/12/04 17:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Any Video Converter
[2010/01/05 02:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Audacity
[2009/11/24 17:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\BitTorrent
[2007/07/25 22:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\BitZipper
[2008/12/06 08:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Blackberry Desktop
[2010/02/02 05:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Celemony Software GmbH
[2009/05/17 20:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2009/12/08 20:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2008/12/05 06:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\dba2csv
[2009/12/10 22:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Desktopicon
[2010/01/03 02:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Digidesign
[2009/04/17 01:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\DNA
[2007/10/11 05:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\DVDFab
[2003/12/19 22:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Earthlink
[2007/11/29 04:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Facebook
[2008/03/05 15:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\FileZilla
[2008/12/06 14:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\GetRightToGo
[2009/10/19 00:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\HandBrake
[2008/12/05 05:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\HotSync
[2008/05/08 03:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\HouseCall 6.6
[2008/12/06 14:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\ICAClient
[2003/04/09 20:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\InterTrust
[2007/10/15 00:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\InterVideo
[2009/01/15 03:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\IObit
[2009/01/25 23:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\j2 Global
[2007/10/12 18:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\j2 Messenger
[2008/09/16 05:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Leadertech
[2010/02/08 04:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Moyea
[2008/12/06 15:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\OfficeUpdate12
[2009/11/03 18:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\OpenOffice.org
[2009/09/20 03:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Opera
[2009/10/06 19:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\PACE Anti-Piracy
[2008/12/05 22:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\PDF reDirect
[2008/01/12 06:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\PGP Corporation
[2006/07/25 21:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Propellerhead Software
[2008/12/06 00:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Research In Motion
[2007/10/16 03:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\RTPlayer
[2008/12/06 14:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Runaware
[2005/09/24 01:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Seven Zip
[2008/12/25 18:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Smilebox
[2007/07/18 22:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\stickies
[2008/09/11 00:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\System Tweaker
[2008/05/01 00:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Trillium Lane
[2008/10/28 20:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\TrojanHunter
[2009/10/10 02:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\TrueCrypt
[2008/09/16 02:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\tunebite
[2006/03/23 02:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\TuneUp Software
[2008/09/26 08:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Uniblue
[2008/05/19 05:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\VersionTracker Pro
[2009/10/04 04:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Viewpoint
[2010/03/01 10:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Vso
[2008/12/07 08:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Windows Desktop Search
[2009/01/04 16:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Windows Search
[2007/10/25 03:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Winff
[2010/04/25 01:33:00 | 000,000,472 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Update (Weekly).job
[2003/12/19 21:50:34 | 000,000,258 | ---- | M] () -- C:\windows\Tasks\Registration reminder 1.job
[2003/12/19 21:50:34 | 000,000,258 | ---- | M] () -- C:\windows\Tasks\Registration reminder 2.job
[2003/12/19 21:50:35 | 000,000,258 | ---- | M] () -- C:\windows\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/06/22 08:03:32 | 000,115,200 | ---- | M] (Adaptec) -- C:\aspichk.exe


< MD5 for: AGP440.SYS >
[2004/09/09 02:25:27 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/11 15:24:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/09/09 02:25:27 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/11 15:24:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/09 02:25:27 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/11 15:24:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/09/09 02:25:27 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/11 15:24:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/01/16 16:15:10 | 000,131,072 | ---- | M] (EarthLink, Inc.) MD5=634F28A7A184F5F31464105A9B682A1E -- C:\Program Files\EarthLink TotalAccess\EventLog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/04/08 17:02:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/04/08 17:02:49 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/04/08 17:02:49 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/03/01 10:20:06 | 000,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 993 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:UUm5uGMBxnSKCJQk8Niggsg7
@Alternate Data Stream - 983 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dkyn1rAQ0bnY9e5KvKlGKcG0jNwF1l
@Alternate Data Stream - 905 bytes -> C:\Program Files\Common Files\System:7ZMFV2aXluSo9xqp0PS
@Alternate Data Stream - 836 bytes -> C:\Program Files\Common Files\Microsoft Shared:O0sXooFDVJNhEVJehPM
@Alternate Data Stream - 1234 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:HZDh2Koil8IpcMkmiIe2
@Alternate Data Stream - 1214 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\jDdpyYR4bMbZpZ:5VEQhZSKWduOAm8vTafNYz
@Alternate Data Stream - 1210 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:YqtAUblCldNOr2bBQppf9b
@Alternate Data Stream - 1206 bytes -> C:\Program Files\Common Files\System:BXOAPYMNZZGQDJyimKx0lqGq0h
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\g65adEalDxs:0SqVk49VOhWto8VMcIOPTz9Lzv0v3S
@Alternate Data Stream - 1129 bytes -> C:\Program Files\WindowsUpdate:3kDBQh3FNji3Fbo0zLa3B
@Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\Christopher Denny\Cookies:9gZNdGmY1WRXPWovinHoEtC
@Alternate Data Stream - 1091 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MEPxk8sVwsMsoBiz6TM
@Alternate Data Stream - 1088 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:v1ITL6jTmomElfxotulieJQZQQfBSB
@Alternate Data Stream - 1081 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:71lsx55yu3PDOSarKTBTTL1OSZr
@Alternate Data Stream - 1068 bytes -> C:\Program Files\Common Files\Microsoft Shared:unW7ueg8eJC3RzWC3G
@Alternate Data Stream - 1050 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:aiElqAEa9BvaUqcGF
@Alternate Data Stream - 1049 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:gfYScjzzjwbCIabQiu0kGW
@Alternate Data Stream - 1038 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\tLfNsa6o:LntiAnb1ULOBSlHHn2xqTPZ
@Alternate Data Stream - 1034 bytes -> C:\Program Files\Common Files\Microsoft Shared:dAXLEgi118QsIWZrF
@Alternate Data Stream - 1030 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5AlNF84LydZnlYP6dUk3cJ
@Alternate Data Stream - 1017 bytes -> C:\Program Files\WindowsUpdate:3do6GzrXUiTpa8tW2lJBMdm
@Alternate Data Stream - 1017 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VaVNWtm6prMZcmdYU2NBJC
@Alternate Data Stream - 1005 bytes -> C:\Program Files\Common Files\System:pxcayi7CNEiBvlYadpgSnHgqZOD
< End of report >

< MD5 for: [2004/01/16 16:15:10 | 000,131,072 | ---- | M] (EARTHLINK, INC.) >
[2004/01/16 16:15:10 | 000,131,072 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\EventLog.dll

< MD5 for: [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< MD5 for: AGP440.SYS >
[2004/09/09 02:25:27 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/11 15:24:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/09/09 02:25:27 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/11 15:24:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/09 02:25:27 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/11 15:24:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/09/09 02:25:27 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/11 15:24:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/04/08 17:02:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/04/08 17:02:49 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/04/08 17:02:49 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/03/01 10:20:06 | 000,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

< End of report >

_______________________________________________________________________________

OTL Extras logfile created on: 4/25/2010 6:55:53 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = D:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 455.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 15.90 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive D: | 66.41 Gb Total Space | 8.53 Gb Free Space | 12.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRDLAPTOP
Current User Name: Christopher Denny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Value error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- Reg Error: Value error.
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Enabled:tgcmd Module -- (Support.com, Inc.)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl -- (EarthLink, Inc.)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Christopher Denny\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Christopher Denny\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{035715B2-5E3F-434B-A9AD-0233598D4127}" = SampleTank 2 SE
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{06916226-680C-44DC-9419-D988BD3FF0F7}" = Digidesign Dynamics III 6.9
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}" = InterLok Driver Kit
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.5
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{25F9791C-B446-462D-BDC6-F95BCBB81851}" = EarthLink Spyware Blocker
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{279C4248-7769-45CA-A03F-E8339954C4F3}" = EarthLink Redistributed
"{27C5164D-ED0E-4D64-B788-93305BD62100}" = PictureGear Studio 1.0
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"{28336AFC-722C-4E17-B286-2A7C906183C0}" = ImageStation Tour
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A011F38-2F3B-484F-9595-E8462430F0BF}" = ELNBonus
"{2A329709-A0F3-11D0-9501-444553540000}_is1" = PocketMirror (Standard Trial Edition) 4.3.0
"{2BDFCEE7-68EC-4288-AEA3-4DB96841141B}" = j2 Messenger
"{2F72E05E-2371-4C05-9091-B643A9456267}" = EarthLink Setup
"{30642CE1-217B-40C0-92E2-6BF849599D9E}" = Network Smart Capture
"{3147661C-2807-49EC-B971-3B0F23D95018}" = VAIO DeepSea Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{36FE914F-1B2B-4D83-B3E1-032A508E9EC4}" = Experience VAIO
"{374E48BA-CBC1-4134-86B9-7A97B0E76B2E}" = Home Office Page for Experience VAIO
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3ED83851-9BC5-4554-BE2D-D262C0585DE3}" = Melodyne plugin
"{3F8B1EA7-8674-427F-A0FE-B4BCD135C345}" = Dba2Csv
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{51487A3E-7A7D-46D8-B7E5-7F85B57B8C2F}" = EarthLink Common
"{51E5A015-7C21-483F-AA74-5FDDED3B9FF8}" = Digidesign Maxim
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595B0821-BEDB-4C5C-A9A9-87B8377A70FD}" = Canopus DV File Converter
"{6050F8C7-C677-4977-A4D1-05817587D747}" = Melodyne editor Beta
"{62329568-19B5-43CF-9524-3EE4DD709D01}" = EarthLink Pop-Up Blocker
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.5
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{782A8AEE-0722-4E08-BB72-34C218CF166B}" = Uniblue PowerSuite 2009
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.4.05
"{7DF3110A-5861-4508-BAEB-54A09E650691}" = Digidesign Pro Tools Documentation 7.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83670AE5-73B8-49E0-933E-954987391587}" = EarthLink Update Manager
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8C49987B-689E-469D-86AE-8E325A038701}" = Melodyne plugin
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.839
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92B43A6F-E328-495A-ACFA-FC47C1B7215D}" = Digidesign Shared Plug-Ins 7.0
"{936FADC9-C609-471A-B6F2-A33E2E660D1A}" = Sony Notebook Setup
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9717EE69-75AF-45F9-B6B4-3022F69EF186}" = Digidesign Pro Tools LE 7.1
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A17B0B6-AD89-4321-99E6-09D9ABFA254D}" = MelodyneEssential 1.8
"{9E30D77F-CE1B-4674-8AFB-0DE22E5AC3A8}" = VAIO Media Photo Server 2.5
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A09ABB28-33D6-4662-8282-C46D480BE863}" = TL Space Native 7.4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A65BACB2-6BE3-4034-8342-EDCF3DF6806D}" = Digidesign DigiRack Time Shift
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA52B348-0683-49B3-BE24-8D042C7AC544}" = Deal Info
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" = EarthLink TaskPanel
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6290E91-61CA-48F3-A0EB-716AB60C782F}" = T-RackS EQ
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop and Synchronization Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility
"{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C1EDC38F-2760-4A4E-9CED-95B53024134C}" = VersionTracker Pro Windows
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C69AEBA2-6BDC-4C84-9275-6A48D4E1E4B1}" = EarthLink MailBox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE180CC-F0A1-42E8-9175-CD7F2D28A95D}" = Digidesign DigiRack SignalTools
"{CCAC48E4-4B4D-43CB-ABB5-E817E39873B3}" = VAIO Media Setup 2.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1839CE2-E7C6-4871-A7FB-ABC37432E99A}_is1" = Power Video Cutter 3.5
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D9C3CDEB-BC7F-4CB3-BC92-719B365DF28E}" = EarthLink IM
"{DA710550-08C4-4845-A151-21D6DC9ED6D1}" = InterLok Driver Kit
"{DBC9D073-4D16-49E6-A005-D6EA8F887CA4}" = Melodyne editor Beta
"{DBDB8C5A-E0B9-4C10-A649-59D962E3A07F}" = EarthLink Webspace
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.5
"{DF733005-0F40-11D6-9254-0000F460E7A9}" = VAIO Media Music Server 2.5
"{E064390A-2F64-4195-9A55-30D4B20B865A}" = WDCSAM Driver
"{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}" = Free Bomb Factory Plug-Ins 7.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA8CE34B-C4C6-41DB-9AD2-5C73AC7A9A59}" = New York Times - Times Reader
"{EC4194AF-7CC9-4FD2-9909-B413DC04C2FC}" = vEMDR Lite
"{EC7C436A-D29E-423A-A97B-A87E9760CA14}" = AmpliTube LE
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDEAF307-51B7-41FF-8B08-AE646117172E}" = Microsoft Upgrade Offer
"{EE031CEC-748D-429A-9A5C-8C53CD193335}" = BlackBerry Device Software Updater
"{EE4E7E75-A4A6-4C3D-9F70-C276FA43205A}" = MacDrive 6
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3994FBE-9DCB-4F13-9A8F-0CA969DB68CD}" = Dba2Csv
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20080908
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDC8CD49-CAC3-0991-28F6-4DF507176AC1}" = Times Reader
"{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}" = DVD Creation
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"1DFA5A2C8F9A29900D86649C1BA251AC4E847D62" = Windows Driver Package - Intel net (05/09/2007 11.1.0.110)
"7-Zip" = 7-Zip 4.65
"8A1D0449E9CBCC93DCB0CF47934D695423632CA7" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"AbiWord2" = AbiWord 2.6.8
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Any Audio Converter_is1" = Any Audio Converter 2.0.5
"Any Video Converter_is1" = Any Video Converter 3.0.3
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"Audiotools" = Audiotools v5.35
"BitZipper Trial_is1" = BitZipper 5.0.1
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"C13F055D3C0F7A5ABC1FA9D9805182F8A9C54216" = Windows Driver Package - Intel net (05/09/2007 11.1.0.110)
"CCleaner" = CCleaner (remove only)
"Chopper_is1" = Chopper XP 2.3
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8158104D" = SoftK56 Data Fax CARP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"dcmsvc_is1" = dcmsvc 1.0
"Discware Lite" = Discware Lite
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.8.3
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.1.2.0
"EarthLink TotalAccess 2004" = EarthLink TotalAccess 2004
"eBay Icon" = eBay Icon
"eIMAGE Recovery" = eIMAGE Recovery
"ERUNT_is1" = ERUNT 1.1j
"EsetOnlineScanner" = ESET Online Scanner
"Facebook" = Facebook Desktop
"FavOrg" = FavOrg
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FileZilla Client" = FileZilla Client 3.0.7.1
"Finale 2002" = Finale 2002
"Finale NotePad 2008" = Finale NotePad 2008
"Freecorder_1.0" = Freecorder 2.3 (with Skype Call Recording)
"Garritan Personal Orchestra" = Garritan Personal Orchestra
"GOM Player" = GOM Player
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"HijackThis / CWShredder Installer_is1" = HijackThis / CWShredder Installer 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Legacy 6.0" = Legacy 6.0
"legacyqcam_11.00" = Logitech Legacy USB Camera Driver Package
"Live 5.2" = Live 5.2
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.4.4
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-02-25-01
"PDF reDirect" = PDF reDirect (remove only)
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Replay Media Catcher 3.11" = Replay Media Catcher
"Replay_Converter_1" = Replay Converter 3.0B6
"Replay_Screencast_1.0" = Replay Screencast 1.21
"Shockwave" = Shockwave
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Smart Defrag_is1" = Smart Defrag
"Solero Music Control_is1" = Solero Music Control 1.0.1.7
"Solero Music Viewer_is1" = Solero Music Viewer 8.0.29.370
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SpeedFan" = SpeedFan (remove only)
"STANDARDR" = Microsoft Office Standard 2007 Trial
"SUPER ©" = SUPER © Version 2007.bld.23 (July 4, 2007)
"System Tweaker_is1" = Uniblue System Tweaker
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"TrojanHunter_is1" = TrojanHunter 5.2
"TrueCrypt" = TrueCrypt
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue PowerSuite 2009" = Uniblue PowerSuite 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Unlocker" = Unlocker 1.8.8
"VAIO Support" = VAIO Support
"VindigoLink" = VindigoLink
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFF_is1" = WinFF 0.31
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0
"WM Recorder 11.2" = WM Recorder 11.2
"WM Recorder 12.0" = WM Recorder 12.0
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xpand!_is1" = Xpand!
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"zipitfree1.80" = ZipItFree 1.90

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Adobe Digital Editions" = Adobe Digital Editions
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2010 11:56:11 PM | Computer Name = CRDLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2010 12:02:49 AM | Computer Name = CRDLAPTOP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3384 (0xd38) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Replay
Media Catcher\plugins\plugin_zrtsp.dll by C:\Program Files\Replay Media Catcher\MediaCatcher.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 4/21/2010 3:02:19 PM | Computer Name = CRDLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2010 3:02:24 PM | Computer Name = CRDLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 4/21/2010 4:48:25 PM | Computer Name = CRDLAPTOP | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.2.0.723
Exception
Code : 0XC0000005 Exception Address : 0X1226C2C3 Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X122794A0 More information :

Error - 4/21/2010 4:49:55 PM | Computer Name = CRDLAPTOP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3408 (0xd50) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\26259_757786223380_20920854_41941259_134809_n.jpg

by C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/21/2010 10:33:47 PM | Computer Name = CRDLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application finale.exe, version 7.0.0.0, faulting module
finale.exe, version 7.0.0.0, fault address 0x00044fc5.

Error - 4/22/2010 11:50:34 PM | Computer Name = CRDLAPTOP | Source = ESENT | ID = 474
Description = wuauclt (808) The database page read from the file "C:\windows\SoftwareDistribution\DataStore\DataStore.edb"
at offset 20914176 (0x00000000013f2000) for 4096 (0x00001000) bytes failed verification
due to a page checksum mismatch. The expected checksum was 3552361153 (0xd3bcbac1)
and the actual checksum was 3550001857 (0xd398bac1). The read operation will fail
with error -1018 (0xfffffc06). If this condition persists then please restore
the database from a previous backup.

Error - 4/23/2010 2:52:53 AM | Computer Name = CRDLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 9.1.0.79, faulting module
corefoundation.dll, version 1.550.17.21, fault address 0x0003add3.

Error - 4/23/2010 2:52:59 AM | Computer Name = CRDLAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1791236810.

[ OSession Events ]
Error - 6/29/2009 11:24:54 AM | Computer Name = CRDLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2009 11:25:12 AM | Computer Name = CRDLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2009 9:34:51 PM | Computer Name = CRDLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2009 4:00:08 AM | Computer Name = CRDLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2009 4:00:21 AM | Computer Name = CRDLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/9/2009 3:27:25 PM | Computer Name = CRDLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/25/2010 6:25:24 AM | Computer Name = CRDLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/25/2010 6:31:39 AM | Computer Name = CRDLAPTOP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 4/25/2010 6:31:39 AM | Computer Name = CRDLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 4/25/2010 6:31:39 AM | Computer Name = CRDLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VAIO Media Music Server
service to connect.

Error - 4/25/2010 6:31:39 AM | Computer Name = CRDLAPTOP | Source = Service Control Manager | ID = 7000
Description = The VAIO Media Music Server service failed to start due to the following
error: %%1053

Error - 4/25/2010 6:31:39 AM | Computer Name = CRDLAPTOP | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Music Server (HTTP) service depends on the VAIO Media
Music Server service which failed to start because of the following error: %%1053

Error - 4/25/2010 6:31:39 AM | Computer Name = CRDLAPTOP | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Music Server (UPnP) service depends on the VAIO Media
Music Server (HTTP) service which failed to start because of the following error:
%%1068

Error - 4/25/2010 6:31:39 AM | Computer Name = CRDLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 4/25/2010 6:33:09 AM | Computer Name = CRDLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 4/25/2010 6:34:24 AM | Computer Name = CRDLAPTOP | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#4
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi crdenny,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
    O33 - MountPoints2\{1e509080-8f80-11da-aef0-080046bc08e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{1e509080-8f80-11da-aef0-080046bc08e1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1e509080-8f80-11da-aef0-080046bc08e1}\Shell\AutoRun\command - "" = C:\windows\System32\url.dll -- [2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{3fe7d390-14d2-11dc-9065-080046bc08e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{3fe7d390-14d2-11dc-9065-080046bc08e1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3fe7d390-14d2-11dc-9065-080046bc08e1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{669b5380-8f7a-11da-aeee-080046bc08e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{669b5380-8f7a-11da-aeee-080046bc08e1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{669b5380-8f7a-11da-aeee-080046bc08e1}\Shell\AutoRun\command - "" = C:\windows\System32\url.dll -- [2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{c9ff2191-2af5-11de-bff2-080046bc08e1}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDEULA.exe -- File not found
    [2010/04/21 00:03:17 | 000,156,672 | ---- | M] (Radioactive) -- C:\windows\System32\rmc_fixasf.exe
    [2010/04/21 00:03:10 | 000,237,568 | ---- | M] () -- C:\windows\System32\rmc_rtspdl.dll
    [2010/03/01 10:20:07 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\inst.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#5
crdenny

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Hi again,

Below are the MBAM and Kaspersky logs. Just FYI, I had to re-run the Kaspersky scan - the first time, I had something like 7-8 hours until it would be time to leave (with my laptop) to catch a plane, and naturally assumed the scan would be long finished by then, but it was only 45% done in that time. It had flagged one trojan, which I could swear was labeled as a Vundo variant. In the complete scan I did as soon as I arrived home (which took almost 11 hours), the virus was found at the same exact point in the scan, (I think) while scanning the DVDFab folder in My Docs, but has a different name. I wasn't able to save a log of the first scan attempt; the log I'm including below is of the second, complete scan.

Also, in spite of my having stopped the McAfee On-Access Scanner, set to resume only after a reboot, midway through the scan a "McAfee" popup said a restart was now required to complete an update to a "new version"; I kept closing that, but found that McShield.exe was now in the Task Scheduler and gave me an error message if I tried to stop it by any method. And finally, now after finishing the scan and rebooting, the McAfee On-Access Scanner goes off in a second each time I try to start it. So I assume this virus is pretty diabolical...

Thanks so much for your help! I hope you can help me clean this mess up. Here are the logs.

________________________________________________________________________________

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4036

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

4/26/2010 1:41:00 AM
mbam-log-2010-04-26 (01-41-00).txt

Scan type: Quick scan
Objects scanned: 122023
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

__________________________________________________________________________________

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, April 27, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 26, 2010 16:54:43
Records in database: 3981944
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 145263
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 10:44:23


File name / Threat / Threats count
D:\Christopher Denny's Documents\DVDFab\Temp\Update\Update.exe Infected: Trojan.Win32.Agent.cziy 1

Selected area has been scanned.
  • 0

#6
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
I believe the DVDFab is a false positive from what I've seen. Is McAfee detecting viruses?
  • 0

#7
crdenny

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
No, McAfee has detected nothing. Then again, I haven't trusted McAfee for quite a while. Last night, after running the Kaspersky scan, the McAfee on-access scanner refused to let me turn it on, turning itself off a dozen times within a second after each time I enabled it. Miraculously, after another reboot or two, that stopped happening and now it's staying on. Over the last few months, I've very often gotten the "Your Computer Is At Risk" popup from McAfee shortly after booting up, telling me that the scanner (and often all other safeguards) are disabled. Normally, I can manually enable them at that point.

On a side note, I forgot to mention that, when I booted up the laptop after my flight in order to do (or re-do, since I'd had to abort the first one) the Kaspersky scan, all the hidden files which had been visible on my desktop since performing the OTL fix had disappeared again. Wondered if that should have happened, if it could have indicated settings changed somehow, by something...

If your guess is that, in fact, there's no malware, it strikes me that that's actually much worse news for me than if there is some. I have been assuming that my computer's many recent deficiencies - endless winlogon errors/crashes (again, until the last couple of days, and always associated with explorer.exe), my processor endlessly reaching and staying at 100% when performing tasks that didn't used to tax it (it sat at 100% for most of the 11-hour Kaspersky scan), and, for example, my inability to ever play iTunes video anymore (which never used to be a problem) due to the processor maxing out and the video just staggering from still frame to still frame - were all likely due to a virus or rootkit. Seeing the Vundo label come up during the truncated Kasp scan seemed edifying since I'd read that Vundo trojans are known for maxing out the processor AND for causing that very explorer/winlogon error, and I've heard they routinely disable McAfee, MBAM and TrojanHunter - even VundoFix itself - to render themselves invisible. If none of that is the case here, then I guess I need to move to the correct forum to start investigating whether my processor is on its last legs and/or other hardware is failing, etc. Ugh!

In any case, I'd appreciate your best suggestion on how to proceed. Thanks!!
  • 0

#8
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
We'll do a few more scans just to make sure there is nothing else hiding there. :)

Please download ComboFix and save it to your Desktop.NOTE: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don''t know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post C:\Combo-Fix.txt in your next post.
**Note: Do not click the ComboFix window while it's running. That may cause it to stall**
  • 0

#9
crdenny

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Thanks again, mpascal. I appreciate your patience!!

Here is the ComboFix log:
_________________________________________________________________________________

ComboFix 10-04-26.05 - Christopher Denny 04/27/2010 21:02:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.517 [GMT -4:00]
Running from: c:\documents and settings\Christopher Denny\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Christopher Denny\Application Data\Desktopicon
c:\documents and settings\Christopher Denny\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Christopher Denny\Application Data\Desktopicon\uninst.exe
c:\recycler\S-1-5-21-1454471165-1606980848-1343024091-1003
c:\recycler\S-1-5-21-1622075457-4190166159-1166663442-1003
c:\recycler\S-1-5-21-1669927297-3835548194-1318120790-1003
c:\recycler\S-1-5-21-2006581451-2478246654-2073022256-1003
c:\recycler\S-1-5-21-2123448451-792946353-3073278868-1003
c:\recycler\S-1-5-21-2169411743-2961379330-4240802818-1003
c:\recycler\S-1-5-21-4205138817-1442943644-735762108-1003
c:\windows\eSellerateEngine.dll
c:\windows\explorer(2).exe
c:\windows\struct~.ini
c:\windows\system32\Download
c:\windows\system32\Download\ispinfo.csv
c:\windows\system32\logs
c:\windows\system32\Thumbs.db
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wc98pp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCPATCH
-------\Legacy_WKSPATCH


((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-28 00:11 . 2010-04-28 00:11 -------- d-----w- c:\windows\LastGood.Tmp
2010-04-27 08:37 . 2010-04-27 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TrojanHunter
2010-04-27 08:37 . 2010-04-28 00:29 -------- d-----w- c:\program files\TrojanHunter 5.3
2010-04-25 03:35 . 2010-04-25 03:36 -------- d-----w- c:\program files\ERUNT
2010-04-15 19:08 . 2010-04-14 16:29 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-15 19:08 . 2010-04-14 16:29 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-15 19:08 . 2010-04-14 16:29 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-15 19:08 . 2010-04-14 16:29 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-15 19:08 . 2010-04-14 16:29 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-15 19:08 . 2010-04-14 16:29 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-15 19:08 . 2010-04-14 16:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-08 04:58 . 2010-04-08 04:58 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Sibelius Software
2010-04-06 02:09 . 2010-04-06 02:09 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Amazon
2010-04-06 02:09 . 2010-04-06 02:09 -------- d-----w- c:\documents and settings\Christopher Denny\Local Settings\Application Data\Amazon
2010-03-31 08:21 . 2010-03-31 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 23:49 . 2008-10-28 22:19 -------- d-----w- c:\program files\TrojanHunter 5.0
2010-04-27 23:48 . 2009-10-05 08:28 -------- d-----w- c:\program files\TrojanHunter 5.2
2010-04-25 16:39 . 2007-09-14 06:50 -------- d-----w- c:\program files\SpeedFan
2010-04-23 09:04 . 2010-04-23 09:04 388096 ----a-r- c:\documents and settings\Christopher Denny\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-23 06:54 . 2004-03-04 02:50 93640 -c--a-w- c:\documents and settings\Christopher Denny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-23 04:49 . 2009-10-08 08:28 -------- d-----w- c:\program files\McAfee
2010-04-21 04:19 . 2009-02-26 09:28 -------- d-----w- c:\program files\Replay Media Catcher
2010-04-19 08:50 . 2008-12-06 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 02:14 . 2008-02-02 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-04-18 05:42 . 2006-12-24 07:25 -------- d-----w- c:\program files\Replay Converter
2010-04-17 22:15 . 2008-09-25 06:59 -------- d-----w- c:\program files\FreeHand Systems
2010-04-17 21:35 . 2008-12-06 04:52 256 ----a-w- c:\windows\system32\pool.bin
2010-04-16 00:55 . 2009-10-08 08:28 -------- d-----w- c:\program files\McAfee.com
2010-04-15 19:13 . 2009-10-08 08:28 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-14 16:29 . 2009-10-08 08:29 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-14 16:29 . 2009-10-08 08:29 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-14 16:29 . 2009-10-08 08:29 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-12 08:21 . 2010-02-03 11:34 68196 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-08 04:58 . 2009-01-10 06:18 -------- d-----w- c:\program files\Musicnotes
2010-04-06 02:09 . 2007-07-27 11:07 -------- d-----w- c:\program files\Amazon
2010-04-05 22:53 . 2009-09-20 07:58 -------- d-----w- c:\program files\Opera
2010-04-05 19:53 . 2009-04-14 10:02 2173536 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-05 09:11 . 2007-05-28 07:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-05 04:09 . 2010-02-07 05:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 04:05 . 2010-04-05 04:05 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-02 07:00 . 2008-04-21 02:15 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-03-31 08:44 . 2004-04-18 18:59 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Apple Computer
2010-03-31 08:30 . 2006-10-23 02:51 -------- d-----w- c:\program files\iTunes
2010-03-31 08:21 . 2005-07-09 20:13 -------- d-----w- c:\program files\iPod
2010-03-31 08:10 . 2009-05-01 09:14 -------- d-----w- c:\program files\Bonjour
2010-03-31 07:51 . 2005-09-15 04:31 -------- d-----w- c:\program files\QuickTime
2010-03-31 07:44 . 2010-03-31 07:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-30 04:46 . 2010-02-07 05:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-02-07 05:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 11:33 . 2009-10-28 07:02 -------- d-----w- c:\program files\ABC Amber BlackBerry Converter
2010-03-11 12:38 . 2004-02-06 22:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-03-27 03:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-04-09 03:57 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-04-09 03:58 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 21:53 . 2010-01-07 05:47 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Any Audio Converter
2010-03-04 12:55 . 2008-09-26 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-03-04 12:52 . 2003-04-10 00:13 -------- d-----w- c:\program files\Java
2010-03-01 14:20 . 2007-10-06 04:52 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Vso
2010-03-01 14:20 . 2007-10-06 04:52 47360 -c--a-w- c:\documents and settings\Christopher Denny\Application Data\pcouffin.sys
2010-03-01 14:20 . 2007-10-06 04:52 47360 -c--a-w- c:\documents and settings\Christopher Denny\Application Data\pcouffin.sys
2010-03-01 14:20 . 2007-10-06 04:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-01 14:19 . 2010-03-01 14:19 -------- d-----w- c:\program files\DVDFab 6
2010-02-24 13:11 . 2003-04-09 03:58 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 22:00 . 2010-02-20 22:00 503808 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dd0e379-n\msvcp71.dll
2010-02-20 22:00 . 2010-02-20 22:00 348160 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dd0e379-n\msvcr71.dll
2010-02-20 22:00 . 2010-02-20 21:59 499712 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dd0e379-n\jmc.dll
2010-02-20 21:59 . 2010-02-20 21:59 61440 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-144b97af-n\decora-sse.dll
2010-02-20 21:59 . 2010-02-20 21:59 12800 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-144b97af-n\decora-d3d.dll
2010-02-17 13:10 . 2003-04-09 03:58 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2003-07-10 17:19 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-06-30 21:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 04:43 . 2009-02-26 09:28 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2006-05-03 09:06 . 2007-10-13 07:11 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-10-13 07:11 31232 --sh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-03-17 81920]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-02-15 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-03 335872]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-06-13 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Christopher Denny\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave3"=Digi32.dll
"Midi1"=rddv1027.dll
"Midi2"=diomidi.dll
"midi4"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk.disabled]
backup=c:\windows\pss\Billminder.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
backup=c:\windows\pss\Quicken Scheduled Updates.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk.disabled]
backup=c:\windows\pss\Quicken Startup.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Christopher Denny^Start Menu^Programs^Startup^jConnect 4.4.lnk]
backup=c:\windows\pss\jConnect 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Christopher Denny^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=c:\windows\pss\palmOne Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SureCleanProfessional

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 19:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dcmsvc]
2009-04-07 18:53 30440 ----a-w- c:\program files\dcmsvc\dcmsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.4]
2008-10-07 21:53 95744 -c--a-w- c:\program files\j2 Messenger 4.4\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 21:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15 2407184 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
2005-04-15 20:54 106496 -c--a-r- c:\program files\Mediafour\MacDrive\MDDiskProtect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
2002-12-17 20:43 61440 -c--a-r- c:\program files\Common Files\Mediafour\MACVNTFY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediafourGettingStartedWithMacDrive6]
2004-08-26 18:12 86016 -c--a-w- c:\program files\Mediafour\MacDrive\MacDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-22 20:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]
2009-04-28 12:05 614696 -c--a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2009-04-17 09:11 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MediafourGettingStartedWithMacDrive6"="c:\program files\Mediafour\MacDrive\MacDrive.exe" /runonce
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs"
"CARPService"=carpserv.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"WD Button Manager"=WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\documents and settings\Christopher Denny\Application Data\Facebook\facebook.exe"= c:\documents and settings\Christopher Denny\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [7/20/2006 1:21 AM 16384]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [4/30/2006 10:57 AM 16640]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/30/2009 3:38 AM 28544]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [9/13/2006 2:53 PM 213888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/15/2010 3:08 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/8/2009 4:32 AM 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2010 3:08 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2010 3:08 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/15/2010 3:09 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/15/2010 3:08 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/15/2010 3:08 PM 55456]
R3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [12/2/2009 2:51 PM 54328]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/15/2010 3:08 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/15/2010 3:08 PM 88480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 0208481272413488mcinstcleanup;McAfee Application Installer Cleanup (0208481272413488);c:\windows\TEMP\0208481272413488mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\0208481272413488mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c8ee19b2d69640;Google Update Service (gupdate1c8ee19b2d69640);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2009 11:40 PM 133104]
S2 mrtRate;mrtRate; [x]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [7/8/2004 6:04 PM 16194]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [7/20/2006 1:19 AM 107008]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [4/17/2009 3:57 AM 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [4/17/2009 3:57 AM 15232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A7.tmp --> c:\windows\system32\A7.tmp [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/15/2010 3:08 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/15/2010 3:08 PM 83496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 1:31 PM 42000]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2/18/2005 11:35 PM 155264]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver; [x]
S3 RDID1008;Roland PC-300;c:\windows\system32\drivers\Rdwm1008.sys [5/20/2009 2:35 AM 79361]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [11/19/2007 6:27 AM 217600]
S3 VisorUsb;Handspring USB;c:\windows\system32\DRIVERS\VisorUsb.sys --> c:\windows\system32\DRIVERS\VisorUsb.sys [?]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 11:45 PM 6784]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [3/1/2010 10:25 AM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [3/1/2010 10:26 AM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [3/1/2010 10:27 AM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [3/1/2010 10:27 AM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [3/1/2010 10:28 AM 25704]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0208481272413488MCINSTCLEANUP
*Deregistered* - mfeavfk01

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 17:11]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 03:40]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 03:40]

2003-12-20 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-04-09 00:12]

2003-12-20 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-04-09 00:12]

2003-12-20 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-04-09 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open In &New Window - c:\documents and settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
IE: Translate into English
IE: View old version at &archives.org - c:\documents and settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
FF - ProfilePath - c:\documents and settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\
FF - prefs.js: browser.search.selectedEngine - UserLogos
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Christopher Denny\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nprmsl.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\PACE Anti-Piracy\iLok\NPPaceILok.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons - (no file)
SafeBoot-svcWRSSSDK
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-THGuard - c:\program files\TrojanHunter 5.2\THGuard.exe
AddRemove-eBay Icon - c:\documents and settings\Christopher Denny\Application Data\Desktopicon\uninst.exe
AddRemove-SUPER © - c:\progra~1\ERIGHT~1\SUPER\Setup.exe
AddRemove-Uniblue SpeedUpMyPC 2009 - c:\documents and settings\All Users\Application Data\{856E04B3-8FD3-40EB-AE55-65BD0321FC59}\SpeedUpMyPC.exe
AddRemove-Adobe Digital Editions - c:\documents and settings\christopher denny\application data\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 21:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A7.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'lsass.exe'(1268)
c:\windows\system32\rddv1027.dll

- - - - - - - > 'explorer.exe'(2896)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Mediafour\MACVICON.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\windows\system32\ICO.EXE
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-27 21:30:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-28 01:30

Pre-Run: 16,452,882,432 bytes free
Post-Run: 16,363,270,144 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - CB5E1EF6B535467C0E2889AD264D0D0E
  • 0

#10
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00 
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]

Driver::
MEMSWEEP2

File::
c:\windows\system32\A7.tmp
  • Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

Advertisements


#11
crdenny

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Hi again,

This time ComboFix seems to have found and fixed an infected system file. [below] Or was this a false positive too?

In the first few stages of its processing (around 6A, I think), I got an error message: "PEV.cfxxe has encountered a problem and needs to close." I clicked "Don't Send" (an error report), taking care not to click near the ComboFix window, and, to my relief, the program continued to function in what seemed like a normal fashion.

By the way, since I'm running XP, I was wondering when it would be best (and/or safe) to disable/re-enable System Restore to clear infected backups, if such exist.

Here is the new log. Thanks so much...

___________________________________________________________________________________

ComboFix 10-04-26.05 - Christopher Denny 04/28/2010 0:58.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.532 [GMT -4:00]
Running from: c:\documents and settings\Christopher Denny\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Christopher Denny\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\A7.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\dwwin.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dwwin.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-27 08:37 . 2010-04-27 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TrojanHunter
2010-04-27 08:37 . 2010-04-28 00:29 -------- d-----w- c:\program files\TrojanHunter 5.3
2010-04-25 03:35 . 2010-04-25 03:36 -------- d-----w- c:\program files\ERUNT
2010-04-15 19:08 . 2010-04-14 16:29 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-15 19:08 . 2010-04-14 16:29 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-15 19:08 . 2010-04-14 16:29 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-15 19:08 . 2010-04-14 16:29 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-15 19:08 . 2010-04-14 16:29 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-15 19:08 . 2010-04-14 16:29 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-15 19:08 . 2010-04-14 16:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-08 04:58 . 2010-04-08 04:58 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Sibelius Software
2010-04-06 02:09 . 2010-04-06 02:09 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Amazon
2010-04-06 02:09 . 2010-04-06 02:09 -------- d-----w- c:\documents and settings\Christopher Denny\Local Settings\Application Data\Amazon
2010-03-31 08:21 . 2010-03-31 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 01:53 . 2008-04-21 02:15 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-04-27 23:49 . 2008-10-28 22:19 -------- d-----w- c:\program files\TrojanHunter 5.0
2010-04-27 23:48 . 2009-10-05 08:28 -------- d-----w- c:\program files\TrojanHunter 5.2
2010-04-25 16:39 . 2007-09-14 06:50 -------- d-----w- c:\program files\SpeedFan
2010-04-23 09:04 . 2010-04-23 09:04 388096 ----a-r- c:\documents and settings\Christopher Denny\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-23 06:54 . 2004-03-04 02:50 93640 -c--a-w- c:\documents and settings\Christopher Denny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-23 04:49 . 2009-10-08 08:28 -------- d-----w- c:\program files\McAfee
2010-04-21 04:19 . 2009-02-26 09:28 -------- d-----w- c:\program files\Replay Media Catcher
2010-04-19 08:50 . 2008-12-06 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 02:14 . 2008-02-02 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-04-18 05:42 . 2006-12-24 07:25 -------- d-----w- c:\program files\Replay Converter
2010-04-17 22:15 . 2008-09-25 06:59 -------- d-----w- c:\program files\FreeHand Systems
2010-04-17 21:35 . 2008-12-06 04:52 256 ----a-w- c:\windows\system32\pool.bin
2010-04-16 00:55 . 2009-10-08 08:28 -------- d-----w- c:\program files\McAfee.com
2010-04-15 19:13 . 2009-10-08 08:28 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-14 16:29 . 2009-10-08 08:29 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-14 16:29 . 2009-10-08 08:29 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-14 16:29 . 2009-10-08 08:29 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-12 08:21 . 2010-02-03 11:34 68196 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-08 04:58 . 2009-01-10 06:18 -------- d-----w- c:\program files\Musicnotes
2010-04-06 02:09 . 2007-07-27 11:07 -------- d-----w- c:\program files\Amazon
2010-04-05 22:53 . 2009-09-20 07:58 -------- d-----w- c:\program files\Opera
2010-04-05 19:53 . 2009-04-14 10:02 2173536 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-05 09:11 . 2007-05-28 07:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-05 04:09 . 2010-02-07 05:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 04:05 . 2010-04-05 04:05 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 08:44 . 2004-04-18 18:59 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Apple Computer
2010-03-31 08:30 . 2006-10-23 02:51 -------- d-----w- c:\program files\iTunes
2010-03-31 08:21 . 2005-07-09 20:13 -------- d-----w- c:\program files\iPod
2010-03-31 08:10 . 2009-05-01 09:14 -------- d-----w- c:\program files\Bonjour
2010-03-31 07:51 . 2005-09-15 04:31 -------- d-----w- c:\program files\QuickTime
2010-03-31 07:44 . 2010-03-31 07:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-30 04:46 . 2010-02-07 05:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-02-07 05:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 11:33 . 2009-10-28 07:02 -------- d-----w- c:\program files\ABC Amber BlackBerry Converter
2010-03-11 12:38 . 2004-02-06 22:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-03-27 03:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-04-09 03:57 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-04-09 03:58 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 21:53 . 2010-01-07 05:47 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Any Audio Converter
2010-03-04 12:55 . 2008-09-26 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-03-04 12:52 . 2003-04-10 00:13 -------- d-----w- c:\program files\Java
2010-03-01 14:20 . 2007-10-06 04:52 -------- d-----w- c:\documents and settings\Christopher Denny\Application Data\Vso
2010-03-01 14:20 . 2007-10-06 04:52 47360 -c--a-w- c:\documents and settings\Christopher Denny\Application Data\pcouffin.sys
2010-03-01 14:20 . 2007-10-06 04:52 47360 -c--a-w- c:\documents and settings\Christopher Denny\Application Data\pcouffin.sys
2010-03-01 14:20 . 2007-10-06 04:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-01 14:19 . 2010-03-01 14:19 -------- d-----w- c:\program files\DVDFab 6
2010-02-24 13:11 . 2003-04-09 03:58 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 22:00 . 2010-02-20 22:00 503808 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dd0e379-n\msvcp71.dll
2010-02-20 22:00 . 2010-02-20 22:00 348160 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dd0e379-n\msvcr71.dll
2010-02-20 22:00 . 2010-02-20 21:59 499712 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dd0e379-n\jmc.dll
2010-02-20 21:59 . 2010-02-20 21:59 61440 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-144b97af-n\decora-sse.dll
2010-02-20 21:59 . 2010-02-20 21:59 12800 ----a-w- c:\documents and settings\Christopher Denny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-144b97af-n\decora-d3d.dll
2010-02-17 13:10 . 2003-04-09 03:58 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2003-07-10 17:19 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-06-30 21:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 04:43 . 2009-02-26 09:28 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2006-05-03 09:06 . 2007-10-13 07:11 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-10-13 07:11 31232 --sh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-03-17 81920]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-02-15 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-03 335872]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-06-13 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Christopher Denny\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave3"=Digi32.dll
"Midi1"=rddv1027.dll
"Midi2"=diomidi.dll
"midi4"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk.disabled]
backup=c:\windows\pss\Billminder.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
backup=c:\windows\pss\Quicken Scheduled Updates.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk.disabled]
backup=c:\windows\pss\Quicken Startup.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Christopher Denny^Start Menu^Programs^Startup^jConnect 4.4.lnk]
backup=c:\windows\pss\jConnect 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Christopher Denny^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 19:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dcmsvc]
2009-04-07 18:53 30440 ----a-w- c:\program files\dcmsvc\dcmsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.4]
2008-10-07 21:53 95744 -c--a-w- c:\program files\j2 Messenger 4.4\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 21:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15 2407184 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
2005-04-15 20:54 106496 -c--a-r- c:\program files\Mediafour\MacDrive\MDDiskProtect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
2002-12-17 20:43 61440 -c--a-r- c:\program files\Common Files\Mediafour\MACVNTFY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediafourGettingStartedWithMacDrive6]
2004-08-26 18:12 86016 -c--a-w- c:\program files\Mediafour\MacDrive\MacDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-22 20:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]
2009-04-28 12:05 614696 -c--a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2009-04-17 09:11 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MediafourGettingStartedWithMacDrive6"="c:\program files\Mediafour\MacDrive\MacDrive.exe" /runonce
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs"
"CARPService"=carpserv.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"WD Button Manager"=WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\documents and settings\Christopher Denny\Application Data\Facebook\facebook.exe"= c:\documents and settings\Christopher Denny\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [7/20/2006 1:21 AM 16384]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [4/30/2006 10:57 AM 16640]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/30/2009 3:38 AM 28544]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [9/13/2006 2:53 PM 213888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/15/2010 3:08 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/8/2009 4:32 AM 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2010 3:08 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2010 3:08 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/15/2010 3:09 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/15/2010 3:08 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/15/2010 3:08 PM 55456]
R3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [12/2/2009 2:51 PM 54328]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/15/2010 3:08 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/15/2010 3:08 PM 88480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 0208481272413488mcinstcleanup;McAfee Application Installer Cleanup (0208481272413488);c:\windows\TEMP\0208481272413488mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\0208481272413488mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c8ee19b2d69640;Google Update Service (gupdate1c8ee19b2d69640);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2009 11:40 PM 133104]
S2 mrtRate;mrtRate; [x]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [7/8/2004 6:04 PM 16194]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [7/20/2006 1:19 AM 107008]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [4/17/2009 3:57 AM 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [4/17/2009 3:57 AM 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/15/2010 3:08 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/15/2010 3:08 PM 83496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 1:31 PM 42000]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2/18/2005 11:35 PM 155264]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver; [x]
S3 RDID1008;Roland PC-300;c:\windows\system32\drivers\Rdwm1008.sys [5/20/2009 2:35 AM 79361]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [11/19/2007 6:27 AM 217600]
S3 VisorUsb;Handspring USB;c:\windows\system32\DRIVERS\VisorUsb.sys --> c:\windows\system32\DRIVERS\VisorUsb.sys [?]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 11:45 PM 6784]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [3/1/2010 10:25 AM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [3/1/2010 10:26 AM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [3/1/2010 10:27 AM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [3/1/2010 10:27 AM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [3/1/2010 10:28 AM 25704]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-15 17:11]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 03:40]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 03:40]

2003-12-20 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-04-09 00:12]

2003-12-20 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-04-09 00:12]

2003-12-20 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-04-09 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open In &New Window - c:\documents and settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
IE: Translate into English
IE: View old version at &archives.org - c:\documents and settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
FF - ProfilePath - c:\documents and settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\
FF - prefs.js: browser.search.selectedEngine - UserLogos
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Christopher Denny\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nprmsl.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\PACE Anti-Piracy\iLok\NPPaceILok.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 01:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'lsass.exe'(1276)
c:\windows\system32\rddv1027.dll

- - - - - - - > 'explorer.exe'(4548)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\windows\system32\ICO.EXE
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-28 01:26:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-28 05:26
ComboFix2.txt 2010-04-28 01:30

Pre-Run: 16,417,804,288 bytes free
Post-Run: 16,296,476,672 bytes free

- - End Of File - - 25676378B978252ED65C016EA3F9B2D2
  • 0

#12
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi crdenny,

This time ComboFix seems to have found and fixed an infected system file.

The driver that I deleted it may have stopped CF from detecting it last time. It seems to have fixed it though.

By the way, since I'm running XP, I was wondering when it would be best (and/or safe) to disable/re-enable System Restore to clear infected backups, if such exist.

We will do that once I know everything is clean.

Any improvement on performance?
  • 0

#13
crdenny

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Hi,

I wish I could say that my computer's running better, but it's been up and down since the last ComboFix. Here's a summary, in case it gives you any further idea:

Last night, I got a couple of application errors, such as: "Faulting application acrord32.exe, version 8.2.2.217, faulting module acrord32.dll, version 8.2.2.217, fault address 0x00023e72." Also, at one point after a reboot, the old familiar winlogon error: "The shell stopped unexpectedly and Explorer.exe was restarted." Today, I got a couple more: "Process **\MCINSUPD.EXE pid (1236) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver", followed with an identical error for "Process **\MCUPDMGR.EXE pid (1516)".

To test the system out today, I decided to focus on iTunes video, since my inability to watch that has been an especially noticeable recent change. The result was more or less the same - jerky video, mostly (but maybe not quite as much) jumping from still frame to still frame while the audio continued. Unwatchable, at any rate... In System Properties, I reset performance settings (processor scheduling and memory usage) to "adjust for best performance of" programs rather than background services or system cache, but that didn't seem to improve anything. Then I tried to update iTunes from 9.1.0 to 9.1.1, wondering if a fresh set of drivers might make a difference: This led to, first an error saying that the older version of Bonjour.exe could not be removed; it still hasn't been, but I just unselected the small "Apple software update" which I assumed Bonjour was associated with, and retried it selecting only the iTunes & QuickTime update. Redoing that update - while successful - resulted in another error saying, "One of the files containing the system's Registry data had to be recovered by use of a log or alternate copy. The recovery was successful". I gotten that last error in the past only right after a reboot - I wonder if this has to do with that infected system file which was removed? The update to iTunes didn't change the video performance. Lastly, in case this is relevant to anything, while letting the iTunes video play I kept an eye on the Task Manager. The CPU was at or just under 100% at all times, with iTunes accounting for 80-100%; the other processes which accounted for the remaining 2-20% at any given time were wuauclt.exe, svchost.exe (system), and System.

Does any of that suggest any further steps to take? I'm very encouraged that an infected system file was finally found and cleaned last night! I'd been hoping, of course, that after that one find several more things might have appeared today (smoked out of hiding, as it were) and that McAfee or TrojanHunter could have done wholesale cleaning, leaving me with a pristine system... But not yet.

Thanks for everything, mpascal.
  • 0

#14
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi,

We'll keep doing a few more scans until I'm convinced that this is a Windows issue and not a malware issue.

Go to the website below and download SuperAntiSpyware (free version). Once you've installed it, try doing a scan with it and see if it comes up with anything.

http://www.superanti...efreevspro.html
  • 0

#15
crdenny

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
I ran the SUPERAntiSpyware scan. (Log below, in case you want to see it.) It found and quarantined 367 tracking cookies, which seems routine except that I thought both MBAM and McAfee AntiVirus Plus were supposed to find those as well, and they've been finding zero for months!

On rebooting (so that SASpyware could delete the more stubborn cookies), I got, yet again, this error: "One of the files containing the system's Registry data had to be recovered by use of a log or alternate copy. The recovery was successful." Just FYI, the associated Event Viewer information was:

Product: Windows Operating System
ID: 26
File name: ntdll.dll
File version: 5.1.2600.5755
Source: Application Popup
Version: 5.2
Symbolic Name: STATUS_LOG_HARD_ERROR
Message: Application popup: %1 : %2
Date: 4/29/2010
Time: 3:22:02 AM

Description:
Application popup: Windows - Registry Recovery

I also notice that I have frequent Event Log errors stating that a "boot-start or system-start driver", Lbd, has failed to load. I think that's a Lavasoft driver, but I haven't had Ad-Aware on this computer for years and it doesn't show up in Add/Remove Programs. I suppose it could be a registry remnant somehow causing trouble (and McAfee claims to conflict with Ad-Aware, doesn't it?), or something else mischievously naming itself Lbd.

I don't know nearly enough about this sort of thing to determine if such driver issues could be malware-related or not. Or whether running Registry Booster 2009, for instance, would help or just complicate making a diagnosis at this stage.

If there are any more scans that it might help to run, or if re-running anything (now that some kind of invisibility cloak seems to have been lifted, given that the infected system file and now 367 adware cookies have suddenly appeared since the last ComboFix) would make sense, I'd love to keep at it and hope for another breakthrough. But if you feel you've exhausted the appropriate malware-related tools, I certainly do understand and greatly appreciate everything you've done. In that case, I would certainly also appreciate any suggestions on how to proceed in general, whether on another forum or on my own...

Thanks very much!!

___________________________________________________________________________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/29/2010 at 02:57 AM

Application Version : 4.35.1000

Core Rules Database Version : 4865
Trace Rules Database Version: 2677

Scan type : Complete Scan
Total Scan Time : 02:46:47

Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 9337
Registry threats detected : 0
File items scanned : 40016
File threats detected : 367

Adware.Tracking Cookie
c:\documents and settings\christopher denny\cookies\[email protected][1].txt
c:\documents and settings\christopher denny\cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][6].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]net\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected].112.2o7[3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected]mcorp[1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][6].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher_de[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][8].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][7].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][6].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][8].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][7].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][6].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]t\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\cr[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Christopher Denny\Application Data\Earthlink\6.0\[email protected]\Cookies\christopher [email protected][1].txt
banners.broadwayworld.com [ C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\cookies.txt ]
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP