Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirections, slow browser loading, changes in window contents


  • This topic is locked This topic is locked

#1
1NR1

1NR1

    New Member

  • Member
  • Pip
  • 5 posts
Hello,
Thanks for your expertise. Maybe I need a new computer?!? That is what I am trying to avoid. My experience is above average or so. Maximum memory installed. I use a lot of programs and some short scripts to try to make working smoother. No game playing or intentional surfing to "dangerous' sites. HD is about 30% full.

Regarding personal information, my concern is that original commercial art and copy writing can be read, ideas used or simply stolen. I am not overly concerned just need to verify and check for negatives in that respect.

Following are the logs requested on your Cleaning guide page:

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-27 21:24:47
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\NRADMI~1\LOCALS~1\Temp\pgldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF2A80630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF2A79D80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF2A9E070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF2A80E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF2A97D30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF2A98150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF2AA2240]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF2A80FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF2A7AC60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF2A9F780]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF2A9F160]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF2A96E70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF2AA0080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF2AA02B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF2A7A750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF2A9A450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF2A9A020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF2AA1430]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF2AA0A40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF2A80180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF2AA10D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF2A80910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF2A7B080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF2AA18E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF2A9E970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF2A98D20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF2A98A50]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 80501284 12 Bytes [40, 0E, A8, F2, 30, 7D, A9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2708 805015A8 4 Bytes JMP 85430856

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3536] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3560] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- EOF - GMER 1.0.15 ----

EXTRAS.txt

OTL Extras logfile created on: 4/27/2010 9:27:02 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\NR Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 118.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 28.04 Gb Free Space | 75.26% Space Free | Partition Type: NTFS
Drive D: | 19.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 980.45 Mb Total Space | 592.13 Mb Free Space | 60.39% Space Free | Partition Type: FAT32
Drive F: | 3.76 Gb Total Space | 2.99 Gb Free Space | 79.48% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NR
Current User Name: NR Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.txt [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO [email protected])

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = Notepad++_file] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Invalid data type.
Directory [DosHere] -- %windir%\System32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{03B48041-B2CD-476A-87D6-79D0488559A2}" = Desktop Restore
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BFCE729-2C99-4D94-944E-4B57878D3576}" = MyMorph
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}" = Pixia
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C70C59DB-ED54-F7A5-CF7E-B5245C8158D8}" = Snackr
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F318330F-DE7D-4B22-AF7C-C3760DDC2EF3}" = Xmarks for IE
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo StartUp Tuner 2_is1" = Ashampoo StartUp Tuner 2.00
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Clipboard Help+Spell_is1" = Clipboard Help+Spell 1.27.01
"Copernic Agent Professional" = Copernic Agent Professional
"CopernicDesktopSearch2Corpo" = Copernic Desktop Search - Corporate
"Fn-esse" = TOSHIBA Fn-esse
"GNU Aspell_is1" = GNU Aspell 0.50-3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iFinger 2.0" = iFinger 2.0
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{0BFCE729-2C99-4D94-944E-4B57878D3576}" = MyMorph
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"IrfanView" = IrfanView (remove only)
"Locate" = Locate32
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobysaurus" = Mobysaurus
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nik Color Efex Pro 2.0 GE" = nik Color Efex Pro 2.0 GE
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Pixel Ruler" = Pixel Ruler
"PopUp Wisdom_is1" = PopUp Wisdom 1.07.01
"Registrar Lite 2.00" = Registrar Lite 2.00
"Registry Repair Pro_is1" = Registry Repair Pro
"Revo Uninstaller" = Revo Uninstaller 1.83
"SumatraPDF" = SumatraPDF
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Unknown Device Identifier_is1" = Unknown Device Identifier 7.00
"Vector Magic" = Vector Magic
"Visual Thesaurus 3" = Visual Thesaurus 3
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 2:48:30 PM | Computer Name = NR | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 5.0.342.9, fault address 0x0001474c.

Error - 4/27/2010 3:08:01 PM | Computer Name = NR | Source = Google Update | ID = 20
Description =

Error - 4/27/2010 4:08:02 PM | Computer Name = NR | Source = Google Update | ID = 20
Description =

Error - 4/27/2010 4:32:45 PM | Computer Name = NR | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 11.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x0b416f2f.

Error - 4/27/2010 5:08:05 PM | Computer Name = NR | Source = Google Update | ID = 20
Description =

Error - 4/27/2010 6:08:01 PM | Computer Name = NR | Source = Google Update | ID = 20
Description =

Error - 4/27/2010 7:08:01 PM | Computer Name = NR | Source = Google Update | ID = 20
Description =

Error - 4/27/2010 7:30:44 PM | Computer Name = NR | Source = Google Update | ID = 20
Description =

Error - 4/27/2010 7:38:49 PM | Computer Name = NR | Source = Google Update | ID = 20
Description =

Error - 4/27/2010 8:40:19 PM | Computer Name = NR | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/27/2010 7:26:56 PM | Computer Name = NR | Source = Service Control Manager | ID = 7031
Description = The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 4/27/2010 7:26:56 PM | Computer Name = NR | Source = Service Control Manager | ID = 7034
Description = The Folder Size service terminated unexpectedly. It has done this
1 time(s).

Error - 4/27/2010 7:26:57 PM | Computer Name = NR | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/27/2010 7:26:57 PM | Computer Name = NR | Source = Service Control Manager | ID = 7034
Description = The MozyHome Backup Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/27/2010 7:26:57 PM | Computer Name = NR | Source = Service Control Manager | ID = 7034
Description = The Remote Procedure Call (RPC) Net service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/27/2010 7:26:58 PM | Computer Name = NR | Source = Service Control Manager | ID = 7034
Description = The ToolTipFixer service terminated unexpectedly. It has done this
1 time(s).

Error - 4/27/2010 7:26:58 PM | Computer Name = NR | Source = Service Control Manager | ID = 7034
Description = The USBDLM service terminated unexpectedly. It has done this 1 time(s).

Error - 4/27/2010 7:29:57 PM | Computer Name = NR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 4/27/2010 7:30:28 PM | Computer Name = NR | Source = Service Control Manager | ID = 7000
Description = The Print Port Scanner Driver service failed to start due to the following
error: %%1058

Error - 4/27/2010 7:30:31 PM | Computer Name = NR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

OTL.txt

OTL logfile created on: 4/27/2010 9:27:02 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\NR Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 118.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 28.04 Gb Free Space | 75.26% Space Free | Partition Type: NTFS
Drive D: | 19.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 980.45 Mb Total Space | 592.13 Mb Free Space | 60.39% Space Free | Partition Type: FAT32
Drive F: | 3.76 Gb Total Space | 2.99 Gb Free Space | 79.48% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NR
Current User Name: NR Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/27 19:11:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NR Admin\Desktop\OTL.exe
PRC - [2010/04/02 20:41:49 | 000,522,736 | ---- | M] (Google Inc.) -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/21 02:58:49 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/24 16:59:04 | 007,262,720 | ---- | M] (DonationCoder.com) -- C:\Program Files\Clipboard Help+Spell\ClipboardHelpAndSpell.exe
PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/09/21 18:45:40 | 001,273,856 | ---- | M] (Don HO [email protected]) -- C:\Program Files\Notepad++\notepad++.exe
PRC - [2009/07/07 16:50:06 | 000,223,232 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- F:\USBDLM\USBDLM.EXE
PRC - [2008/10/14 13:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/08/27 18:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/21 14:26:54 | 000,720,896 | ---- | M] (Pollen Software Pty Ltd) -- C:\Program Files\Task-o-Matic\Task-O-Matic.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 19:11:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NR Admin\Desktop\OTL.exe
MOD - [2004/08/04 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (mschedsvc)
SRV - File not found [On_Demand | Stopped] -- -- (DfSdkS)
SRV - File not found [Disabled | Stopped] -- -- (AutoLogon)
SRV - [2010/03/21 02:58:49 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/07/07 16:50:06 | 000,223,232 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- F:\USBDLM\USBDLM.EXE -- (USBDLM)
SRV - [2008/10/14 13:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/08/27 18:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [1997/05/15 00:49:22 | 000,013,312 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\twain_32\SiPix\SCBLINK2\srvany.exe -- (Blink2PnP)


========== Driver Services (SafeList) ==========

DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 09:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/09/30 07:19:14 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/02/17 22:49:30 | 000,150,544 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/06/27 09:56:50 | 000,031,872 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\superwebcam.sys -- (SUPERWEBCAM)
DRV - [2005/04/29 01:37:50 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/19 11:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/15 16:46:04 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/03/15 18:32:00 | 000,008,704 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/03/04 17:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/25 03:33:26 | 000,102,320 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/14 04:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 04:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 04:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 04:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 04:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 04:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 04:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 04:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 04:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 05:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 19:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 14:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 14:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/11/15 19:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/17 06:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 02:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 02:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/06/28 13:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/10/27 19:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/10/22 23:15:02 | 000,067,024 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/24 22:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cfadisk.sys -- (cfadisk)
DRV - [2002/12/17 12:13:40 | 000,397,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\biomini.sys -- (DCamUSBBVI)
DRV - [2001/08/17 14:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=iglk"
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.10
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.99
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/04/23 11:53:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 10:46:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 10:46:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/15 10:46:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/15 10:46:38 | 000,000,000 | ---D | M]

[2010/04/07 23:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Extensions
[2010/04/07 23:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/17 04:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\extensions
[2010/03/23 22:21:42 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2010/03/15 11:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\extensions\[email protected]
[2010/04/17 04:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/09/01 11:34:42 | 001,312,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/04/20 18:08:28 | 000,391,944 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13540 more lines...
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search CE) - {435FAE9B-81A9-49D8-A0B1-A85ED3121976} - C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchBand300000061.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Clipboard Help+Spell] C:\Program Files\Clipboard Help+Spell\ClipboardHelpAndSpell.exe (DonationCoder.com)
O4 - Startup: C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Note++.lnk.lnk = C:\Program Files\Notepad++\notepad++.exe (Don HO [email protected])
O4 - Startup: C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe (3B Software, Inc.)
O4 - Startup: C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Task-O-Matic.lnk = C:\Program Files\Task-o-Matic\Task-O-Matic.exe (Pollen Software Pty Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 144
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Value error. File not found
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Printee - {E55E1F27-11DA-0001-0002-00AABB000004} - Reg Error: Key error. File not found
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcp...ols/pcmatic.cab (VersionControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\printee {E55E1F27-11DA-0001-0002-00AA00000006} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/10 09:08:24 | 000,000,000 | ---D | M] - F:\auto save -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/05/13 22:04:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 90 Days ==========

[2010/04/27 20:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\3B Software
[2010/04/27 19:13:11 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NR Admin\Desktop\TFC.exe
[2010/04/27 19:11:50 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NR Admin\Desktop\OTL.exe
[2010/04/27 18:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/27 18:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ImageConverter Plus
[2010/04/27 18:03:49 | 000,180,224 | ---- | C] (fCoder Group International) -- C:\WINDOWS\System32\cnvshell.dll
[2010/04/27 18:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\Image Converter Plus
[2010/04/27 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\ImageConverter Plus
[2010/04/26 13:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Desktop\SESSIONS for Note++
[2010/04/23 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/23 11:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/23 11:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/22 04:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Locate
[2010/04/20 09:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Downloads
[2010/04/20 00:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Copernic Desktop Search - Corporate
[2010/04/15 21:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\ForceField Shared Files
[2010/04/15 21:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\CheckPoint
[2010/04/15 21:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/15 02:29:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NR Admin\Recent
[2010/04/14 01:18:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NR Admin\Application Data\MyMorph
[2010/04/14 01:18:04 | 000,000,000 | ---D | C] -- C:\Binaries
[2010/04/14 01:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\MyMorph
[2010/04/13 08:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\ALL CAFE docs various
[2010/04/10 22:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Copernic
[2010/04/09 21:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\Malwarebytes
[2010/04/09 21:28:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/09 21:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/09 21:28:14 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/09 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/09 20:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/09 19:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Desktop\how_2108614_gmail-mail-messages-using-thunderbird_files
[2010/04/09 03:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Copernic
[2010/04/09 03:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Copernic Agent
[2010/04/08 23:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\Copernic
[2010/04/08 23:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\Copernic
[2010/04/07 23:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/04/07 08:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\MozyHome
[2010/04/07 08:18:54 | 009,758,584 | ---- | C] (Mozy, Inc.) -- C:\Program Files\mozy-1_16_4_0-9388.exe
[2010/04/06 04:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/28 23:22:53 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/03/28 00:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Donar MP3 Recorder
[2010/03/22 00:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\ROBO User Data - Passcards and Identies
[2010/03/21 20:28:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/03/21 20:26:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/03/21 20:26:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/03/21 20:25:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/03/20 14:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\COLORS RGB Hex codes
[2010/03/19 21:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/03/19 04:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2010/03/19 02:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/19 02:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/19 02:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/14 22:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/11 00:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zero G Registry
[2010/03/11 00:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Thesaurus 3
[2010/03/11 00:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\InstallAnywhere
[2010/03/08 14:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\Desktop Apps
[2010/03/03 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\USBDLM
[2010/03/03 06:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Restore
[2010/03/03 05:31:43 | 000,499,200 | ---- | C] (Quick And Easy Software) -- C:\Documents and Settings\NR Admin\Desktop\USB Eject.exe
[2010/03/02 22:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2010/03/02 22:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\GoodSync
[2010/02/25 11:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\ComodoGroup
[2010/02/25 11:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Unknown Device Identifier
[2010/02/24 18:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\Comodo
[2010/02/24 18:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2010/02/24 12:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Desktop\For a man to conquer himself is the first and noblest of all victories
[2010/02/22 13:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/17 17:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/02/13 11:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Desktop\Process's
[2010/02/07 05:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gtek
[2010/02/07 05:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\GTek
[2010/02/06 00:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\NuCam
[2010/02/05 22:46:06 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\umaxscan.dll
[2010/02/05 22:46:06 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/02/03 04:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/02/03 04:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/02 01:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Free File Commander
[2010/01/31 11:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\SumatraPDF
[2010/01/31 11:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2010/01/30 03:12:23 | 000,000,000 | ---D | C] -- C:\PSFONTS
[2010/01/30 03:10:02 | 000,000,000 | ---D | C] -- C:\KPCMS
[2010/01/30 03:10:01 | 000,199,168 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\kpcp32.dll
[2010/01/30 03:10:01 | 000,039,424 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\kpsys32.dll
[2010/01/30 03:10:00 | 000,083,968 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\kpapi32.dll
[2010/01/30 03:09:58 | 000,249,856 | ---- | C] (Play Incorporated) -- C:\WINDOWS\System32\Snap32n.dll
[2010/01/30 03:09:54 | 000,415,232 | ---- | C] (Storm Technology, Inc.) -- C:\WINDOWS\System32\EZIMG25.dll
[2010/01/30 03:09:54 | 000,027,648 | ---- | C] (Storm Technology, Inc.) -- C:\WINDOWS\System32\cppenv25.dll
[2010/01/30 03:09:53 | 000,004,080 | ---- | C] (Storm Software, Inc.) -- C:\WINDOWS\System32\WINSIZE.DLL
[2010/01/29 02:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/01/29 02:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/01/28 23:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Task-o-Matic
[2010/01/28 22:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\iFinger

========== Files - Modified Within 90 Days ==========

[2010/04/27 21:27:36 | 017,154,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/04/27 20:30:12 | 000,066,301 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_27_2010_8_30_11_PM.bkp
[2010/04/27 20:14:29 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Scheduler.lnk
[2010/04/27 20:14:19 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Registry Repair Pro.lnk
[2010/04/27 19:30:06 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/04/27 19:30:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/04/27 19:29:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 19:28:33 | 000,196,148 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/04/27 19:28:29 | 013,369,344 | ---- | M] () -- C:\Documents and Settings\NR Admin\ntuser.dat
[2010/04/27 19:28:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\NR Admin\ntuser.ini
[2010/04/27 19:13:11 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NR Admin\Desktop\TFC.exe
[2010/04/27 19:11:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NR Admin\Desktop\OTL.exe
[2010/04/27 18:56:55 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\HiJackThis.lnk
[2010/04/27 18:03:54 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\ImageConverter Plus.lnk
[2010/04/27 15:43:53 | 000,005,866 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\clipboard_vectorized.png
[2010/04/27 14:59:11 | 000,069,305 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_27_2010_2_59_11_PM.bkp
[2010/04/27 07:51:06 | 000,024,136 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Henny-Dangerfield combined
[2010/04/27 06:28:24 | 000,494,648 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Header got hookVM VAR 1_0004_Background copy 4.psd
[2010/04/27 05:04:13 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\((---chrome task mgr
[2010/04/26 22:24:39 | 000,068,283 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_26_2010_10_24_38_PM.bkp
[2010/04/26 14:53:07 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] general
[2010/04/26 14:52:41 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:51:48 | 000,003,008 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] Ins neutral
[2010/04/26 14:47:48 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:47:18 | 000,002,866 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:42:53 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:42:35 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] BIG Foot
[2010/04/26 14:41:29 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:38:06 | 000,001,342 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:37:41 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:36:38 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:13:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 10:52:05 | 000,064,405 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_26_2010_10_52_05_AM.bkp
[2010/04/25 15:39:26 | 000,052,804 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_25_2010_3_39_25_PM.bkp
[2010/04/25 12:21:11 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/23 12:12:41 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Roboform Sort
[2010/04/23 11:36:16 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/23 11:35:03 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\ZoneAlarm Security.lnk
[2010/04/23 09:56:44 | 003,427,810 | -H-- | M] () -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\IconCache.db
[2010/04/23 09:51:44 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\MozyHome Remote Backup.lnk
[2010/04/22 07:06:05 | 000,011,580 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\POD - Zazzle - General Descriptions
[2010/04/22 04:58:24 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Locate32.lnk
[2010/04/22 04:23:52 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Holiday gadget
[2010/04/21 00:44:11 | 001,257,947 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ZA files settings other.xml
[2010/04/20 18:08:28 | 000,391,944 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/20 11:52:43 | 003,286,267 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\PinTypesneon FX#2.psd
[2010/04/20 00:51:41 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Copernic Desktop Search - Corporate.lnk
[2010/04/19 22:27:40 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\browser shots
[2010/04/19 01:15:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/17 09:00:53 | 000,237,418 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Road sign.psd
[2010/04/17 08:48:07 | 001,592,543 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Header got hookVM VAR 1.psd
[2010/04/15 01:16:09 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Google Chrome.lnk
[2010/04/13 05:21:32 | 000,001,202 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\My Documents.lnk
[2010/04/12 20:05:38 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2010/04/12 20:05:37 | 000,000,376 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/12 20:05:37 | 000,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/12 02:42:17 | 000,008,971 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\site sign ins.html
[2010/04/10 22:44:30 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Copernic Desltop search registration number
[2010/04/09 21:28:23 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 20:59:34 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Spybot need manual updates.lnk
[2010/04/09 19:02:16 | 000,124,271 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\how_2108614_gmail-mail-messages-using-thunderbird.html
[2010/04/09 05:48:41 | 000,000,417 | ---- | M] () -- C:\WINDOWS\tasks\1 Copernic Intra-Daily ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,403 | ---- | M] () -- C:\WINDOWS\tasks\4 Copernic Monthly ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\3 Copernic Weekly ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,393 | ---- | M] () -- C:\WINDOWS\tasks\2 Copernic Daily ~NR NR Admin.job
[2010/04/09 05:36:03 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Copernic SEARCH.lnk
[2010/04/09 04:40:07 | 005,870,198 | ---- | M] () -- C:\Program Files\Copernic_Agent_Pro_612.rar
[2010/04/08 05:38:00 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\4-8 notes
[2010/04/08 01:42:46 | 002,573,254 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\bookmarks-2009-11-17firefox bookmarks.json
[2010/04/08 01:40:28 | 002,665,476 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\bookmarks-2009-11-17firefox bookmarks.json.rtf
[2010/04/07 23:09:40 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/04/07 08:21:17 | 009,758,584 | ---- | M] (Mozy, Inc.) -- C:\Program Files\mozy-1_16_4_0-9388.exe
[2010/04/06 04:46:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\My Comp.lnk
[2010/04/06 04:41:28 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\CCleaner.lnk
[2010/04/06 01:37:17 | 000,433,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/06 01:37:17 | 000,068,182 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/06 01:37:16 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/31 18:28:41 | 000,004,933 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Stalled print job fix
[2010/03/31 03:59:15 | 000,165,758 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\all robo as of 4-2010.htm
[2010/03/30 22:46:01 | 000,007,678 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\cc_20100330_214550.reg
[2010/03/30 07:42:18 | 000,011,443 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Email sign ins Spreadsheet.rtf
[2010/03/30 07:39:04 | 000,010,001 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Copy of Blog sign ins Spread sheet.rtf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 06:52:46 | 000,000,425 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Defraggler.lnk
[2010/03/28 06:01:28 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Google owns you
[2010/03/26 05:09:04 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Vector Magic.lnk
[2010/03/25 05:09:58 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\ImageEnlarger.exe.lnk
[2010/03/25 05:00:28 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/03/24 05:16:23 | 000,010,140 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Tree Shows all files info
[2010/03/23 17:55:15 | 000,016,405 | ---- | M] () -- C:\rollback.ini
[2010/03/22 19:23:46 | 000,035,707 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Program Control Programs - ZoneAlarm User Community.htm
[2010/03/22 00:17:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac976955aa7e0.job
[2010/03/21 18:08:13 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Cascade.lnk
[2010/03/21 14:02:33 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/03/21 13:10:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2010/03/21 02:58:49 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2010/03/20 14:34:42 | 000,008,761 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\RGB Hex codes for html documents.htm
[2010/03/16 18:51:36 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Start Up Tuner.lnk
[2010/03/14 22:53:32 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/14 19:34:31 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Open With Add.exe.lnk
[2010/03/14 18:08:18 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Context EDIT.exe.lnk
[2010/03/11 15:29:16 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\GOOG Operators.lnk
[2010/03/11 00:47:17 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Visual Thesaurus.lnk
[2010/03/11 00:45:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\.pvte
[2010/03/08 14:54:50 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Taskbar and Start Menu.lnk
[2010/03/04 02:25:11 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\PDF.exe.lnk
[2010/03/02 22:55:44 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GoodSync.lnk
[2010/02/28 22:32:24 | 000,004,818 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\clipboard 10 17.clx.rtf
[2010/02/26 21:12:14 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\VILMA.lnk
[2010/02/26 17:39:58 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\NR Admin\Cascade.js
[2010/02/26 17:32:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Cascade.js
[2010/02/25 16:03:08 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 11:39:37 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Identify Unknown Device.lnk
[2010/02/23 11:23:29 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Permanent F Drive.lnk
[2010/02/21 16:31:08 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Task-O-Matic.lnk
[2010/02/14 20:43:57 | 000,019,103 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\100 PS TIPS GOOD TO REVIEW.htm
[2010/02/12 07:59:19 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Note++.lnk.lnk
[2010/02/08 23:43:19 | 000,000,648 | ---- | M] () -- C:\WINDOWS\videoimp.ini
[2010/02/07 05:38:10 | 000,002,612 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2010/02/04 05:11:43 | 003,452,396 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\document.pdf
[2010/02/03 00:12:06 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\PhoSho.lnk
[2010/02/02 17:47:19 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\How-To INSTALL Commands (2).lnk
[2010/02/02 05:51:56 | 000,377,755 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100409-235426.backup
[2010/02/02 05:51:56 | 000,377,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100420-134342.backup
[2010/02/02 05:40:00 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Spybot.lnk
[2010/02/02 05:39:59 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Shred.lnk
[2010/02/02 03:00:03 | 000,033,895 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\IE favelets.rtf
[2010/01/30 23:13:14 | 000,281,729 | ---- | M] () -- C:\Documents and Settings\NR Admin\.recently-used.xbel
[2010/01/30 22:30:49 | 000,045,016 | ---- | M] () -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/30 04:44:22 | 000,000,190 | ---- | M] () -- C:\WINDOWS\Adobereg.db
[2010/01/30 03:16:25 | 000,287,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/30 03:10:00 | 000,000,114 | ---- | M] () -- C:\WINDOWS\kpcms.ini
[2010/01/28 23:45:47 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Task-O.lnk
[2010/01/28 22:12:09 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iFinger.lnk

========== Files Created - No Company Name ==========

[2010/04/27 20:30:11 | 000,066,301 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_27_2010_8_30_11_PM.bkp
[2010/04/27 20:14:20 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Scheduler.lnk
[2010/04/27 20:14:19 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Registry Repair Pro.lnk
[2010/04/27 19:14:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\gmer.exe
[2010/04/27 18:56:45 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\HiJackThis.lnk
[2010/04/27 18:03:54 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\ImageConverter Plus.lnk
[2010/04/27 15:43:53 | 000,005,866 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\clipboard_vectorized.png
[2010/04/27 14:59:11 | 000,069,305 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_27_2010_2_59_11_PM.bkp
[2010/04/27 06:28:24 | 000,494,648 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Header got hookVM VAR 1_0004_Background copy 4.psd
[2010/04/27 05:04:13 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\((---chrome task mgr
[2010/04/26 22:24:39 | 000,068,283 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_26_2010_10_24_38_PM.bkp
[2010/04/26 14:39:44 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:37:30 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:36:25 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:27:36 | 000,002,305 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] general
[2010/04/26 14:26:11 | 000,003,008 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] Ins neutral
[2010/04/26 14:13:59 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:13:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:13:03 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:11:53 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:11:25 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 14:11:11 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] BIG Foot
[2010/04/26 14:10:53 | 000,002,866 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/26 10:52:05 | 000,064,405 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_26_2010_10_52_05_AM.bkp
[2010/04/25 15:39:26 | 000,052,804 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_25_2010_3_39_25_PM.bkp
[2010/04/23 12:12:41 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Roboform Sort
[2010/04/23 11:35:03 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\ZoneAlarm Security.lnk
[2010/04/23 11:34:51 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/23 09:51:44 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\MozyHome Remote Backup.lnk
[2010/04/22 04:58:24 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Locate32.lnk
[2010/04/22 04:23:52 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Holiday gadget
[2010/04/21 00:44:11 | 001,257,947 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ZA files settings other.xml
[2010/04/20 11:52:41 | 003,286,267 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\PinTypesneon FX#2.psd
[2010/04/20 00:44:27 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Copernic Desktop Search - Corporate.lnk
[2010/04/19 21:58:56 | 000,024,136 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Henny-Dangerfield combined
[2010/04/19 21:52:40 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\browser shots
[2010/04/17 09:00:51 | 000,237,418 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Road sign.psd
[2010/04/17 08:48:04 | 001,592,543 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Header got hookVM VAR 1.psd
[2010/04/13 05:09:02 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\My Documents.lnk
[2010/04/10 22:44:30 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Copernic Desltop search registration number
[2010/04/09 21:28:23 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 20:37:00 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Spybot need manual updates.lnk
[2010/04/09 19:02:02 | 000,124,271 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\how_2108614_gmail-mail-messages-using-thunderbird.html
[2010/04/09 05:36:03 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Copernic SEARCH.lnk
[2010/04/09 05:36:03 | 000,000,417 | ---- | C] () -- C:\WINDOWS\tasks\1 Copernic Intra-Daily ~NR NR Admin.job
[2010/04/09 05:36:03 | 000,000,403 | ---- | C] () -- C:\WINDOWS\tasks\4 Copernic Monthly ~NR NR Admin.job
[2010/04/09 05:36:03 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\3 Copernic Weekly ~NR NR Admin.job
[2010/04/09 05:36:03 | 000,000,393 | ---- | C] () -- C:\WINDOWS\tasks\2 Copernic Daily ~NR NR Admin.job
[2010/04/09 05:28:44 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2010/04/09 05:24:28 | 005,898,200 | ---- | C] () -- C:\Program Files\Copernic Agent Pro 612.exe
[2010/04/09 04:39:59 | 005,870,198 | ---- | C] () -- C:\Program Files\Copernic_Agent_Pro_612.rar
[2010/04/08 05:38:00 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\4-8 notes
[2010/04/08 01:40:27 | 002,665,476 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\bookmarks-2009-11-17firefox bookmarks.json.rtf
[2010/04/07 23:09:40 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/04/06 04:46:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\My Comp.lnk
[2010/04/06 04:41:28 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\CCleaner.lnk
[2010/03/31 18:28:41 | 000,004,933 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Stalled print job fix
[2010/03/31 03:31:50 | 000,165,758 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\all robo as of 4-2010.htm
[2010/03/30 22:45:55 | 000,007,678 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\cc_20100330_214550.reg
[2010/03/30 07:42:18 | 000,011,443 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Email sign ins Spreadsheet.rtf
[2010/03/30 07:39:04 | 000,010,001 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Copy of Blog sign ins Spread sheet.rtf
[2010/03/28 06:52:47 | 000,000,425 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Defraggler.lnk
[2010/03/28 06:01:19 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Google owns you
[2010/03/26 05:09:04 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Vector Magic.lnk
[2010/03/24 05:47:18 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\ImageEnlarger.exe.lnk
[2010/03/24 04:26:12 | 000,010,140 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Tree Shows all files info
[2010/03/24 00:26:37 | 000,011,580 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\POD - Zazzle - General Descriptions
[2010/03/22 19:23:45 | 000,035,707 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Program Control Programs - ZoneAlarm User Community.htm
[2010/03/22 00:17:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac976955aa7e0.job
[2010/03/20 14:34:41 | 000,008,761 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\RGB Hex codes for html documents.htm
[2010/03/19 04:08:09 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Handy Moby (2).lnk
[2010/03/16 18:51:39 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Start Up Tuner.lnk
[2010/03/14 22:53:32 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/14 19:34:31 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Open With Add.exe.lnk
[2010/03/14 18:08:30 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Context EDIT.exe.lnk
[2010/03/11 15:29:15 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\GOOG Operators.lnk
[2010/03/11 00:48:05 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Visual Thesaurus.lnk
[2010/03/11 00:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\.pvte
[2010/03/08 14:54:50 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Taskbar and Start Menu.lnk
[2010/03/04 02:25:11 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\PDF.exe.lnk
[2010/03/02 22:55:44 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GoodSync.lnk
[2010/02/28 22:32:24 | 000,004,818 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\clipboard 10 17.clx.rtf
[2010/02/26 21:12:26 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\VILMA.lnk
[2010/02/26 17:40:06 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Cascade.lnk
[2010/02/26 17:37:40 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\NR Admin\Cascade.js
[2010/02/26 17:32:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Cascade.js
[2010/02/26 01:17:54 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\How-To INSTALL Commands (2).lnk
[2010/02/25 11:39:37 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Identify Unknown Device.lnk
[2010/02/21 16:31:08 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Task-O-Matic.lnk
[2010/02/20 13:45:23 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Note++.lnk.lnk
[2010/02/07 05:38:09 | 000,002,612 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2010/02/06 00:52:17 | 000,397,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\biomini.sys
[2010/02/06 00:52:17 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\B2Filter.ax
[2010/02/06 00:52:17 | 000,014,061 | ---- | C] () -- C:\WINDOWS\BLINK2DS.ini
[2010/02/06 00:52:17 | 000,007,438 | ---- | C] () -- C:\WINDOWS\BLINK2DS.src
[2010/02/04 05:26:29 | 003,452,396 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\document.pdf
[2010/02/03 00:12:06 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\PhoSho.lnk
[2010/02/02 23:43:03 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Shred.lnk
[2010/02/02 05:40:00 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Spybot.lnk
[2010/02/02 03:00:03 | 000,033,895 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\IE favelets.rtf
[2010/01/30 23:13:14 | 000,281,729 | ---- | C] () -- C:\Documents and Settings\NR Admin\.recently-used.xbel
[2010/01/30 09:13:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/01/30 09:12:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/01/30 09:12:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/01/30 09:12:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/01/30 09:12:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/01/30 09:12:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/01/30 09:12:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/01/30 09:12:48 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/01/30 09:12:48 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/01/30 09:12:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/01/30 09:12:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/01/30 09:12:46 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/01/30 09:12:46 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/01/30 09:12:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/01/30 09:12:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/01/30 09:12:46 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/01/30 09:12:46 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/01/30 09:12:41 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/01/30 09:12:23 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/01/30 09:12:18 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/01/30 09:11:58 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/01/30 03:10:00 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2010/01/30 03:09:59 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/01/30 03:09:59 | 000,000,190 | ---- | C] () -- C:\WINDOWS\Adobereg.db
[2010/01/28 23:45:47 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Task-O.lnk
[2010/01/28 22:12:09 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iFinger.lnk
[2010/01/28 05:08:42 | 000,019,103 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\100 PS TIPS GOOD TO REVIEW.htm
[2010/01/21 05:30:37 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win2000X48.DLL
[2010/01/15 19:34:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/11 00:41:41 | 000,000,058 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/12/23 12:38:20 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2009/11/29 18:27:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HMIPCore.dll
[2009/10/09 22:02:58 | 000,000,648 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2009/10/09 22:02:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/10/01 09:33:36 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009/09/30 07:24:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/30 07:24:13 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/30 07:18:52 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2009/09/30 07:18:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2009/09/30 07:18:52 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2009/09/30 07:18:52 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2009/09/30 07:18:01 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2005/05/14 00:19:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/14 00:19:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/14 00:19:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/14 00:19:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/14 00:19:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/14 00:19:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/13 23:26:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/13 23:25:25 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/13 23:25:25 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/13 23:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/13 23:20:59 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/13 22:27:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/13 22:11:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/13 22:01:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/13 21:10:10 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/13 21:06:07 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/03/28 18:59:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/03/28 18:44:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/03/25 12:59:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/03/15 13:50:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004/07/28 19:19:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/12/02 03:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/04/20 00:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Copernic
[2009/10/03 23:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2010/03/02 22:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/12/11 06:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2009/12/02 03:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page
[2010/01/29 02:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/04/23 11:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/12/23 12:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/14 00:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/19 04:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Ashampoo
[2010/04/27 05:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\AutoSizer
[2010/04/23 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\CheckPoint
[2010/04/09 05:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Copernic
[2010/03/08 14:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Desktop Apps
[2009/10/03 23:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\DonationCoder
[2010/04/27 00:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\GoodSync
[2010/01/30 23:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\gtk-2.0
[2009/12/24 13:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Irido
[2009/11/23 19:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Locate32
[2009/10/01 10:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\MSNInstaller
[2010/04/14 01:24:34 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\NR Admin\Application Data\MyMorph
[2009/10/03 09:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Notepad++
[2010/01/03 00:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Optimal Data
[2009/10/30 08:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Safer Networking
[2009/11/04 13:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\SteelBytes
[2010/01/31 11:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\SumatraPDF
[2009/12/05 05:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Template
[2010/04/07 23:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Thunderbird
[2010/02/07 04:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\toshiba
[2009/09/30 10:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\VSRevoGroup
[2010/04/09 05:48:41 | 000,000,417 | ---- | M] () -- C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,393 | ---- | M] () -- C:\WINDOWS\Tasks\2 Copernic Daily ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\3 Copernic Weekly ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,403 | ---- | M] () -- C:\WINDOWS\Tasks\4 Copernic Monthly ~NR NR Admin.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/16 21:11:52 | 000,003,115 | ---- | M] () -- C:\ashampoo-acdw-log.txt
[2010/04/12 20:05:38 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2009/11/21 00:36:01 | 000,000,070 | ---- | M] () -- C:\download file names text.txt
[2009/11/21 00:37:59 | 000,000,072 | ---- | M] () -- C:\downloadfilenamestext.bat
[2009/10/09 00:23:51 | 000,000,263 | -H-- | M] () -- C:\hpothb07.dat
[2009/10/09 00:23:51 | 000,000,501 | -H-- | M] () -- C:\hpothb07.tif
[2005/05/13 22:05:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/05/14 00:22:53 | 000,000,893 | -H-- | M] () -- C:\IPH.PH
[2005/05/13 22:05:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/22 17:02:30 | 000,006,956 | ---- | M] () -- C:\mydocuments.txt
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/27 19:29:03 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2010/03/23 17:55:15 | 000,016,405 | ---- | M] () -- C:\rollback.ini
[2010/04/07 23:05:31 | 009,028,040 | ---- | M] (Mozilla) -- C:\Thunderbird Setup 3.0.4.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/05/13 14:56:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/05/13 14:56:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/05/13 14:56:00 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\My Documents\USA Jobs info.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\My Documents\Travel reviews Hack.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\My Documents\File List How To.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\My Documents\Bk Marklets Template-maker.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\Cascade.js:SummaryInformation
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39413AC3
< End of report >

Malewarebytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3973

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/27/2010 11:02:29 PM
mbam-log-2010-04-27 (23-02-29).txt

Scan type: Quick scan
Objects scanned: 103127
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thank You. Cheers!
NR

"My doctor told me to watch my drinking. Now I drink in front of a mirror." (Dangerfield)
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
1NR1

1NR1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello,

Your instructions were user "friendly. You are not really a 'ghost' are you?

Follows is the ComboFix log as requested. Thanks again for youe expertise and patience. Cheers!
NR

"The last horse I bet on was so slow, the jockey kept a diary of the trip." (Dangerfield)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 10-04-27.02 - NR Admin 04/28/2010 8:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.114 [GMT -4:00]
Running from: c:\documents and settings\NR Admin\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NR Admin\Favorites\.url
c:\recycler\S-1-5-21-1390067357-842925246-1343024091-1003
c:\recycler\S-1-5-21-2139898565-21905198-2536133903-1003
c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-28 12:42 . 2010-04-28 12:42 -------- d-----w- C:\_OTL
2010-04-27 22:56 . 2010-04-27 22:56 -------- d-----w- c:\program files\Trend Micro
2010-04-23 15:35 . 2009-11-22 19:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-04-23 15:35 . 2009-11-22 19:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-04-23 15:34 . 2010-04-23 15:35 -------- d-----w- c:\windows\system32\ZoneLabs
2010-04-23 15:34 . 2009-11-22 19:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-04-23 15:34 . 2010-04-23 15:34 -------- d-----w- c:\program files\Zone Labs
2010-04-23 15:27 . 2010-04-28 12:51 -------- d-----w- c:\windows\Internet Logs
2010-04-22 08:57 . 2010-04-22 08:58 -------- d-----w- c:\program files\Locate
2010-04-20 13:42 . 2010-04-20 13:42 -------- d-----w- c:\documents and settings\NR Admin\Downloads
2010-04-20 04:44 . 2010-04-20 04:51 -------- d-----w- c:\program files\Copernic Desktop Search - Corporate
2010-04-20 04:43 . 2008-08-08 16:38 5873 ----a-w- c:\documents and settings\All Users\Application Data\Copernic\CopernicSystem.dll
2010-04-16 01:09 . 2010-04-23 15:18 -------- d-----w- c:\documents and settings\NR Admin\Application Data\CheckPoint
2010-04-14 05:18 . 2010-04-14 05:24 -------- d--h--r- c:\documents and settings\NR Admin\Application Data\MyMorph
2010-04-14 05:18 . 2010-04-14 05:18 -------- d-----w- C:\Binaries
2010-04-14 05:18 . 2010-04-14 05:18 -------- d-----w- c:\program files\MyMorph
2010-04-11 02:39 . 2010-04-20 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Copernic
2010-04-10 01:28 . 2010-04-10 01:28 -------- d-----w- c:\documents and settings\NR Admin\Application Data\Malwarebytes
2010-04-10 01:28 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 01:28 . 2010-04-10 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-10 01:28 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 01:28 . 2010-04-10 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 00:36 . 2010-04-20 17:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-09 09:28 . 2001-07-11 19:09 109782 ----a-w- c:\windows\CopernicAgentUninstall.exe
2010-04-09 09:24 . 2005-02-24 02:54 5898200 ----a-w- c:\program files\Copernic Agent Pro 612.exe
2010-04-09 07:12 . 2010-04-09 09:28 -------- d-----w- c:\program files\Common Files\Copernic
2010-04-09 07:12 . 2010-04-09 09:30 -------- d-----w- c:\program files\Copernic Agent
2010-04-09 03:52 . 2010-04-20 04:43 -------- d-----w- c:\documents and settings\NR Admin\Local Settings\Application Data\Copernic
2010-04-09 03:52 . 2010-04-09 09:36 -------- d-----w- c:\documents and settings\NR Admin\Application Data\Copernic
2010-04-08 03:09 . 2010-04-28 12:32 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-08 02:17 . 2010-04-08 03:05 9028040 ----a-w- C:\Thunderbird Setup 3.0.4.exe
2010-04-07 12:25 . 2010-01-04 15:36 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-04-07 12:25 . 2010-04-07 12:25 -------- d-----w- c:\program files\MozyHome
2010-04-07 12:18 . 2010-04-07 12:21 9758584 ----a-w- c:\program files\mozy-1_16_4_0-9388.exe
2010-04-06 08:41 . 2010-04-06 08:41 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 13:06 . 2009-09-30 17:56 19755040 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-28 12:47 . 2009-10-04 03:11 -------- d-----w- c:\program files\Clipboard Help+Spell
2010-04-28 12:47 . 2009-09-30 11:17 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-04-28 12:47 . 2009-09-30 12:57 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-04-28 12:45 . 2009-09-30 17:56 217100 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-28 12:03 . 2005-05-14 04:02 -------- d-----w- c:\program files\Google
2010-04-28 05:38 . 2010-01-20 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-28 04:01 . 2009-10-04 06:03 -------- d-----w- c:\documents and settings\NR Admin\Application Data\AutoSizer
2010-04-28 03:48 . 2005-05-14 02:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 03:38 . 2010-04-28 03:39 1878016 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-04-28 03:38 . 2010-04-28 03:40 1639936 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-04-27 10:00 . 2010-01-29 03:03 -------- d-----w- c:\program files\Task-o-Matic
2010-04-27 04:15 . 2010-03-03 02:55 -------- d-----w- c:\documents and settings\NR Admin\Application Data\GoodSync
2010-04-26 19:11 . 2009-12-03 04:15 -------- d-----w- c:\program files\PopUpWisdom
2010-04-26 16:47 . 2009-10-03 13:22 -------- d-----w- c:\program files\Notepad++
2010-04-25 16:21 . 2009-09-30 14:48 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-23 15:52 . 2009-10-08 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-04-23 04:36 . 2010-02-17 21:39 -------- d-----w- c:\program files\Siber Systems
2010-04-15 06:23 . 2005-05-14 03:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-14 06:55 . 2009-10-12 03:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-09 08:40 . 2010-04-09 08:39 5870198 ----a-w- c:\program files\Copernic_Agent_Pro_612.rar
2010-04-08 03:09 . 2009-10-11 03:41 -------- d-----w- c:\documents and settings\NR Admin\Application Data\Thunderbird
2010-03-26 04:07 . 2010-02-25 15:53 -------- d-----w- c:\documents and settings\NR Admin\Application Data\ComodoGroup
2010-03-21 18:02 . 2009-09-30 11:18 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-03-21 06:58 . 2009-09-30 12:57 57752 ------w- c:\windows\system32\rpcnet.exe
2010-03-19 08:23 . 2009-12-02 07:24 -------- d-----w- c:\documents and settings\NR Admin\Application Data\Ashampoo
2010-03-19 06:01 . 2005-05-14 04:00 -------- d-----w- c:\program files\Common Files\Java
2010-03-19 06:01 . 2010-03-19 06:01 61440 ----a-w- c:\documents and settings\NR Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7c653b53-n\decora-sse.dll
2010-03-19 06:01 . 2010-03-19 06:01 503808 ----a-w- c:\documents and settings\NR Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-469f1a35-n\msvcp71.dll
2010-03-19 06:01 . 2010-03-19 06:01 499712 ----a-w- c:\documents and settings\NR Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-469f1a35-n\jmc.dll
2010-03-19 06:01 . 2010-03-19 06:01 348160 ----a-w- c:\documents and settings\NR Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-469f1a35-n\msvcr71.dll
2010-03-19 06:01 . 2010-03-19 06:01 12800 ----a-w- c:\documents and settings\NR Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7c653b53-n\decora-d3d.dll
2010-03-19 05:59 . 2005-05-14 04:00 -------- d-----w- c:\program files\Java
2010-03-15 21:39 . 2010-01-21 04:38 -------- d-----w- c:\program files\ArcSoft
2010-03-11 04:47 . 2010-03-11 04:47 -------- d-----w- c:\program files\Visual Thesaurus 3
2010-03-11 04:47 . 2010-03-11 04:47 -------- d-----w- c:\program files\Zero G Registry
2010-03-08 18:44 . 2010-03-08 18:44 -------- d-----w- c:\documents and settings\NR Admin\Application Data\Desktop Apps
2010-03-04 06:25 . 2010-01-31 15:56 -------- d-----w- c:\program files\SumatraPDF
2010-03-03 18:46 . 2010-03-03 18:46 -------- d-----w- c:\program files\USBDLM
2010-03-03 10:43 . 2010-03-03 10:43 10134 ----a-r- c:\documents and settings\NR Admin\Application Data\Microsoft\Installer\{03B48041-B2CD-476A-87D6-79D0488559A2}\_1F135854BB9EBB561C7154.exe
2010-03-03 10:43 . 2010-03-03 10:43 -------- d-----w- c:\program files\Desktop Restore
2010-03-03 09:49 . 2009-12-21 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-03-03 02:55 . 2010-03-03 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync
2010-02-19 23:13 . 2010-03-24 02:21 536576 ----a-w- c:\documents and settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_31.dll
2010-01-31 02:30 . 2009-09-30 15:02 45016 ----a-w- c:\documents and settings\NR Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-09 04:57 . 2009-12-09 04:57 2 ----a-w- c:\program files\queue.ini
2009-11-21 14:07 . 2009-11-21 14:07 488960 ----a-w- c:\program files\DirPrint.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 15:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 15:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clipboard Help+Spell"="c:\program files\Clipboard Help+Spell\ClipboardHelpAndSpell.exe" [2009-10-24 7262720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

c:\documents and settings\NR Admin\Start Menu\Programs\Startup\
Note++.lnk.lnk - c:\program files\Notepad++\notepad++.exe [2009-9-21 1273856]
Task-O-Matic.lnk - c:\program files\Task-o-Matic\Task-O-Matic.exe [2010-1-28 720896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 01000000
"NoNetworkConnections"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clipboard Help+Spell]
2009-10-24 20:59 7262720 ----a-w- c:\program files\Clipboard Help+Spell\ClipboardHelpAndSpell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Swupdtmr"=3 (0x3)
"mschedsvc"=3 (0x3)
"AutoLogon"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Blink2PnP"=2 (0x2)
"CFSvcs"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"ioloDelayModule"=c:\program files\iolo\System Mechanic Professional 6\delay.exe
"FloatLED"="c:\program files\FloatLED\FloatLED.exe"
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\NR Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\NR Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [1/1/2010 2:15 AM 3712]
S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;c:\windows\system32\drivers\biomini.sys [2/6/2010 12:52 AM 397440]
S3 PORTMON;PORTMON;\??\f:\portmsys.sys --> f:\PORTMSYS.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\1 Copernic Intra-Daily ~NR NR Admin.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-04-09 23:16]

2010-04-09 c:\windows\Tasks\2 Copernic Daily ~NR NR Admin.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-04-09 23:16]

2010-04-09 c:\windows\Tasks\3 Copernic Weekly ~NR NR Admin.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-04-09 23:16]

2010-04-09 c:\windows\Tasks\4 Copernic Monthly ~NR NR Admin.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-04-09 23:16]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac976955aa7e0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 06:40]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743022652-2386339613-646530403-1006Core.job
- c:\documents and settings\NR Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 10:27]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1743022652-2386339613-646530403-1006UA.job
- c:\documents and settings\NR Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 10:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://igoogle.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{E55E1F27-11DA-0001-0002-00AABB000004} - {E55E1F27-11DA-0001-0002-00AA00000004} -
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\Copernic Agent\CopernicAgentExt.dll
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\Copernic Agent\CopernicAgentExt.dll
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF - ProfilePath - c:\documents and settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\documents and settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\NR Admin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\NR Admin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-AutoSizer - c:\program files\AutoSizer\AutoSizer.exe
AddRemove-7-Zip - g:\7zip\7-Zip\Uninstall.exe
AddRemove-Ashampoo StartUp Tuner 2_is1 - e:\ashampoo startup tuner 2\unins000.exe
AddRemove-IrfanView - e:\irfanview\iv_uninstall.exe
AddRemove-Winamp - e:\winamp\UninstWA.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 09:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-04-28 09:09:17
ComboFix-quarantined-files.txt 2010-04-28 13:09

Pre-Run: 29,503,930,368 bytes free
Post-Run: 29,471,596,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 2E1D7ECA182D302C4F074E7496D01D9C
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#5
1NR1

1NR1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello,
This is the information you requested with logs:
Ran TFC.
Ran Malwarebytes.
Kaspersky took 3 tries. First 2 stopped scanning at 51% and 58%. The 3rd and complete scan returned no ("null") results in the report window.

Cheers!

"A bum asked me, "Give me $10 till payday." I asked, "When's payday?" He said, "I don't know, you're the one who is working!"
(Youngman)


========================================================================


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4047

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/28/2010 2:22:43 PM
mbam-log-2010-04-28 (14-22-43).txt

Scan type: Quick scan
Objects scanned: 105904
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thursday, April 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, April 28, 2010 19:05:57
Records in database: 3998522
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
F:\
Scan statistics
Objects scanned 46275
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 03:34:11

No threats found. Scanned area is clean.
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
any redirects ?

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#7
1NR1

1NR1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile you requested posted below.

No redirects. I will need to be more aware of redirects. Should any occur can you suggest any follow-ups?

Thanks for your continued interest in this matter.
NR

"My wife made me join a bridge club. I jump off next Tuesday." (Dangerfield)

===================================================================

OTL logfile created on: 4/29/2010 5:47:39 PM - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\NR Admin\Desktop\UTILS\Geeks togo INFO
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 27.23 Gb Free Space | 73.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 119.13 Mb Total Space | 1.68 Mb Free Space | 1.41% Space Free | Partition Type: FAT32
Drive F: | 3.76 Gb Total Space | 3.10 Gb Free Space | 82.36% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NR
Current User Name: NR Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/27 19:11:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NR Admin\Desktop\UTILS\Geeks togo INFO\OTL.exe
PRC - [2010/03/21 02:58:49 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/24 16:59:04 | 007,262,720 | ---- | M] (DonationCoder.com) -- C:\Program Files\Clipboard Help+Spell\ClipboardHelpAndSpell.exe
PRC - [2009/07/07 16:50:06 | 000,223,232 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- F:\USBDLM\USBDLM.EXE
PRC - [2008/10/14 13:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/08/27 18:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/21 14:26:54 | 000,720,896 | ---- | M] (Pollen Software Pty Ltd) -- C:\Program Files\Task-o-Matic\Task-O-Matic.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 19:11:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NR Admin\Desktop\UTILS\Geeks togo INFO\OTL.exe
MOD - [2004/08/04 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (mschedsvc)
SRV - File not found [On_Demand | Stopped] -- -- (DfSdkS)
SRV - File not found [Disabled | Stopped] -- -- (AutoLogon)
SRV - [2010/03/21 02:58:49 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/07/07 16:50:06 | 000,223,232 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- F:\USBDLM\USBDLM.EXE -- (USBDLM)
SRV - [2008/10/14 13:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/08/27 18:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [1997/05/15 00:49:22 | 000,013,312 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\twain_32\SiPix\SCBLINK2\srvany.exe -- (Blink2PnP)


========== Driver Services (SafeList) ==========

DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/09/30 07:19:14 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/02/17 22:49:30 | 000,150,544 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/06/27 09:56:50 | 000,031,872 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\superwebcam.sys -- (SUPERWEBCAM)
DRV - [2005/04/29 01:37:50 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/19 11:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/15 16:46:04 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/03/15 18:32:00 | 000,008,704 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/03/04 17:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/25 03:33:26 | 000,102,320 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/14 04:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 04:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 04:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 04:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 04:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 04:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 04:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 04:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 04:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 05:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 19:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 14:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 14:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/11/15 19:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/17 06:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 02:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 02:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/06/28 13:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/10/27 19:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/10/22 23:15:02 | 000,067,024 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/24 22:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cfadisk.sys -- (cfadisk)
DRV - [2002/12/17 12:13:40 | 000,397,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\biomini.sys -- (DCamUSBBVI)
DRV - [2001/08/17 14:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=iglk"
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.10
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.99

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 10:46:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 10:46:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/15 10:46:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/15 10:46:38 | 000,000,000 | ---D | M]

[2010/04/07 23:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Extensions
[2010/04/07 23:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/28 08:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\extensions
[2010/03/23 22:21:42 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2010/03/15 11:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Mozilla\Firefox\Profiles\bvz3sbca.default\extensions\[email protected]
[2010/04/28 08:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/09/01 11:34:42 | 001,312,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/04/28 08:42:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - Reg Error: Value error. File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Copernic Desktop Search CE) - {435FAE9B-81A9-49D8-A0B1-A85ED3121976} - C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchBand300000061.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Clipboard Help+Spell] C:\Program Files\Clipboard Help+Spell\ClipboardHelpAndSpell.exe (DonationCoder.com)
O4 - Startup: C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Note++.lnk.lnk = C:\Program Files\Notepad++\notepad++.exe (Don HO [email protected])
O4 - Startup: C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Task-O-Matic.lnk = C:\Program Files\Task-o-Matic\Task-O-Matic.exe (Pollen Software Pty Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Value error. File not found
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Printee - {E55E1F27-11DA-0001-0002-00AABB000004} - Reg Error: Key error. File not found
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcp...ols/pcmatic.cab (VersionControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\printee {E55E1F27-11DA-0001-0002-00AA00000006} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/19 09:41:36 | 004,245,389 | ---- | M] () - E:\AutoFX var w frame AA.png -- [ FAT32 ]
O32 - AutoRun File - [2010/02/10 09:08:24 | 000,000,000 | ---D | M] - F:\auto save -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/29 06:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\Iconico
[2010/04/29 06:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Screen Calipers 4.0
[2010/04/28 14:08:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/28 08:58:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/28 08:55:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/28 08:55:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/28 08:55:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/28 08:55:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/28 08:55:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/28 08:55:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/28 08:42:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/28 01:38:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NR Admin\Recent
[2010/04/27 23:39:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 18:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/27 18:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ImageConverter Plus
[2010/04/27 18:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\Image Converter Plus
[2010/04/26 13:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Desktop\POD ALL
[2010/04/23 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/23 11:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/23 11:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/22 04:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Locate
[2010/04/20 09:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Downloads
[2010/04/20 00:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Copernic Desktop Search - Corporate
[2010/04/15 21:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\ForceField Shared Files
[2010/04/15 21:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\CheckPoint
[2010/04/14 01:18:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NR Admin\Application Data\MyMorph
[2010/04/14 01:18:04 | 000,000,000 | ---D | C] -- C:\Binaries
[2010/04/14 01:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\MyMorph
[2010/04/10 22:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Copernic
[2010/04/09 21:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\Malwarebytes
[2010/04/09 21:28:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/09 21:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/09 21:28:14 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/09 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/09 20:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/09 19:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Desktop\how_2108614_gmail-mail-messages-using-thunderbird_files
[2010/04/09 03:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Copernic
[2010/04/09 03:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Copernic Agent
[2010/04/08 23:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\Copernic
[2010/04/08 23:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\Copernic
[2010/04/07 23:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/04/07 08:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\MozyHome
[2010/04/07 08:18:54 | 009,758,584 | ---- | C] (Mozy, Inc.) -- C:\Program Files\mozy-1_16_4_0-9388.exe
[2010/04/06 04:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/28 23:22:53 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/03/22 00:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\ROBO User Data - Passcards and Identies
[2010/03/21 20:28:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/03/21 20:26:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/03/21 20:26:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/03/21 20:25:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/03/20 14:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\My Documents\COLORS RGB Hex codes
[2010/03/19 21:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/03/19 02:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/19 02:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/14 22:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/11 00:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zero G Registry
[2010/03/11 00:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Thesaurus 3
[2010/03/11 00:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\InstallAnywhere
[2010/03/08 14:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\Desktop Apps
[2010/03/03 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\USBDLM
[2010/03/03 06:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Restore
[2010/03/03 05:31:43 | 000,499,200 | ---- | C] (Quick And Easy Software) -- C:\Documents and Settings\NR Admin\Desktop\USB Eject.exe
[2010/03/02 22:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2010/03/02 22:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\GoodSync
[2010/02/25 11:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\ComodoGroup
[2010/02/24 18:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\Comodo
[2010/02/24 12:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Desktop\Quote
[2010/02/22 13:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/17 17:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/02/13 11:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Desktop\Process's
[2010/02/07 05:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gtek
[2010/02/07 05:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\GTek
[2010/02/06 00:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\NuCam
[2010/02/05 22:46:06 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\umaxscan.dll
[2010/02/05 22:46:06 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/02/03 04:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/02/03 04:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/02 01:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Free File Commander
[2010/01/31 11:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NR Admin\Application Data\SumatraPDF
[2010/01/31 11:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2010/01/30 03:12:23 | 000,000,000 | ---D | C] -- C:\PSFONTS
[2010/01/30 03:10:02 | 000,000,000 | ---D | C] -- C:\KPCMS
[2010/01/30 03:10:01 | 000,199,168 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\kpcp32.dll
[2010/01/30 03:10:01 | 000,039,424 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\kpsys32.dll
[2010/01/30 03:10:00 | 000,083,968 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\kpapi32.dll
[2010/01/30 03:09:58 | 000,249,856 | ---- | C] (Play Incorporated) -- C:\WINDOWS\System32\Snap32n.dll
[2010/01/30 03:09:54 | 000,415,232 | ---- | C] (Storm Technology, Inc.) -- C:\WINDOWS\System32\EZIMG25.dll
[2010/01/30 03:09:54 | 000,027,648 | ---- | C] (Storm Technology, Inc.) -- C:\WINDOWS\System32\cppenv25.dll
[2010/01/30 03:09:53 | 000,004,080 | ---- | C] (Storm Software, Inc.) -- C:\WINDOWS\System32\WINSIZE.DLL

========== Files - Modified Within 90 Days ==========

[2010/04/29 17:41:33 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/04/29 17:41:28 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/04/29 17:40:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/29 11:04:09 | 026,638,368 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/04/29 11:04:09 | 000,247,028 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/04/29 11:04:05 | 013,369,344 | ---- | M] () -- C:\Documents and Settings\NR Admin\ntuser.dat
[2010/04/29 11:03:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\NR Admin\ntuser.ini
[2010/04/29 10:02:21 | 000,426,438 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\spreadshirt example.bmp
[2010/04/29 08:21:35 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Throw away email info for 10 min mail
[2010/04/29 06:57:24 | 000,210,661 | ---- | M] () -- C:\WINDOWS\Screen Calipers Uninstaller.exe
[2010/04/29 06:57:24 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Screen Calipers.lnk
[2010/04/29 06:32:24 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Sizer X Y axis and dimensions for windows
[2010/04/28 15:10:19 | 000,067,822 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_28_2010_3_10_15_PM.bkp
[2010/04/28 10:15:33 | 000,067,867 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_28_2010_10_15_32_AM.bkp
[2010/04/28 09:05:53 | 000,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/28 08:58:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/28 08:42:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/28 04:38:46 | 000,093,375 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\segmnt_vectorized.psd
[2010/04/28 02:54:34 | 000,012,076 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\segmnt_vectorized.png
[2010/04/28 02:50:32 | 000,022,188 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\segmnt.jpg
[2010/04/28 02:09:10 | 000,003,008 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] Ins neutral
[2010/04/28 02:09:10 | 000,002,866 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] general
[2010/04/28 02:09:10 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,001,342 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] BIG Foot
[2010/04/28 02:09:10 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 00:40:42 | 000,067,670 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_28_2010_12_40_42_AM.bkp
[2010/04/27 20:30:12 | 000,066,301 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_27_2010_8_30_11_PM.bkp
[2010/04/27 15:43:53 | 000,005,866 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\clipboard_vectorized.png
[2010/04/27 14:59:11 | 000,069,305 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_27_2010_2_59_11_PM.bkp
[2010/04/27 07:51:06 | 000,024,136 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Henny-Dangerfield combined
[2010/04/27 06:28:24 | 000,494,648 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Header got hookVM VAR 1_0004_Background copy 4.psd
[2010/04/27 05:04:13 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\{-Chrome taskmgr
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 14:03:06 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Tara LINES.rtf
[2010/04/25 12:21:11 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/23 12:12:41 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Roboform Sort
[2010/04/23 11:36:16 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/23 11:35:03 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\ZoneAlarm Security.lnk
[2010/04/23 09:56:44 | 003,427,810 | -H-- | M] () -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\IconCache.db
[2010/04/23 09:51:44 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\MozyHome Remote Backup.lnk
[2010/04/22 04:58:24 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Locate32.lnk
[2010/04/22 04:23:52 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Holiday gadget
[2010/04/21 00:44:11 | 001,257,947 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\ZA files settings other.xml
[2010/04/20 11:52:43 | 003,286,267 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\PinTypesneon FX#2.psd
[2010/04/20 00:51:41 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Copernic Desktop Search - Corporate.lnk
[2010/04/19 22:27:40 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\browser shots
[2010/04/19 01:15:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/17 09:00:53 | 000,237,418 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Road sign.psd
[2010/04/17 08:48:07 | 001,592,543 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Header got hookVM VAR 1.psd
[2010/04/15 01:16:09 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Google Chrome.lnk
[2010/04/13 05:21:32 | 000,001,202 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\SYSTEM My Docs.lnk
[2010/04/12 20:05:38 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/04/12 20:05:37 | 000,000,376 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/12 02:42:17 | 000,008,971 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\site sign ins.html
[2010/04/10 22:44:30 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Copernic Desltop search registration number
[2010/04/09 21:28:23 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 20:59:34 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Spybot need manual updates.lnk
[2010/04/09 19:02:16 | 000,124,271 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\how_2108614_gmail-mail-messages-using-thunderbird.html
[2010/04/09 05:48:41 | 000,000,417 | ---- | M] () -- C:\WINDOWS\tasks\1 Copernic Intra-Daily ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,403 | ---- | M] () -- C:\WINDOWS\tasks\4 Copernic Monthly ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\3 Copernic Weekly ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,393 | ---- | M] () -- C:\WINDOWS\tasks\2 Copernic Daily ~NR NR Admin.job
[2010/04/09 05:36:03 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Copernic SEARCH.lnk
[2010/04/09 04:40:07 | 005,870,198 | ---- | M] () -- C:\Program Files\Copernic_Agent_Pro_612.rar
[2010/04/08 05:38:00 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\4-8 notes
[2010/04/08 01:42:46 | 002,573,254 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\bookmarks-2009-11-17firefox bookmarks.json
[2010/04/08 01:40:28 | 002,665,476 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\bookmarks-2009-11-17firefox bookmarks.json.rtf
[2010/04/07 23:09:40 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\T Bird.lnk
[2010/04/07 08:21:17 | 009,758,584 | ---- | M] (Mozy, Inc.) -- C:\Program Files\mozy-1_16_4_0-9388.exe
[2010/04/06 04:41:28 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\CCleaner.lnk
[2010/04/06 01:37:17 | 000,433,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/06 01:37:17 | 000,068,182 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/06 01:37:16 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/31 18:28:41 | 000,004,933 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Stalled print job fix
[2010/03/31 03:59:15 | 000,165,758 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\all robo as of 4-2010.htm
[2010/03/30 22:46:01 | 000,007,678 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\cc_20100330_214550.reg
[2010/03/30 07:42:18 | 000,011,443 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Email sign ins Spreadsheet.rtf
[2010/03/30 07:39:04 | 000,010,001 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Copy of Blog sign ins Spread sheet.rtf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 06:52:46 | 000,000,425 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Defraggler.lnk
[2010/03/28 06:01:28 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Google owns you
[2010/03/26 05:09:04 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Vector Magic.lnk
[2010/03/25 05:00:28 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/03/24 05:16:23 | 000,010,140 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Tree Shows all files info
[2010/03/23 17:55:15 | 000,016,405 | ---- | M] () -- C:\rollback.ini
[2010/03/22 19:23:46 | 000,035,707 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\Program Control Programs - ZoneAlarm User Community.htm
[2010/03/22 00:17:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac976955aa7e0.job
[2010/03/21 18:08:13 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Cascade.lnk
[2010/03/21 14:02:33 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/03/21 02:58:49 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2010/03/20 14:34:42 | 000,008,761 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\RGB Hex codes for html documents.htm
[2010/03/16 18:51:36 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Start Up Tuner.lnk
[2010/03/14 22:53:32 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/14 19:34:31 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Open With Add.exe.lnk
[2010/03/14 18:08:18 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Context EDIT.exe.lnk
[2010/03/11 15:29:16 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\GOOG Oper's.lnk
[2010/03/11 00:47:17 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Visual Thesaurus.lnk
[2010/03/11 00:45:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\.pvte
[2010/03/08 14:54:50 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Taskbar.lnk
[2010/02/28 22:32:24 | 000,004,818 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\clipboard 10 17.clx.rtf
[2010/02/26 17:39:58 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\NR Admin\Cascade.js
[2010/02/26 17:32:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Cascade.js
[2010/02/25 16:03:08 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 11:23:29 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Permanent F Drive.lnk
[2010/02/21 16:31:08 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Task-O-Matic.lnk
[2010/02/14 20:43:57 | 000,019,103 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\100 PS TIPS GOOD TO REVIEW.htm
[2010/02/12 07:59:19 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Note++.lnk.lnk
[2010/02/08 23:43:19 | 000,000,648 | ---- | M] () -- C:\WINDOWS\videoimp.ini
[2010/02/07 05:38:10 | 000,002,612 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2010/02/04 05:11:43 | 003,452,396 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\document.pdf
[2010/02/03 00:12:06 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\PhoSho.lnk
[2010/02/02 05:51:56 | 000,377,755 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100409-235426.backup
[2010/02/02 05:51:56 | 000,377,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100420-134342.backup
[2010/02/02 05:40:00 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Spybot.lnk
[2010/02/02 05:39:59 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\NR Admin\Desktop\Shred.lnk
[2010/02/02 03:00:03 | 000,033,895 | ---- | M] () -- C:\Documents and Settings\NR Admin\My Documents\IE favelets.rtf
[2010/01/30 23:13:14 | 000,281,729 | ---- | M] () -- C:\Documents and Settings\NR Admin\.recently-used.xbel
[2010/01/30 22:30:49 | 000,045,016 | ---- | M] () -- C:\Documents and Settings\NR Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/30 04:44:22 | 000,000,190 | ---- | M] () -- C:\WINDOWS\Adobereg.db
[2010/01/30 03:16:25 | 000,287,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/30 03:10:00 | 000,000,114 | ---- | M] () -- C:\WINDOWS\kpcms.ini

========== Files Created - No Company Name ==========

[2010/04/29 10:02:21 | 000,426,438 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\spreadshirt example.bmp
[2010/04/29 07:32:01 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Throw away email info for 10 min mail
[2010/04/29 06:57:24 | 000,210,661 | ---- | C] () -- C:\WINDOWS\Screen Calipers Uninstaller.exe
[2010/04/29 06:57:24 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Screen Calipers.lnk
[2010/04/29 06:32:23 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Sizer X Y axis and dimensions for windows
[2010/04/28 15:10:16 | 000,067,822 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_28_2010_3_10_15_PM.bkp
[2010/04/28 10:15:32 | 000,067,867 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_28_2010_10_15_32_AM.bkp
[2010/04/28 08:58:17 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/04/28 08:58:12 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/28 08:55:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/28 08:55:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/28 08:55:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/28 08:55:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/28 08:55:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/28 04:38:44 | 000,093,375 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\segmnt_vectorized.psd
[2010/04/28 02:54:34 | 000,012,076 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\segmnt_vectorized.png
[2010/04/28 02:50:30 | 000,022,188 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\segmnt.jpg
[2010/04/28 02:09:10 | 000,003,008 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] Ins neutral
[2010/04/28 02:09:10 | 000,002,866 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,002,305 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] general
[2010/04/28 02:09:10 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected] BIG Foot
[2010/04/28 02:09:10 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 02:09:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\[email protected]
[2010/04/28 00:40:42 | 000,067,670 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_28_2010_12_40_42_AM.bkp
[2010/04/27 20:30:11 | 000,066,301 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_27_2010_8_30_11_PM.bkp
[2010/04/27 15:43:53 | 000,005,866 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\clipboard_vectorized.png
[2010/04/27 14:59:11 | 000,069,305 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ChsDbBackup_4_27_2010_2_59_11_PM.bkp
[2010/04/27 06:28:24 | 000,494,648 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Header got hookVM VAR 1_0004_Background copy 4.psd
[2010/04/27 05:04:13 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\{-Chrome taskmgr
[2010/04/26 14:02:53 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Tara LINES.rtf
[2010/04/23 12:12:41 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Roboform Sort
[2010/04/23 11:35:03 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\ZoneAlarm Security.lnk
[2010/04/23 11:34:51 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/23 09:51:44 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\MozyHome Remote Backup.lnk
[2010/04/22 04:58:24 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Locate32.lnk
[2010/04/22 04:23:52 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Holiday gadget
[2010/04/21 00:44:11 | 001,257,947 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\ZA files settings other.xml
[2010/04/20 11:52:41 | 003,286,267 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\PinTypesneon FX#2.psd
[2010/04/20 00:44:27 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Copernic Desktop Search - Corporate.lnk
[2010/04/19 21:58:56 | 000,024,136 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Henny-Dangerfield combined
[2010/04/19 21:52:40 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\browser shots
[2010/04/17 09:00:51 | 000,237,418 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Road sign.psd
[2010/04/17 08:48:04 | 001,592,543 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Header got hookVM VAR 1.psd
[2010/04/13 05:09:02 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\SYSTEM My Docs.lnk
[2010/04/10 22:44:30 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Copernic Desltop search registration number
[2010/04/09 21:28:23 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 20:37:00 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Spybot need manual updates.lnk
[2010/04/09 19:02:02 | 000,124,271 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\how_2108614_gmail-mail-messages-using-thunderbird.html
[2010/04/09 05:36:03 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Copernic SEARCH.lnk
[2010/04/09 05:36:03 | 000,000,417 | ---- | C] () -- C:\WINDOWS\tasks\1 Copernic Intra-Daily ~NR NR Admin.job
[2010/04/09 05:36:03 | 000,000,403 | ---- | C] () -- C:\WINDOWS\tasks\4 Copernic Monthly ~NR NR Admin.job
[2010/04/09 05:36:03 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\3 Copernic Weekly ~NR NR Admin.job
[2010/04/09 05:36:03 | 000,000,393 | ---- | C] () -- C:\WINDOWS\tasks\2 Copernic Daily ~NR NR Admin.job
[2010/04/09 05:28:44 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2010/04/09 05:24:28 | 005,898,200 | ---- | C] () -- C:\Program Files\Copernic Agent Pro 612.exe
[2010/04/09 04:39:59 | 005,870,198 | ---- | C] () -- C:\Program Files\Copernic_Agent_Pro_612.rar
[2010/04/08 05:38:00 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\4-8 notes
[2010/04/08 01:40:27 | 002,665,476 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\bookmarks-2009-11-17firefox bookmarks.json.rtf
[2010/04/07 23:09:40 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\T Bird.lnk
[2010/04/06 04:41:28 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\CCleaner.lnk
[2010/03/31 18:28:41 | 000,004,933 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Stalled print job fix
[2010/03/31 03:31:50 | 000,165,758 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\all robo as of 4-2010.htm
[2010/03/30 22:45:55 | 000,007,678 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\cc_20100330_214550.reg
[2010/03/30 07:42:18 | 000,011,443 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Email sign ins Spreadsheet.rtf
[2010/03/30 07:39:04 | 000,010,001 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Copy of Blog sign ins Spread sheet.rtf
[2010/03/28 06:52:47 | 000,000,425 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Defraggler.lnk
[2010/03/28 06:01:19 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Google owns you
[2010/03/26 05:09:04 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Vector Magic.lnk
[2010/03/24 04:26:12 | 000,010,140 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Tree Shows all files info
[2010/03/22 19:23:45 | 000,035,707 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Program Control Programs - ZoneAlarm User Community.htm
[2010/03/22 00:17:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac976955aa7e0.job
[2010/03/20 14:34:41 | 000,008,761 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\RGB Hex codes for html documents.htm
[2010/03/16 18:51:39 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Start Up Tuner.lnk
[2010/03/14 22:53:32 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/14 19:34:31 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Open With Add.exe.lnk
[2010/03/14 18:08:30 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Context EDIT.exe.lnk
[2010/03/11 15:29:15 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\GOOG Oper's.lnk
[2010/03/11 00:48:05 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Visual Thesaurus.lnk
[2010/03/11 00:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\.pvte
[2010/03/08 14:54:50 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Taskbar.lnk
[2010/02/28 22:32:24 | 000,004,818 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\clipboard 10 17.clx.rtf
[2010/02/28 22:20:59 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Phrases.psw
[2010/02/28 22:20:59 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Copy of Livethelowlifehigh.psw
[2010/02/28 22:12:24 | 000,002,366 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\pitch info.rtf
[2010/02/28 22:12:24 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\pitches prods.rtf
[2010/02/28 22:12:24 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\Plato.rtf
[2010/02/26 17:40:06 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Cascade.lnk
[2010/02/26 17:37:40 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\NR Admin\Cascade.js
[2010/02/26 17:32:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Cascade.js
[2010/02/21 16:31:08 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Task-O-Matic.lnk
[2010/02/20 13:45:23 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\NR Admin\Start Menu\Programs\Startup\Note++.lnk.lnk
[2010/02/07 05:38:09 | 000,002,612 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2010/02/06 00:52:17 | 000,397,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\biomini.sys
[2010/02/06 00:52:17 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\B2Filter.ax
[2010/02/06 00:52:17 | 000,014,061 | ---- | C] () -- C:\WINDOWS\BLINK2DS.ini
[2010/02/06 00:52:17 | 000,007,438 | ---- | C] () -- C:\WINDOWS\BLINK2DS.src
[2010/02/04 05:26:29 | 003,452,396 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\document.pdf
[2010/02/03 00:12:06 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\PhoSho.lnk
[2010/02/02 23:43:03 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Shred.lnk
[2010/02/02 05:40:00 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\NR Admin\Desktop\Spybot.lnk
[2010/02/02 03:00:03 | 000,033,895 | ---- | C] () -- C:\Documents and Settings\NR Admin\My Documents\IE favelets.rtf
[2010/01/30 23:13:14 | 000,281,729 | ---- | C] () -- C:\Documents and Settings\NR Admin\.recently-used.xbel
[2010/01/30 09:13:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/01/30 09:12:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/01/30 09:12:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/01/30 09:12:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/01/30 09:12:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/01/30 09:12:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/01/30 09:12:48 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/01/30 09:12:48 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/01/30 09:12:48 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/01/30 09:12:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/01/30 09:12:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/01/30 09:12:46 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/01/30 09:12:46 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/01/30 09:12:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/01/30 09:12:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/01/30 09:12:46 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/01/30 09:12:46 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/01/30 09:12:41 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/01/30 09:12:23 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/01/30 09:12:18 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/01/30 09:11:58 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/01/30 03:10:00 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2010/01/30 03:09:59 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/01/30 03:09:59 | 000,000,190 | ---- | C] () -- C:\WINDOWS\Adobereg.db
[2010/01/21 05:30:37 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win2000X48.DLL
[2010/01/15 19:34:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/11 00:41:41 | 000,000,058 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/12/23 12:38:20 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2009/11/29 18:27:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HMIPCore.dll
[2009/10/09 22:02:58 | 000,000,648 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2009/10/09 22:02:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/10/01 09:33:36 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009/09/30 07:24:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/30 07:24:13 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/30 07:18:52 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2009/09/30 07:18:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2009/09/30 07:18:52 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2009/09/30 07:18:52 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2009/09/30 07:18:01 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2005/05/14 00:19:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/14 00:19:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/14 00:19:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/14 00:19:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/14 00:19:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/14 00:19:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/13 23:26:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/13 23:25:25 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/13 23:25:25 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/13 23:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/13 23:20:59 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/13 22:27:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/13 22:11:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/13 22:01:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/13 21:10:10 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/13 21:06:07 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/03/28 18:59:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/03/28 18:44:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/03/25 12:59:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/03/15 13:50:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004/07/28 19:19:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/12/02 03:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/04/20 00:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Copernic
[2009/10/03 23:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2010/03/02 22:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/12/11 06:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2009/12/02 03:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page
[2010/01/29 02:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/04/23 11:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/12/23 12:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/14 00:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/19 04:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Ashampoo
[2010/04/29 09:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\AutoSizer
[2010/04/23 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\CheckPoint
[2010/04/09 05:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Copernic
[2010/03/08 14:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Desktop Apps
[2009/10/03 23:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\DonationCoder
[2010/04/27 00:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\GoodSync
[2010/01/30 23:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\gtk-2.0
[2010/04/29 06:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Iconico
[2009/12/24 13:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Irido
[2009/11/23 19:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Locate32
[2009/10/01 10:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\MSNInstaller
[2010/04/14 01:24:34 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\NR Admin\Application Data\MyMorph
[2009/10/03 09:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Notepad++
[2010/01/03 00:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Optimal Data
[2009/10/30 08:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Safer Networking
[2009/11/04 13:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\SteelBytes
[2010/01/31 11:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\SumatraPDF
[2009/12/05 05:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Template
[2010/04/07 23:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\Thunderbird
[2010/02/07 04:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\toshiba
[2009/09/30 10:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NR Admin\Application Data\VSRevoGroup
[2010/04/09 05:48:41 | 000,000,417 | ---- | M] () -- C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,393 | ---- | M] () -- C:\WINDOWS\Tasks\2 Copernic Daily ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\3 Copernic Weekly ~NR NR Admin.job
[2010/04/09 05:48:41 | 000,000,403 | ---- | M] () -- C:\WINDOWS\Tasks\4 Copernic Monthly ~NR NR Admin.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\My Documents\USA Jobs info.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\My Documents\Travel reviews Hack.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\My Documents\File List How To.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\My Documents\Bk Marklets Template-maker.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\NR Admin\Cascade.js:SummaryInformation
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39413AC3
< End of report >
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
1NR1

1NR1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Back in business. I would like to describe this positive experience in a few blogs. Have you any preferences as to where you would like to read about Geeks to Go online support and yourself? Also would it be all right to include your url and that of some of the other links used. Thanks again.
Cheers! NR

"Next chance you get walk into an antique shop and ask, What's new?" (Youngman)
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
no preference at all, leave that up to you

feel free to use the url and anything else

do let me know when you have posted something
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP