Question: found unknown "golaxt.dll" possibly part of a new

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Question: found unknown "golaxt.dll" possibly part of a new Detected a possible rootkit, it was removed, but what was it?

#1 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 01 June 2010 - 09:27 AM

This is a question, since my system seems to be running normally. The system was occassionally sluggish, so I ran combofix. Early in its scan it detects golaxt.dll as a possible root kit, and disables it. The reason for this posting is that I can find no information about this dll, and wonder if there is any insight into who/what/when/where. Thanks.

XP Pro, SP2, fully patched; Spybot; Zonealarm; and Symantec Anti-virus. The files of interest are those associated with this abbreviated summary: under \application data\windows server\

===============
The following files were disabled during the run:
c:\documents and settings\myname\Local Settings\Application Data\Windows Server\golaxt.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jody\Application Data\inst.exe
c:\documents and settings\Jody\g2mdlhlpx.exe
c:\documents and settings\Jody\GoToAssistDownloadHelper.exe
c:\documents and settings\Jody\Local Settings\Application Data\Windows Server
c:\documents and settings\Jody\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Jody\Local Settings\Application Data\Windows Server\golaxt.dll
c:\documents and settings\Jody\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
c:\program files\DVR Controls
c:\program files\DVR Controls\avcodec.dll
c:\program files\DVR Controls\DVRPlay.exe
c:\program files\DVR Controls\NPPlayer.exe
c:\program files\DVR Controls\npwmado0.dll
c:\program files\DVR Controls\npwmh263.dll
c:\program files\DVR Controls\npwmjpg.dll
c:\program files\DVR Controls\npwmlavc.dll
c:\program files\DVR Controls\npwmskl4.dll
c:\program files\DVR Controls\npwmxvd4.dll
c:\program files\DVR Controls\VPONAdo.dll
c:\program files\DVR Controls\VPONADO4.dll
c:\program files\DVR Controls\VPONAUD4.dll
c:\program files\DVR Controls\VPONLV.dll
c:\program files\DVR Controls\VPONLV4.dll
c:\program files\DVR Controls\VPONRP4.dll
c:\program files\DVR Controls\VPSCTL.dll
c:\program files\DVR Controls\VPSDEC.dll
c:\windows\system32\VB40032.DLL

Infected copy of c:\windows\system32\drivers\acpiec.sys was found and disinfected
Restored copy from - Kitty had a snack

=======================
Thank you.

#2 Gammo

Group: Malware Removal
Posts: 2,299
Joined: 21-December 08

Posted 04 June 2010 - 09:21 AM

Hi drwireMORE,

Welcome to Geeks to Go! My name is Gammo and I will be helping you fix your computer problem.
If for any reason you do not understand any of the instructions, or are just unsure then please do not guess, simply post back with your question, and we will go through it again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert". It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please run ComboFix again. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#3 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 04 June 2010 - 09:41 AM

Yes, thank you for your assistance. I will redownload combofix and post. I have a combofix from yesterday, but understand that we will be starting fresh. As an aside: my outlook was handing occassionally; so I did a Microsoft 2007 repair. Rebooted; and when I logged in, the system treated me like I was a new user in resetting my background, new email (as if I'd never had an email account) outlook express. My favorites were still there, and by reloading other applications, have it back to normal. Very strange. Also, tried to go back to a previous system restore point, (knowing combofix creates a restore poiint) and there were only system checkpoints, nothing I could restore back to. In the end, ran OTClean.. and here we are.

As of this moment, I will make no changes or updates unless at your direction. Expect your log shortly. dw

#4 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 04 June 2010 - 07:09 PM

I disabled spybot (tea timer and I.E); zonealarm; and auto-protect from Symantec Anti-Virus. A new install of combofix saved to the desktop as combofixrenamed, disconnected from the network and ran. These are the results you asked for: (PS: thank you for your assistance)

ComboFix 10-06-03.01 - Jody 06/04/2010 17:45:48.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1380 [GMT -7:00]
Running from: c:\documents and settings\Jody\Desktop\ComboFixRenamed.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-04 00:57 . 2010-06-04 00:57 8854 ----a-r- c:\documents and settings\Jody\Application Data\Microsoft\Installer\{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}\PDTHelpShortcut__4B691FC6F103435EA1F6339BD6C78617_2.exe
2010-06-04 00:57 . 2010-06-04 00:57 65536 ----a-r- c:\documents and settings\Jody\Application Data\Microsoft\Installer\{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}\PalmDesktopShortcut.exe
2010-06-04 00:57 . 2010-06-04 00:57 65536 ----a-r- c:\documents and settings\Jody\Application Data\Microsoft\Installer\{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}\ARPPRODUCTICON.exe
2010-06-04 00:57 . 2010-06-04 00:57 40960 ----a-r- c:\documents and settings\Jody\Application Data\Microsoft\Installer\{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}\NewShortcut6_45BA714564B04B5DBDC240E20FCDC6DC.exe
2010-06-04 00:57 . 2010-06-04 00:57 40960 ----a-r- c:\documents and settings\Jody\Application Data\Microsoft\Installer\{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}\NewShortcut1_45BA714564B04B5DBDC240E20FCDC6DC.exe
2010-06-03 23:12 . 2008-04-09 20:37 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-03 23:12 . 2010-06-03 23:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-06-03 23:12 . 2010-06-03 23:14 -------- d-----w- c:\documents and settings\Administrator
2010-06-03 22:59 . 2010-06-03 22:59 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ServiceTest
2010-05-31 23:50 . 1999-08-28 19:44 45056 ----a-w- c:\windows\system32\wisemsg.dll
2010-05-31 23:50 . 2010-05-31 23:50 -------- d-----w- c:\windows\PACKAGES
2010-05-31 23:50 . 2005-01-24 14:48 32768 ----a-w- c:\windows\system32\CHI.EXE
2010-05-30 05:35 . 2010-05-30 05:35 -------- d-----w- C:\ComboFixrenamed31783C
2010-05-30 03:24 . 2010-05-30 03:33 -------- d-----w- C:\ComboFixrenamed5641C
2010-05-19 21:31 . 2010-05-19 21:31 -------- d-----w- c:\program files\DVDFab 7
2010-05-13 19:40 . 2010-05-13 22:07 -------- d-----w- C:\Ipod
2010-05-13 16:44 . 2010-05-13 16:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-05-11 05:13 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-11 05:11 . 2009-11-08 08:41 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-05-11 05:11 . 2009-11-08 08:41 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-05-11 05:11 . 2006-09-28 21:32 9472 ----a-w- c:\windows\system32\drivers\pnetmdm.sys
2010-05-11 01:32 . 2010-06-01 14:53 -------- d-----w- C:\recover
2010-05-11 01:00 . 2010-05-11 01:00 -------- d-----w- c:\program files\File Scavenger 3.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 00:41 . 2008-04-13 13:48 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-05 00:32 . 2008-04-13 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-04 05:05 . 2010-03-02 01:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 04:27 . 2009-04-02 13:49 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-04 03:48 . 2008-04-11 13:38 71776 ----a-w- c:\documents and settings\Jody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 00:58 . 2009-08-19 01:11 -------- d-----w- c:\program files\Palm
2010-06-04 00:57 . 2008-04-13 19:34 8854 ----a-r- c:\documents and settings\Jody\Application Data\Microsoft\Installer\{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}\NewShortcut15_4B691FC6F103435EA1F6339BD6C78617.exe
2010-06-04 00:32 . 2010-01-13 21:01 -------- d-----w- c:\program files\Netcool
2010-06-03 23:14 . 2010-06-03 23:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2010-06-03 23:14 . 2010-06-03 23:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2010-06-03 20:40 . 2009-03-06 13:24 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-03 20:02 . 2009-10-12 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 19:06 . 2009-06-18 19:14 15053133 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-03 18:56 . 2008-04-13 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-03 18:55 . 2008-04-13 21:37 -------- d-----w- c:\program files\Microsoft Works
2010-06-03 17:52 . 2009-07-18 01:20 -------- d-----w- c:\documents and settings\Jody\Application Data\vlc
2010-06-03 15:09 . 2009-12-20 23:52 -------- d-----w- c:\program files\PeerGuardian2
2010-06-03 14:36 . 2009-01-14 18:47 -------- d-----w- c:\documents and settings\Jody\Application Data\Azureus
2010-06-02 20:23 . 2009-04-14 12:54 -------- d-----w- c:\program files\Vuze
2010-06-02 17:51 . 2008-04-28 14:14 -------- d-----w- c:\documents and settings\Jody\Application Data\Skype
2010-06-02 17:40 . 2008-04-28 14:16 -------- d-----w- c:\documents and settings\Jody\Application Data\skypePM
2010-05-31 23:51 . 2008-04-13 02:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-27 15:45 . 2008-04-09 20:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 20:03 . 2009-09-27 21:35 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-26 20:03 . 2009-09-27 21:35 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-26 20:03 . 2009-09-27 21:35 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-19 21:31 . 2009-01-05 01:04 -------- d-----w- c:\documents and settings\Jody\Application Data\Vso
2010-05-13 22:27 . 2008-04-15 04:42 -------- d-----w- c:\documents and settings\Jody\Application Data\U3
2010-05-11 05:14 . 2010-05-11 05:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-05-11 05:13 . 2010-05-11 05:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-11 05:11 . 2010-04-08 21:21 -------- d-----w- c:\program files\PdaNet for Android
2010-05-03 21:28 . 2010-05-03 21:28 -------- d-----w- c:\program files\Compaq
2010-04-29 22:39 . 2009-10-12 15:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-10-12 15:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 06:31 . 2009-02-06 16:54 -------- d-----w- c:\program files\CCleaner
2010-04-22 17:42 . 2009-11-10 02:49 -------- d-----w- c:\program files\Google
2010-04-22 17:04 . 2010-04-22 15:28 -------- d-----w- c:\program files\American Airlines DealFinder
2010-03-11 12:38 . 2010-03-11 12:38 1111920 ----a-w- c:\windows\system32\bblincra.dll
2010-03-11 12:38 . 1980-01-01 07:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-05-13 21:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 1980-01-01 07:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 1980-01-01 07:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-03-03 21:40 . 2009-03-03 21:40 80 --sha-r- c:\windows\system32\ECA0E6C550.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"Memeo Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2009-11-16 169184]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

c:\documents and settings\Jody\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-5-10 447952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 22:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-09 01:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palm_HotSync_Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palm_HotSync_Manager.lnk
backup=c:\windows\pss\Palm_HotSync_Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jody^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Jody\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InputDirector]
2010-02-01 09:38 475136 ----a-w- c:\program files\Input Director\InputDirector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 23:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-02-17 10:30 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PalmTether]
2006-02-09 05:16 143360 ----a-w- c:\program files\PalmTether\TetherApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTIM.exe]
2010-02-08 23:54 271672 ----a-w- c:\program files\WebEx\Productivity Tools\ptim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTOneClick]
2010-02-08 23:53 247096 ----a-w- c:\program files\WebEx\Productivity Tools\ptoneclk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-03 16:39 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"<NO NAME>"=
"EZEJMNAP"=c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"ibmmessages"=c:\program files\IBM\Messages By IBM\\ibmmessages.exe
"Logitech Utility"=Logi_MwX.Exe
"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray
"SoundMAXPnP"=c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CollabNet Subversion Server\\httpd\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Input Director\\InputDirector.exe"=
"c:\\Program Files\\Input Director\\InputDirectorSessionHelper.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 3:33 AM 138780]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 2:21 PM 19496]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 4:13 AM 46779]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [4/9/2008 10:59 AM 16384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 4:46 PM 12856]
R3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [1/30/2006 11:42 AM 9728]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [5/10/2010 10:11 PM 9472]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [11/20/2009 11:43 AM 31616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2010 10:33 AM 135664]
S2 InputDirector;Input Director Service;c:\program files\Input Director\IDWinService.exe [2/1/2010 2:37 AM 36864]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [11/16/2009 4:46 PM 25824]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [1/21/2009 10:00 AM 15872]
S3 CKXEZ;CKXEZ;c:\docume~1\Jody\LOCALS~1\Temp\CKXEZ.exe --> c:\docume~1\Jody\LOCALS~1\Temp\CKXEZ.exe [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys --> c:\windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [5/14/2008 6:00 AM 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [5/14/2008 6:00 AM 51968]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 5:27 PM 124608]
S3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\DRIVERS\V0415Afx.sys --> c:\windows\system32\DRIVERS\V0415Afx.sys [?]
S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\DRIVERS\V0415Vid.sys --> c:\windows\system32\DRIVERS\V0415Vid.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - VSMON
*Deregistered* - EraserUtilDrv11010

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 17:33]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 17:33]

2010-06-05 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 22:28]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.bleepingcomputer.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: AutorunsDisabled\copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: AutorunsDisabled\copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
FF - ProfilePath - c:\documents and settings\Jody\Application Data\Mozilla\Firefox\Profiles\ivlamgwz.default\
FF - prefs.js: browser.startup.homepage - hxxp://tech.slashdot.org/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 17:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\Lenovo\HOTKEY\notifyf2.dll

- - - - - - - > 'explorer.exe'(2248)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-06-04 17:56:53
ComboFix-quarantined-files.txt 2010-06-05 00:56

Pre-Run: 34,600,435,712 bytes free
Post-Run: 34,675,163,136 bytes free

- - End Of File - - 0C5527C9E7E99A080CEFA4D8586D8CC6

#5 Gammo

Group: Malware Removal
Posts: 2,299
Joined: 21-December 08

Posted 05 June 2010 - 05:56 AM

Hi,

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

#6 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 05 June 2010 - 07:17 PM

TFC ran, and called for a reboot
MBAM: downloaded a fresh copy, updated, quick scan: no issues.
MBAM: full scan; no issues. (Log is from the full scan)
ESET: took 6+ hours to run, and found 1 file, which it deleted:
C:\WINDOWS\system32\bblincra.dll a variant of Win32/Delf.PFX trojan
No reboot was requested; but I did a reboot anyway.

Note: A google search for bblincra.dll produced no results; nor did golaxt.dll. I did save golaxt.dll as *.txt and can show you what it did/tries to do. EST found bblincra.dll deleted to quarrantine... but can't find it anywhere... no idea where it was quarrantined...or just deleted. Then opened outlook, still stalled and wouldn't open...opens duplicates. Using task manager deleted both occurrances, started up ok. The crashing or "hang" of outlook was one of the symptoms that caused me to post this question. Standing by. dw

Your MBAM and ESET logs respectfully:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4170

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/5/2010 9:28:42 AM
mbam-log-2010-06-05 (09-28-42).txt

Scan type: Full scan (C:\|)
Objects scanned: 254340
Time elapsed: 1 hour(s), 22 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Eset:
C:\WINDOWS\system32\bblincra.dll a variant of Win32/Delf.PFX trojan cleaned by deleting - quarantined

#7 Gammo

Group: Malware Removal
Posts: 2,299
Joined: 21-December 08

Posted 06 June 2010 - 02:11 AM

Hi,

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Under the Custom Scan box paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
c:\windows\system32\bblincra.dll /md5
c:\windows\system32\wininet.dll /md5
c:\windows\system32\ieencode.dll /md5
c:\windows\system32\corpol.dll /md5
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

#8 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 06 June 2010 - 08:48 AM

Downloaded OTL, copy/pasted OTL.Txt and Extras.Txt. Your effort and investment into solving my problem is appreciated. My personal opinion is a root kit somewhere; so odd that "before" you started helping me, that all of my personal settings (outlook mail; outlook express; bells; sounds; background) were lost or not associated with my name; like I was a new user. Although all of the data was still there, not need to reload the applications (Outlook, palm desktop, etc...and more to discover, I suppose.) Again, thanks for your help. dw

OTL logfile created on: 6/6/2010 7:19:19 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Jody\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.50 Gb Total Space | 32.05 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T42-JFF
Current User Name: Jody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/06 07:18:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jody\Desktop\OTL.exe
PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/02/07 23:27:22 | 000,447,952 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2010/02/01 02:38:24 | 000,139,264 | ---- | M] () -- C:\Program Files\Input Director\InputDirectorSessionHelper.exe
PRC - [2010/02/01 02:37:54 | 000,036,864 | ---- | M] () -- C:\Program Files\Input Director\IDWinService.exe
PRC - [2009/11/16 16:46:46 | 001,447,136 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2009/09/22 12:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/06/12 08:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/10/24 14:29:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/10/02 09:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/09/30 15:37:28 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/09/29 09:17:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/07/03 14:17:56 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/06 16:21:04 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2008/05/14 14:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/24 12:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/03/04 08:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 08:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 15:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/04 01:05:00 | 000,225,280 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006/06/29 19:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/06/23 17:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 17:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 17:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 07:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 07:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 07:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/03/30 19:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2004/03/19 13:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/03/19 12:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2002/09/20 12:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/03/19 15:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe

========== Modules (SafeList) ==========

MOD - [2010/06/06 07:18:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jody\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/03/13 16:46:24 | 000,079,224 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (CKXEZ)
SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/01 02:37:54 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2009/11/16 16:46:44 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/23 14:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/12 08:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/10/16 18:35:28 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/09/29 09:17:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/07/24 16:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/05/14 14:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/03/04 08:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 15:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/06/29 19:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/06/23 17:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 17:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 17:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 07:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 07:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 07:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 10:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 19:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/11/02 15:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [System | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/03/19 13:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2002/09/20 12:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010/06/03 13:40:14 | 000,161,296 | ---- | M] (Trend Micro Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/27 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/11 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100605.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100605.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/18 19:18:38 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/07/08 11:44:20 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/07/08 11:44:20 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/07/08 11:44:20 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/07/08 11:44:20 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/07/08 11:43:46 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/10/16 18:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/09/29 09:17:16 | 000,023,848 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/07/24 16:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 16:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/03 13:53:20 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/05/14 14:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 14:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 21:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/04/13 11:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/01/07 13:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/09/04 11:20:28 | 000,025,736 | R--- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/08/23 05:29:42 | 000,095,744 | R--- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/08/23 05:29:42 | 000,051,968 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/08/23 05:29:42 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/06/02 16:41:06 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/27 19:43:24 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2007/03/09 00:57:02 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/02/18 22:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/01/15 16:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/01 23:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/01 23:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/07/13 10:33:08 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2006/01/30 11:42:54 | 000,009,728 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\palmmdm.sys -- (palmmdm)
DRV - [2005/10/18 14:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 14:52:38 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/10/18 14:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/13 17:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 10:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 10:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/30 19:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 18:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 18:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/09/23 17:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/07/29 04:13:28 | 000,046,779 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2004/07/29 03:33:08 | 000,138,780 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PQV2i.sys -- (PQV2i)
DRV - [2004/03/19 12:03:58 | 000,005,120 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2003/12/17 07:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 07:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/05/01 11:26:34 | 000,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/26 12:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2001/11/01 03:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2000/05/31 20:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-228494952-3277817695-227144936-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-228494952-3277817695-227144936-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://tech.slashdot.org/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "192.168.172.2"
FF - prefs.js..network.proxy.ftp_port: 6588
FF - prefs.js..network.proxy.gopher: "192.168.172.2"
FF - prefs.js..network.proxy.gopher_port: 6588
FF - prefs.js..network.proxy.http: "192.168.172.2"
FF - prefs.js..network.proxy.http_port: 6588
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.172.2"
FF - prefs.js..network.proxy.socks_port: 6588
FF - prefs.js..network.proxy.ssl: "192.168.172.2"
FF - prefs.js..network.proxy.ssl_port: 6588

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/12 09:06:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 18:17:11 | 000,000,000 | ---D | M]

[2009/05/27 19:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Mozilla\Extensions
[2009/11/17 11:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Mozilla\Firefox\Profiles\ivlamgwz.default\extensions
[2009/06/23 22:44:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jody\Application Data\Mozilla\Firefox\Profiles\ivlamgwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/12 09:06:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/04 17:40:40 | 000,402,959 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/06/03 22:00:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\Jody\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-228494952-3277817695-227144936-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-228494952-3277817695-227144936-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-228494952-3277817695-227144936-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-228494952-3277817695-227144936-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://laoo.webex.com/client/upgradeserver...646/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\AutorunsDisabled\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\Documents and Settings\Jody\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jody\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/11 06:38:42 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/19 15:29:13 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/06 07:18:09 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jody\Desktop\OTL.exe
[2010/06/05 09:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/05 07:41:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/05 07:37:58 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jody\Desktop\mbam-setup.exe
[2010/06/05 07:10:05 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jody\Desktop\TFC.exe
[2010/06/04 17:56:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/04 17:42:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/04 17:42:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/04 17:42:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/04 17:42:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/04 17:42:30 | 000,000,000 | ---D | C] -- C:\ComboFixRenamed9371C
[2010/06/04 17:42:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/04 08:44:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/06/03 22:00:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2010/06/03 16:14:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jody\Recent
[2010/06/03 13:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jody\Desktop\log
[2010/06/03 13:13:20 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Jody\Desktop\RootkitRevealerrenamed.exe
[2010/06/03 11:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/03 11:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/31 16:50:27 | 000,032,768 | ---- | C] (CLS) -- C:\WINDOWS\System32\CHI.EXE
[2010/05/31 16:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\PACKAGES
[2010/05/29 22:35:29 | 000,000,000 | ---D | C] -- C:\ComboFixrenamed31783C
[2010/05/29 20:24:08 | 000,000,000 | ---D | C] -- C:\ComboFixrenamed5641C
[2010/05/29 18:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/29 18:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/19 14:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/05/13 12:40:12 | 000,000,000 | ---D | C] -- C:\Ipod
[2010/05/13 09:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/05/10 22:11:43 | 000,009,472 | ---- | C] (June Fabrics Technology) -- C:\WINDOWS\System32\drivers\pnetmdm.sys
[2010/05/10 22:11:25 | 003,637,104 | ---- | C] (June Fabrics Technology Inc. ) -- C:\Documents and Settings\Jody\Desktop\PdaNetA241.exe
[2010/05/10 18:32:26 | 000,000,000 | ---D | C] -- C:\recover
[2010/05/10 18:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\File Scavenger 3.2
[2010/05/03 14:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Compaq
[2010/05/03 14:27:57 | 000,000,000 | ---D | C] -- C:\CPQSYSTEM
[2010/04/22 08:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\American Airlines DealFinder
[2010/04/22 00:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jody\Local Settings\Application Data\Deployment
[2010/04/14 12:16:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jody\My Documents\My Web Sites
[2010/04/08 14:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\PdaNet for Android
[2010/03/29 08:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jody\Local Settings\Application Data\IsolatedStorage
[2010/03/22 18:51:59 | 000,000,000 | ---D | C] -- C:\TurboTax
[2010/03/13 20:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jody\Local Settings\Application Data\Yahoo
[2010/03/13 19:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/03/11 15:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Input Director
[2008/04/09 11:20:56 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 90 Days ==========

[2010/06/06 07:18:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jody\Desktop\OTL.exe
[2010/06/06 06:47:01 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/06/06 06:46:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/05 20:44:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/05 18:32:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/05 18:32:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/05 18:31:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/05 18:31:35 | 2146,422,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/05 18:26:58 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Jody\ntuser.dat
[2010/06/05 18:26:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jody\ntuser.ini
[2010/06/05 09:13:11 | 000,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/05 07:48:28 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\Shortcut to Geekstogo instructions.lnk
[2010/06/05 07:39:31 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/05 07:37:58 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jody\Desktop\mbam-setup.exe
[2010/06/05 07:10:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jody\Desktop\TFC.exe
[2010/06/05 07:09:17 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Geekstogo instructions.doc
[2010/06/04 17:40:40 | 000,402,959 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/04 17:37:22 | 000,402,959 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100604-174040.backup
[2010/06/04 17:32:02 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Jody\Desktop\ComboFixRenamed.exe
[2010/06/04 12:37:56 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of John laoole to Alight Planning Dir Client Services.doc
[2010/06/04 08:44:21 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\Windows Media Player.lnk
[2010/06/03 21:27:28 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/03 21:27:25 | 000,420,888 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/03 20:48:17 | 000,071,776 | ---- | M] () -- C:\Documents and Settings\Jody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/03 20:45:08 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 17:57:41 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\Palm Desktop.lnk
[2010/06/03 16:22:26 | 001,612,794 | -H-- | M] () -- C:\Documents and Settings\Jody\Local Settings\Application Data\IconCache.db
[2010/06/03 13:55:40 | 047,017,984 | ---- | M] () -- C:\WINDOWS\System32\RBS
[2010/06/03 13:40:14 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/03 12:21:52 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\hijacksthis running processes.xls
[2010/06/03 11:51:15 | 000,000,632 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/02 16:36:15 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume John laoole to Yahoo as Sr. Manager, PMO.doc
[2010/06/02 16:36:15 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume John laoole to Realization Technologies as PM.doc
[2010/06/02 14:43:41 | 000,003,195 | ---- | M] () -- C:\WINDOWS\SA8.ini
[2010/06/02 14:43:41 | 000,000,421 | ---- | M] () -- C:\WINDOWS\SA4_WKSP.INI
[2010/06/01 19:51:06 | 000,031,894 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\UnitedHealth Group job submission.pdf
[2010/06/01 19:49:14 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\UnitedHealth Group Job Description, Senior Director, IT Business Services.doc
[2010/06/01 19:49:05 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\UnitedHealth Group Senior Director cover letter of John laoole.doc
[2010/06/01 19:40:18 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\United Health Group Taleo answers saved.doc
[2010/06/01 19:05:02 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of John F laoole for United HealthGroup UHG.doc
[2010/05/31 19:54:57 | 000,001,758 | ---- | M] () -- C:\WINDOWS\Photoshop CS2.MIF
[2010/05/31 19:52:19 | 000,001,742 | ---- | M] () -- C:\WINDOWS\.MIF
[2010/05/29 19:59:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100604-173722.backup
[2010/05/28 10:29:56 | 004,847,478 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\bootanimationcylon final.zip
[2010/05/28 10:27:08 | 000,282,773 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\bootanimation.zip
[2010/05/27 12:14:31 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jonathan Protiviti Security Tools - Feb 08.xls
[2010/05/27 08:40:56 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/27 08:40:55 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/27 08:40:54 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/27 07:50:56 | 000,190,826 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Verizon Wireless Complaint to ILL Attorney General.pdf
[2010/05/26 10:40:54 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Christine Rossiter crossiter@yorksolutions.net.doc
[2010/05/26 10:39:12 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Technical Program Manager, via sapphire and sologig.com.doc
[2010/05/26 09:41:22 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Jeff Barrett@Sapphire.doc
[2010/05/26 09:41:22 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Alex ref Middle East Managed Services Project Director.doc
[2010/05/26 09:14:52 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Sapphire Resume in word with SS non-statement.doc
[2010/05/25 20:49:23 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for CouponsInc.doc
[2010/05/25 16:31:44 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Genentech resume of Jody laoole.doc
[2010/05/25 15:52:15 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Genentech Cover Letter from Jody laoole.doc
[2010/05/25 15:45:25 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Dinesh Kumar.doc
[2010/05/25 15:34:51 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Chris Pagan.doc
[2010/05/25 12:47:58 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Inquira open positions.doc
[2010/05/25 12:47:33 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\TOP EMPLOYERS.doc
[2010/05/25 10:28:27 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Cover InQuira Managed Services Delivery Manager to Scott Brown, VP.doc
[2010/05/25 10:04:50 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, for InQuira.doc
[2010/05/25 10:04:50 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Qualsys.doc
[2010/05/24 07:41:22 | 001,620,707 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Introduction to Computer Security The NIST handbook (290 pages).pdf
[2010/05/24 07:35:01 | 000,183,862 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\GAO Information Security Risk Assessment Practices.pdf
[2010/05/23 16:55:55 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Genentech Cover V2.doc
[2010/05/23 07:56:08 | 000,058,746 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Arizona sb1070s.pdf
[2010/05/21 14:07:41 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume as text Jody laoole for Genentech.doc
[2010/05/21 13:41:55 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Genentech Cover.doc
[2010/05/19 21:32:04 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole, 2010-05-19 for eTrade.doc
[2010/05/19 10:44:05 | 024,791,908 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\b2b.zip
[2010/05/19 10:18:23 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\George P Johnson cover for director of professional services.doc
[2010/05/19 07:08:54 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Covad Project Manager referred by PMI Silicon Valley Chapter.doc
[2010/05/19 00:29:24 | 000,027,545 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Netapp Director IT Business Planning and Operations.pdf
[2010/05/19 00:13:12 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole, for Netapp IT Business Planning and Operations.doc
[2010/05/19 00:13:12 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole, Customer Support DICE 2010-05-15.doc
[2010/05/18 16:35:00 | 000,844,461 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\2002-09-29 fireplace.zip
[2010/05/18 13:06:00 | 000,454,446 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\Msg1274200341.wav
[2010/05/18 11:49:00 | 000,087,324 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\California Insurance Validation 2062034460_6505938224_75034212.tif
[2010/05/17 06:05:30 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, Customer Support Leadership for FormSpring.Me.doc
[2010/05/14 11:19:12 | 000,025,252 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Nielsen Client Services Manager 2010-05-14.pdf
[2010/05/14 10:18:52 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, Sr PMO Manager for Robin at Nielsen.doc
[2010/05/14 10:18:52 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, Recurrent Energy Director Construction Project Management.doc
[2010/05/14 10:18:52 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, for Walgreens.doc
[2010/05/14 10:18:52 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole 2010-05-14 for Nielsen.doc
[2010/05/14 09:18:51 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Matt Wiel recommendation I was VP of sales when Jody joined the company.doc
[2010/05/13 15:26:22 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\Jody reset for Patti's box.cmd
[2010/05/13 10:56:18 | 000,030,549 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Nielsen Canidate information June 2009.pdf
[2010/05/13 10:50:56 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\jflaoole_resume_2009-6-23_Nielsen_Manager of Operations-090625.doc
[2010/05/11 11:57:00 | 000,001,388 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\TV_OUT.lnk
[2010/05/10 22:14:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2010/05/10 22:13:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/05/10 22:11:44 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Jody\Start Menu\Programs\Startup\PdaNet Desktop.lnk
[2010/05/10 22:11:30 | 003,637,104 | ---- | M] (June Fabrics Technology Inc. ) -- C:\Documents and Settings\Jody\Desktop\PdaNetA241.exe
[2010/05/10 20:32:52 | 002,079,423 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\mplayerc_20100214.zip
[2010/05/10 15:05:15 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole, Director Professional Services for KEMA.doc
[2010/05/10 14:58:32 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Six Reasons Why I love my Mother.doc
[2010/05/10 13:09:55 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Kaiser Permanente Cover 011530 Director Systems Technical Support.doc
[2010/05/10 13:00:01 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Kaiser Permanente 011530 Director Systems Technical Support.doc
[2010/05/10 12:47:21 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Technical Support Leadership at Kaiser.doc
[2010/05/10 11:59:20 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\HJ Cover letter.doc
[2010/05/10 10:26:18 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Riverbed Technical Support Leadership.doc
[2010/05/10 10:15:32 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Monster.doc
[2010/05/10 09:38:30 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Dice.doc
[2010/05/10 09:33:17 | 000,128,118 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Dice pdf of my input.pdf
[2010/05/10 09:28:44 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for HJ.doc
[2010/05/08 14:39:34 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for John Bingham ref.doc
[2010/05/06 13:54:27 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Sr PMO Manager for Leyla.doc
[2010/05/06 13:54:27 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Sr PMO Manager for Barbara Freet bfreet@humanresourceadvisors.doc
[2010/05/06 13:54:27 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Sr PM for JobsNPositions@gmail.doc
[2010/05/06 13:54:27 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Sr PM for harsh.gupta@pyramidci.doc
[2010/05/06 13:54:27 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole for DemanTec.doc
[2010/05/06 12:36:29 | 000,061,706 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Project Management requirements rtn to Leyla.TIF
[2010/05/06 11:31:39 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Intacct notes pre-interview.doc
[2010/05/06 08:42:33 | 000,229,433 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Intacct Questions_To_Ask_Your_Cloud_Vendor_WP.pdf
[2010/05/06 07:56:27 | 000,511,567 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Intacct Software ceo cfo outlook 2010.pdf
[2010/05/05 14:06:24 | 000,486,841 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\CSO_Path to CIO_CSO.pdf
[2010/05/05 09:08:23 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\laoole_John_Resume for Pete at Checkpoint.doc
[2010/05/04 17:37:58 | 000,202,975 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\ISACA Cloud Computing.pdf
[2010/05/04 17:04:06 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Jill, executive recruiter.doc
[2010/05/04 07:29:06 | 000,392,355 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100519-154915.backup
[2010/05/03 18:07:39 | 000,065,588 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\usbdeview.zip
[2010/05/03 18:06:22 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Intacct Job Description - Technical Account Manager (April 2010).doc
[2010/05/03 15:47:22 | 2522,203,136 | ---- | M] () -- C:\green_USB
[2010/04/30 09:52:12 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Resume for Cody Crnkovich, GoodData.doc
[2010/04/30 08:58:18 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole forShalesh, Oak Brook Director - Infrastructure Engineering.doc
[2010/04/30 08:58:18 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Marlin ref.doc
[2010/04/30 07:58:06 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\x4.OC6.Gen105.2010-01-25.OC6.iaf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 14:48:29 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\AFNI description, via Emily, Manager Information Security and Privacy.doc
[2010/04/28 23:31:33 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\CCleaner.lnk
[2010/04/28 23:23:31 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody laoole for TAM at Intaact.doc
[2010/04/28 17:05:37 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Final laoo Manual Expense report 2010.xls
[2010/04/28 17:04:31 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Tenereos Final Expenses.xls
[2010/04/28 16:23:00 | 000,093,696 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Final Manual Expense report 2009.xls
[2010/04/28 15:13:02 | 000,000,068 | ---- | M] () -- C:\WINDOWS\E
[2010/04/28 09:28:29 | 000,056,018 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Foothill College careernet.pdf
[2010/04/28 09:08:16 | 029,219,840 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\SalesForce Service Cloud 1st Call Deck.ppt
[2010/04/28 08:57:26 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\CollabNet thought, not shared.doc
[2010/04/28 02:19:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\CollabNet.xls
[2010/04/27 11:08:22 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole thoughts.doc
[2010/04/26 23:08:11 | 003,404,519 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\EdiEZeBR6424NL_1.56.zip
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/23 20:17:25 | 000,216,035 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Viagra FDA warning.pdf
[2010/04/23 20:16:00 | 000,137,089 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Viagra FDA analysis.pdf
[2010/04/23 19:08:36 | 000,240,335 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Viagra Entire Monograph 1 of 2.pdf
[2010/04/23 14:45:10 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody_laoole_Collabnet Updated titles.doc
[2010/04/22 21:58:01 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Amy Malecke to Microsoft.doc
[2010/04/22 10:42:36 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/22 00:00:16 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Matt Davis, Director-VP.doc
[2010/04/22 00:00:16 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Karl McCoy Director-VP.doc
[2010/04/21 14:47:13 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Resume for Donna K PS PM 2010-04-21.doc
[2010/04/20 22:48:35 | 000,595,931 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\hires34738675_7.zip
[2010/04/20 16:33:12 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole 2010-04-20 PCI for John Motley.doc
[2010/04/19 12:58:16 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\JFF 2010-04-19 HJ.doc
[2010/04/15 03:04:40 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/04/14 12:08:17 | 000,000,510 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/14 02:36:05 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody laoole for Kris and GoodData.doc
[2010/04/12 23:59:05 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody laoole Customer Support for Davis Instruments.doc
[2010/04/12 22:28:54 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody laoole 2010 04 12.doc
[2010/04/12 21:35:42 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Resume as Technical Project Manager.doc
[2010/04/12 21:35:42 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Resume as PM for Hanson 491G.doc
[2010/04/12 21:23:22 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for Hanson Professional Services PM.doc
[2010/04/08 12:44:42 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\cover merge.xls
[2010/04/08 12:38:44 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Cover merge w excel.doc
[2010/04/08 12:16:46 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Cyber Coders questions answered..doc
[2010/04/07 17:44:02 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume John laoole, for on24.doc
[2010/04/07 17:44:02 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume John laoole 2010 04 07.doc
[2010/04/07 17:42:48 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for on24.doc
[2010/04/07 16:06:39 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jlaoole for Karl McCoy.doc
[2010/04/07 16:06:39 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, for Sapient Director, Program Management.doc
[2010/04/07 16:06:39 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole, for Logitech, Program Management.doc
[2010/04/07 12:31:06 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for Sapient PMO Director.doc
[2010/04/06 19:24:03 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, for Josh Thomas.doc
[2010/04/06 19:23:50 | 000,357,376 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\CollabNet self briefing.doc
[2010/04/06 13:54:53 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for Career Builder.doc
[2010/04/06 13:41:22 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Career Builder 20100406.doc
[2010/04/06 13:14:47 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Project Expert for William Gregory.doc
[2010/04/06 08:40:13 | 000,220,357 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Gartner MarketScope for Application Life Cycle Management.pdf
[2010/04/06 08:32:50 | 000,676,977 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Gartner Magic Quadrant for Integrated Software Quality Suites ALM.pdf
[2010/04/05 23:57:43 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Project Engineer for Glen Keenan.doc
[2010/04/05 23:29:37 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Tate & Lyle (by Tim Luallen) Decatur, IL TL - Manager Information Security.doc
[2010/04/05 21:31:10 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Information Security Tate & Lyle.doc
[2010/04/03 17:58:54 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Job description Director of Customer Service, Solution Partners.doc
[2010/04/03 00:06:09 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for Levi Strauss.doc
[2010/04/03 00:05:15 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Levi Strauss.doc
[2010/04/02 23:20:23 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Bare Escentuals Sr Dir IT Ops.doc
[2010/04/02 23:13:56 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Customer Support generic HJ cover letter.doc
[2010/04/02 22:40:48 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Customer Support cover letter.doc
[2010/04/02 21:42:09 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Illinois Institute of Technology Cover letter.doc
[2010/04/02 21:30:02 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, IT for Ill Inst of Tech 20100401.doc
[2010/04/02 12:26:49 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, IT, PMO, PS VMware 20100401.doc
[2010/04/02 12:23:46 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\VMware cover letter.doc
[2010/04/02 11:47:11 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, IT, PMO, to Sunil Samani 20100401.doc
[2010/04/02 11:47:11 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, IT, PMO, to Eric 20100401.doc
[2010/04/01 12:21:52 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Information Security pro-techsearch 20100401.doc
[2010/03/31 23:29:26 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Litepoint Skills and Capabilities.doc
[2010/03/31 19:16:08 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Infineon 20100330.doc
[2010/03/31 18:32:28 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Infineon cover letter.doc
[2010/03/31 15:23:19 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Perficient 20100330.doc
[2010/03/31 09:29:54 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume laooleJ_Walmart_20100331.doc
[2010/03/31 09:23:40 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Walmart cover letter.doc
[2010/03/30 20:49:29 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\PG&E Cover.doc
[2010/03/30 16:58:20 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director PGE 20100330.doc
[2010/03/30 15:04:41 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Monster 20100330.doc
[2010/03/30 14:55:04 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Dice 20100330.doc
[2010/03/30 14:30:28 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director HJ 20100330.doc
[2010/03/30 13:48:35 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director HJ 20100330 upload only.doc
[2010/03/29 23:07:58 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume John_laoole_CS_ 20100329.doc
[2010/03/29 17:33:14 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Soccer California Assignors.xls
[2010/03/29 15:04:38 | 000,027,518 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Abbie student tax deduction.docx
[2010/03/29 13:53:32 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/03/29 10:18:18 | 000,382,708 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Abbies w2 2009 20100309081657009.pdf
[2010/03/26 18:45:58 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume John_laoole_PM_20100326 Not Yet Used, updated PM w budget, PnL.doc
[2010/03/26 17:50:22 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume John_laoole_Risk-PCI_20100326.doc
[2010/03/26 14:04:03 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume John_laoole_PM_20100326.doc
[2010/03/25 10:37:58 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody_laoole_20100325.doc
[2010/03/25 10:35:15 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Resume of Director Jody_laoole_2010-03-24.doc
[2010/03/25 09:03:25 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Monico Mallari MGM Resume 031910.doc
[2010/03/24 08:19:00 | 013,234,855 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\03 Lassoo (Original Mix).m4a
[2010/03/23 16:02:40 | 072,588,804 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\(ISC)² Safe and Secure Online volunteer archive2.zip
[2010/03/22 18:55:38 | 004,658,249 | ---- | M] () -- C:\TurboTax-JB.zip.jff
[2010/03/22 18:44:00 | 012,632,408 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\TurboTax.zip
[2010/03/22 17:34:15 | 000,052,628 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\IDES Claim Summary 3-19-2010.pdf
[2010/03/22 16:00:00 | 000,025,164 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Illinois State Police, no records for John laoole 11-23-2009.tif
[2010/03/22 08:57:08 | 000,379,997 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100504-072906.backup
[2010/03/11 15:58:21 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Input Director.lnk
[2010/03/11 15:57:40 | 002,458,177 | ---- | M] () -- C:\Documents and Settings\Jody\Desktop\InputDirector.v1.2.2.zip
[2010/03/11 15:12:23 | 000,000,067 | ---- | M] () -- C:\WINDOWS\synergy.sgc
[2010/03/08 19:40:19 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Jody\My Documents\Soccer california ussf.xls

========== Files Created - No Company Name ==========

[2010/06/05 18:43:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/06/05 07:48:27 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\Shortcut to Geekstogo instructions.lnk
[2010/06/05 07:09:16 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Geekstogo instructions.doc
[2010/06/04 17:42:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/04 17:42:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/04 17:42:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/04 17:42:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/04 17:42:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/04 17:32:02 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\Jody\Desktop\ComboFixRenamed.exe
[2010/06/04 11:34:15 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of John laoole to Alight Planning Dir Client Services.doc
[2010/06/04 08:44:21 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\Windows Media Player.lnk
[2010/06/03 20:45:07 | 2146,422,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/03 17:57:41 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\Palm Desktop.lnk
[2010/06/03 13:53:57 | 047,017,984 | ---- | C] () -- C:\WINDOWS\System32\RBS
[2010/06/03 12:21:52 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\hijacksthis running processes.xls
[2010/06/02 16:36:15 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume John laoole to Yahoo as Sr. Manager, PMO.doc
[2010/06/02 16:36:15 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume John laoole to Realization Technologies as PM.doc
[2010/06/01 19:51:06 | 000,031,894 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\UnitedHealth Group job submission.pdf
[2010/06/01 19:49:05 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\UnitedHealth Group Senior Director cover letter of John laoole.doc
[2010/06/01 19:40:18 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\United Health Group Taleo answers saved.doc
[2010/06/01 17:45:23 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of John F laoole for United HealthGroup UHG.doc
[2010/06/01 17:39:59 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\UnitedHealth Group Job Description, Senior Director, IT Business Services.doc
[2010/05/31 16:53:32 | 000,001,758 | ---- | C] () -- C:\WINDOWS\Photoshop CS2.MIF
[2010/05/31 16:50:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2010/05/31 16:50:27 | 000,001,742 | ---- | C] () -- C:\WINDOWS\.MIF
[2010/05/28 10:29:54 | 004,847,478 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\bootanimationcylon final.zip
[2010/05/28 10:27:04 | 000,282,773 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\bootanimation.zip
[2010/05/27 12:10:00 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jonathan Protiviti Security Tools - Feb 08.xls
[2010/05/27 07:50:56 | 000,190,826 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Verizon Wireless Complaint to ILL Attorney General.pdf
[2010/05/26 10:39:32 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Christine Rossiter crossiter@yorksolutions.net.doc
[2010/05/26 10:20:44 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Alex ref Middle East Managed Services Project Director.doc
[2010/05/26 09:40:20 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Jeff Barrett@Sapphire.doc
[2010/05/26 09:14:51 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Sapphire Resume in word with SS non-statement.doc
[2010/05/26 07:19:12 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Technical Program Manager, via sapphire and sologig.com.doc
[2010/05/25 21:23:10 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Qualsys.doc
[2010/05/25 20:48:15 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for CouponsInc.doc
[2010/05/25 16:28:51 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Genentech resume of Jody laoole.doc
[2010/05/25 15:52:15 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Genentech Cover Letter from Jody laoole.doc
[2010/05/25 15:44:29 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Dinesh Kumar.doc
[2010/05/25 15:32:55 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole for Chris Pagan.doc
[2010/05/25 12:47:58 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Inquira open positions.doc
[2010/05/25 12:47:32 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\TOP EMPLOYERS.doc
[2010/05/25 09:58:18 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, for InQuira.doc
[2010/05/25 07:37:09 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Cover InQuira Managed Services Delivery Manager to Scott Brown, VP.doc
[2010/05/24 07:41:22 | 001,620,707 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Introduction to Computer Security The NIST handbook (290 pages).pdf
[2010/05/24 07:35:01 | 000,183,862 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\GAO Information Security Risk Assessment Practices.pdf
[2010/05/23 15:20:31 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Genentech Cover V2.doc
[2010/05/23 07:56:08 | 000,058,746 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Arizona sb1070s.pdf
[2010/05/21 14:07:41 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume as text Jody laoole for Genentech.doc
[2010/05/21 11:53:28 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Genentech Cover.doc
[2010/05/19 23:14:15 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, for Walgreens.doc
[2010/05/19 21:32:03 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole, 2010-05-19 for eTrade.doc
[2010/05/19 10:43:58 | 024,791,908 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\b2b.zip
[2010/05/19 10:18:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\George P Johnson cover for director of professional services.doc
[2010/05/19 07:08:53 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Covad Project Manager referred by PMI Silicon Valley Chapter.doc
[2010/05/19 00:29:24 | 000,027,545 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Netapp Director IT Business Planning and Operations.pdf
[2010/05/19 00:28:00 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole, for Netapp IT Business Planning and Operations.doc
[2010/05/18 23:29:51 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole, Customer Support DICE 2010-05-15.doc
[2010/05/18 16:35:00 | 000,844,461 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\2002-09-29 fireplace.zip
[2010/05/18 13:06:00 | 000,454,446 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\Msg1274200341.wav
[2010/05/18 11:49:00 | 000,087,324 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\California Insurance Validation 2062034460_6505938224_75034212.tif
[2010/05/17 05:53:11 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, Customer Support Leadership for FormSpring.Me.doc
[2010/05/17 05:37:58 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, Recurrent Energy Director Construction Project Management.doc
[2010/05/14 11:19:12 | 000,025,252 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Nielsen Client Services Manager 2010-05-14.pdf
[2010/05/14 10:47:29 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole 2010-05-14 for Nielsen.doc
[2010/05/14 10:16:54 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jody laoole, Sr PMO Manager for Robin at Nielsen.doc
[2010/05/13 15:24:11 | 000,000,333 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\Jody reset for Patti's box.cmd
[2010/05/13 10:56:18 | 000,030,549 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Nielsen Canidate information June 2009.pdf
[2010/05/13 06:35:01 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Matt Wiel recommendation I was VP of sales when Jody joined the company.doc
[2010/05/12 13:48:51 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Sr PM for JobsNPositions@gmail.doc
[2010/05/12 13:47:28 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Sr PM for harsh.gupta@pyramidci.doc
[2010/05/12 06:38:28 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Sr PMO Manager for Barbara Freet bfreet@humanresourceadvisors.doc
[2010/05/10 22:14:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2010/05/10 22:13:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/05/10 22:11:44 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Jody\Start Menu\Programs\Startup\PdaNet Desktop.lnk
[2010/05/10 20:32:46 | 002,079,423 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\mplayerc_20100214.zip
[2010/05/10 15:05:14 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole, Director Professional Services for KEMA.doc
[2010/05/10 14:58:32 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Six Reasons Why I love my Mother.doc
[2010/05/10 13:26:26 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole for DemanTec.doc
[2010/05/10 13:09:55 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Kaiser Permanente Cover 011530 Director Systems Technical Support.doc
[2010/05/10 12:18:44 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Technical Support Leadership at Kaiser.doc
[2010/05/10 12:00:42 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Kaiser Permanente 011530 Director Systems Technical Support.doc
[2010/05/10 11:59:20 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\HJ Cover letter.doc
[2010/05/10 10:25:11 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Riverbed Technical Support Leadership.doc
[2010/05/10 10:14:24 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Monster.doc
[2010/05/10 09:37:11 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Dice.doc
[2010/05/10 09:33:17 | 000,128,118 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Dice pdf of my input.pdf
[2010/05/10 09:22:19 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for HJ.doc
[2010/05/07 09:49:46 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for John Bingham ref.doc
[2010/05/06 12:58:31 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Sr PMO Manager for Leyla.doc
[2010/05/06 12:36:29 | 000,061,706 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Project Management requirements rtn to Leyla.TIF
[2010/05/06 08:57:50 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Intacct notes pre-interview.doc
[2010/05/06 08:42:33 | 000,229,433 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Intacct Questions_To_Ask_Your_Cloud_Vendor_WP.pdf
[2010/05/06 07:56:27 | 000,511,567 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Intacct Software ceo cfo outlook 2010.pdf
[2010/05/05 14:06:24 | 000,486,841 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\CSO_Path to CIO_CSO.pdf
[2010/05/05 09:08:22 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\laoole_John_Resume for Pete at Checkpoint.doc
[2010/05/04 17:37:58 | 000,202,975 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\ISACA Cloud Computing.pdf
[2010/05/04 17:03:14 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Jill, executive recruiter.doc
[2010/05/03 18:07:35 | 000,065,588 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\usbdeview.zip
[2010/05/03 18:04:45 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Intacct Job Description - Technical Account Manager (April 2010).doc
[2010/05/03 14:42:12 | 2522,203,136 | ---- | C] () -- C:\green_USB
[2010/04/30 09:52:02 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole Resume for Cody Crnkovich, GoodData.doc
[2010/04/30 09:02:16 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole forShalesh, Oak Brook Director - Infrastructure Engineering.doc
[2010/04/30 08:58:17 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Marlin ref.doc
[2010/04/30 07:58:06 | 000,000,343 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\x4.OC6.Gen105.2010-01-25.OC6.iaf
[2010/04/29 14:48:28 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\AFNI description, via Emily, Manager Information Security and Privacy.doc
[2010/04/28 23:20:04 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody laoole for TAM at Intaact.doc
[2010/04/28 16:39:18 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Final laoo Manual Expense report 2010.xls
[2010/04/28 16:23:00 | 000,093,696 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Final Manual Expense report 2009.xls
[2010/04/28 09:28:29 | 000,056,018 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Foothill College careernet.pdf
[2010/04/28 09:04:50 | 029,219,840 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\SalesForce Service Cloud 1st Call Deck.ppt
[2010/04/28 08:57:26 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\CollabNet thought, not shared.doc
[2010/04/28 02:19:03 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\CollabNet.xls
[2010/04/27 11:08:22 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jody laoole thoughts.doc
[2010/04/26 23:08:09 | 003,404,519 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\EdiEZeBR6424NL_1.56.zip
[2010/04/26 16:00:42 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Tenereos Final Expenses.xls
[2010/04/23 20:17:25 | 000,216,035 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Viagra FDA warning.pdf
[2010/04/23 20:16:00 | 000,137,089 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Viagra FDA analysis.pdf
[2010/04/23 19:08:36 | 000,240,335 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Viagra Entire Monograph 1 of 2.pdf
[2010/04/23 10:12:51 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody_laoole_Collabnet Updated titles.doc
[2010/04/22 14:47:40 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Amy Malecke to Microsoft.doc
[2010/04/22 14:42:20 | 000,004,504 | ---- | C] () -- C:\Documents and Settings\Jody\Microsoft Support Engineer Manager.txt
[2010/04/22 10:42:36 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/22 09:58:58 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Matt Davis, Director-VP.doc
[2010/04/22 00:00:16 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole for Karl McCoy Director-VP.doc
[2010/04/21 14:46:19 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Resume for Donna K PS PM 2010-04-21.doc
[2010/04/20 22:48:31 | 000,595,931 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\hires34738675_7.zip
[2010/04/20 12:14:25 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFlaoole 2010-04-20 PCI for John Motley.doc
[2010/04/19 12:49:40 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\JFF 2010-04-19 HJ.doc
[2010/04/12 23:58:31 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody laoole Customer Support for Davis Instruments.doc
[2010/04/12 23:39:52 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Resume as Technical Project Manager.doc
[2010/04/12 22:24:56 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody laoole 2010 04 12.doc
[2010/04/12 22:24:56 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody laoole for Kris and GoodData.doc
[2010/04/12 21:21:05 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for Hanson Professional Services PM.doc
[2010/04/12 20:13:01 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Resume as PM for Hanson 491G.doc
[2010/04/12 10:54:50 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Jlaoole for Karl McCoy.doc
[2010/04/08 12:44:39 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\cover merge.xls
[2010/04/08 10:36:38 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Cover merge w excel.doc
[2010/04/07 23:03:43 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole, for Logitech, Program Management.doc
[2010/04/07 17:42:29 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for on24.doc
[2010/04/07 17:39:59 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume John laoole, for on24.doc
[2010/04/07 17:39:59 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume John laoole 2010 04 07.doc
[2010/04/07 12:15:42 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for Sapient PMO Director.doc
[2010/04/07 12:04:35 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, for Sapient Director, Program Management.doc
[2010/04/07 10:39:20 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Cyber Coders questions answered..doc
[2010/04/06 14:45:53 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, for Josh Thomas.doc
[2010/04/06 13:54:53 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for Career Builder.doc
[2010/04/06 13:10:59 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Career Builder 20100406.doc
[2010/04/06 09:23:14 | 000,357,376 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\CollabNet self briefing.doc
[2010/04/06 08:40:13 | 000,220,357 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Gartner MarketScope for Application Life Cycle Management.pdf
[2010/04/06 08:32:47 | 000,676,977 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Gartner Magic Quadrant for Integrated Software Quality Suites ALM.pdf
[2010/04/05 23:54:51 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Project Expert for William Gregory.doc
[2010/04/05 23:54:51 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Project Engineer for Glen Keenan.doc
[2010/04/05 21:23:07 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Information Security Tate & Lyle.doc
[2010/04/05 21:14:47 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Tate & Lyle (by Tim Luallen) Decatur, IL TL - Manager Information Security.doc
[2010/04/03 17:58:54 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Job description Director of Customer Service, Solution Partners.doc
[2010/04/03 00:06:09 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Jlaoole Cover for Levi Strauss.doc
[2010/04/03 00:05:15 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Levi Strauss.doc
[2010/04/02 23:16:42 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Bare Escentuals Sr Dir IT Ops.doc
[2010/04/02 23:13:56 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Customer Support generic HJ cover letter.doc
[2010/04/02 22:40:47 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Customer Support cover letter.doc
[2010/04/02 21:39:20 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Illinois Institute of Technology Cover letter.doc
[2010/04/02 21:28:24 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, IT for Ill Inst of Tech 20100401.doc
[2010/04/02 11:58:05 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, IT, PMO, to Sunil Samani 20100401.doc
[2010/04/02 11:47:31 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, IT, PMO, to Eric 20100401.doc
[2010/04/02 10:46:45 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\VMware cover letter.doc
[2010/04/01 21:32:27 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, IT, PMO, PS VMware 20100401.doc
[2010/04/01 08:28:53 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Information Security pro-techsearch 20100401.doc
[2010/03/31 23:29:26 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Litepoint Skills and Capabilities.doc
[2010/03/31 19:14:01 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Infineon 20100330.doc
[2010/03/31 17:26:06 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Infineon cover letter.doc
[2010/03/31 15:13:27 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Perficient 20100330.doc
[2010/03/31 09:29:33 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume laooleJ_Walmart_20100331.doc
[2010/03/31 09:22:48 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Walmart cover letter.doc
[2010/03/30 20:49:29 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\PG&E Cover.doc
[2010/03/30 16:43:45 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director PGE 20100330.doc
[2010/03/30 15:04:22 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Monster 20100330.doc
[2010/03/30 14:31:38 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director Dice 20100330.doc
[2010/03/30 13:46:43 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director HJ 20100330 upload only.doc
[2010/03/30 13:16:32 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jlaoole, Director HJ 20100330.doc
[2010/03/29 23:05:51 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume John_laoole_CS_ 20100329.doc
[2010/03/29 17:33:12 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Soccer California Assignors.xls
[2010/03/29 15:04:38 | 000,027,518 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Abbie student tax deduction.docx
[2010/03/29 10:18:18 | 000,382,708 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Abbies w2 2009 20100309081657009.pdf
[2010/03/29 08:40:46 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/03/26 18:45:57 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume John_laoole_PM_20100326 Not Yet Used, updated PM w budget, PnL.doc
[2010/03/26 16:22:22 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume John_laoole_Risk-PCI_20100326.doc
[2010/03/26 13:37:20 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume John_laoole_PM_20100326.doc
[2010/03/25 10:37:15 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume Jody_laoole_20100325.doc
[2010/03/25 09:03:25 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Monico Mallari MGM Resume 031910.doc
[2010/03/24 12:39:25 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Resume of Director Jody_laoole_2010-03-24.doc
[2010/03/24 08:19:00 | 013,234,855 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\03 Lassoo (Original Mix).m4a
[2010/03/23 16:02:38 | 072,588,804 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\(ISC)² Safe and Secure Online volunteer archive2.zip
[2010/03/22 18:55:37 | 004,658,249 | ---- | C] () -- C:\TurboTax-JB.zip.jff
[2010/03/22 18:44:00 | 012,632,408 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\TurboTax.zip
[2010/03/22 17:34:15 | 000,052,628 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\IDES Claim Summary 3-19-2010.pdf
[2010/03/22 16:00:00 | 000,025,164 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Illinois State Police, no records for John laoole 11-23-2009.tif
[2010/03/11 15:58:21 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Input Director.lnk
[2010/03/11 15:57:18 | 002,458,177 | ---- | C] () -- C:\Documents and Settings\Jody\Desktop\InputDirector.v1.2.2.zip
[2010/03/08 19:40:17 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Jody\My Documents\Soccer california ussf.xls
[2010/01/07 02:07:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/12/21 01:46:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/20 11:43:45 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/11/20 11:35:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 12:13:09 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/17 18:44:51 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/17 18:44:46 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/17 18:44:46 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/17 18:44:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/17 18:44:43 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/17 18:44:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/03 14:40:00 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\ECA0E6C550.dll
[2009/02/01 01:25:06 | 000,000,880 | ---- | C] () -- C:\WINDOWS\FAUVE.INI
[2009/02/01 00:29:32 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009/01/21 10:00:36 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\bfturboh.sys
[2009/01/21 09:55:14 | 000,006,618 | ---- | C] () -- C:\WINDOWS\UN070410.INI
[2008/11/02 09:15:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/11/02 09:15:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2008/05/14 05:27:55 | 000,025,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/05/05 06:42:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2008/04/27 12:50:26 | 000,003,195 | ---- | C] () -- C:\WINDOWS\SA8.ini
[2008/04/27 12:50:26 | 000,000,421 | ---- | C] () -- C:\WINDOWS\SA4_WKSP.INI
[2008/04/27 12:50:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\SA4_DRAW.INI
[2008/04/27 12:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DeLGPS.ini
[2008/04/27 09:08:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/04/19 20:29:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/04/17 12:01:14 | 000,000,240 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/04/13 14:23:16 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/09 13:44:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2008/04/09 13:44:09 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/04/09 13:43:40 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2008/04/09 12:26:22 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/09 11:20:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/04/09 11:00:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/09 10:58:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2008/04/09 10:58:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2008/04/09 10:58:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/08/09 10:08:04 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/11 03:06:32 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2005/07/05 21:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/01/07 12:15:56 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/03/19 12:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/01/09 06:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/08/06 15:23:08 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/02/20 09:32:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

========== LOP Check ==========

[2009/02/17 12:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/08/10 08:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/01/14 11:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/08/28 03:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/08/28 12:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/01/27 11:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/04/26 19:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/05/14 08:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2008/05/17 11:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Inbit
[2009/03/22 10:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/04/01 06:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2009/12/21 01:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\motorola
[2008/10/12 20:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/04/27 17:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/01/31 01:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2009/12/10 07:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/17 11:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/17 18:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/04/26 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\4Team
[2008/05/14 05:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\AT&T
[2008/10/25 11:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Avaya
[2010/06/03 07:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Azureus
[2008/05/14 05:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Bytemobile
[2009/12/13 21:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\CompanionLink
[2009/01/12 14:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Copernic
[2008/05/14 05:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\DBUpdater
[2009/08/19 09:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\DVDFab
[2009/01/27 11:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\FileOpen
[2008/04/26 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\HotSync
[2008/06/09 15:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\IBM
[2008/08/26 17:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\ICAClient
[2009/08/22 08:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\IObit
[2008/04/26 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\IsolatedStorage
[2008/04/26 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Leadertech
[2009/04/02 17:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Memeo
[2009/12/21 01:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\motorola
[2008/10/28 22:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\OfficeUpdate12
[2008/10/29 20:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Opera
[2009/12/04 22:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Productivity Tools
[2008/05/14 05:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Sierra Wireless
[2008/12/01 20:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Skinux
[2008/04/26 19:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Smith Micro
[2009/01/01 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Snapfish
[2008/05/05 17:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Subversion
[2009/02/23 09:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Viewpoint
[2010/05/19 14:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Vso
[2009/12/04 22:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\Webex
[2009/07/14 11:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jody\Application Data\WinPatrol
[2008/10/12 21:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Avaya
[2008/05/14 05:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/03/22 10:23:39 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/09/22 09:51:00 | 002,035,106 | ---- | M] () -- C:\100_3975 Brooke and her tree.JPG
[2010/02/12 00:35:18 | 000,001,600 | ---- | M] () -- C:\additdiag.txt
[2008/04/11 06:38:42 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2009/02/02 07:03:20 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2009/09/29 12:09:12 | 000,000,264 | RHS- | M] () -- C:\BOOT.INI
[2008/04/09 13:47:18 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2008/04/09 11:01:22 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2003/02/20 08:54:04 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2008/04/09 10:59:38 | 000,000,355 | ---- | M] () -- C:\ccrrec.ver
[2004/08/03 21:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/04 17:56:53 | 000,020,051 | ---- | M] () -- C:\ComboFix.txt
[2008/04/11 06:38:42 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2008/04/09 13:51:16 | 000,000,928 | ---- | M] () -- C:\drivez.log
[2010/05/03 15:47:22 | 2522,203,136 | ---- | M] () -- C:\green_USB
[2010/06/05 18:31:35 | 2146,422,784 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/13 10:21:07 | 000,000,024 | ---- | M] () -- C:\inf.txt
[2008/04/11 06:38:42 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/11/01 15:39:47 | 000,017,613 | ---- | M] () -- C:\log.txt
[2009/07/17 08:29:32 | 160,432,128 | ---- | M] () -- C:\LogFile.Etl
[2008/04/09 13:49:44 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
[2010/06/03 13:02:05 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/12/18 02:22:59 | 028,984,964 | ---- | M] () -- C:\Michniewicz 4 generations of women.PDD
[2008/04/13 10:57:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/06/10 17:14:31 | 000,000,033 | ---- | M] () -- C:\nofile.txt
[2008/04/09 13:29:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/12 21:07:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/05 18:31:33 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/08/19 15:31:38 | 000,009,216 | ---- | M] () -- C:\palm.grf
[2009/09/24 12:19:00 | 000,035,280 | ---- | M] () -- C:\RootRepeal report 09-24-09 (14-19-00).txt
[2009/09/27 13:45:28 | 000,006,626 | ---- | M] () -- C:\RootRepeal report 09-27-09 (15-45-28).txt
[2009/09/28 15:01:37 | 000,040,044 | ---- | M] () -- C:\RootRepeal report 09-28-09 (17-01-37).txt
[2009/09/30 05:38:07 | 000,040,650 | ---- | M] () -- C:\RootRepeal report 09-30-09 (07-38-07).txt
[2009/10/02 16:14:48 | 000,000,016 | ---- | M] () -- C:\RootRepeal report 10-02-09 (18-14-48).txt
[2009/11/01 18:54:36 | 000,000,016 | ---- | M] () -- C:\RootRepeal report 11-01-09 (19-54-36).txt
[2010/05/27 08:31:00 | 000,000,086 | ---- | M] () -- C:\Setup.log
[2010/05/27 08:24:06 | 000,000,159 | ---- | M] () -- C:\SetupLCVI.log
[2010/05/27 08:45:10 | 000,000,159 | ---- | M] () -- C:\SetupLCVU.log
[2008/04/09 12:26:22 | 000,001,543 | ---- | M] () -- C:\SYSLEVEL.IBM
[2008/04/09 12:25:18 | 000,000,043 | ---- | M] () -- C:\TCPACHIP.LOG
[2010/03/22 18:55:38 | 004,658,249 | ---- | M] () -- C:\TurboTax-JB.zip.jff
[2009/05/12 19:49:45 | 000,000,267 | ---- | M] () -- C:\WirelessDiagLog.csv
[2009/07/17 08:29:44 | 000,282,224 | ---- | M] () -- C:\xpbootlog.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 05:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 05:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/02/20 09:02:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/02/20 09:02:10 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/02/20 09:02:10 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< c:\windows\system32\bblincra.dll /md5 >

< c:\windows\system32\wininet.dll /md5 >
[2010/03/11 05:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) MD5=B6AB2EB1DA4BB29079B84AC842520670 -- C:\WINDOWS\system32\wininet.dll

< c:\windows\system32\ieencode.dll /md5 >
[2010/03/11 05:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=95E4DB9C68BA89C8A0C5184685F19EDA -- C:\WINDOWS\system32\ieencode.dll

< c:\windows\system32\corpol.dll /md5 >
[2010/03/11 05:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=884C8D2591E5CC3C3CAC2B35029D7E7D -- C:\WINDOWS\system32\corpol.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\mswebdvd.dll:SummaryInformation
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7917A38
< End of report >

OTL Extras logfile created on: 6/6/2010 7:19:19 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Jody\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.50 Gb Total Space | 32.05 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T42-JFF
Current User Name: Jody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- File not found
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- File not found
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- File not found
"C:\Program Files\Input Director\InputDirector.exe" = C:\Program Files\Input Director\InputDirector.exe:*:Enabled:Input Director -- ()
"C:\Program Files\Input Director\InputDirectorSessionHelper.exe" = C:\Program Files\Input Director\InputDirectorSessionHelper.exe:*:Enabled:Input Director Session Helper -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\CollabNet Subversion Server\httpd\bin\Apache.exe" = C:\Program Files\CollabNet Subversion Server\httpd\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Input Director\InputDirector.exe" = C:\Program Files\Input Director\InputDirector.exe:*:Enabled:Input Director -- ()
"C:\Program Files\Input Director\InputDirectorSessionHelper.exe" = C:\Program Files\Input Director\InputDirectorSessionHelper.exe:*:Enabled:Input Director Session Helper -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE" = C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00584BEA-3795-409A-A2A9-66CDE1103A0A}" = WebEx Productivity Tools
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37EBB600-EAA2-012B-AD89-000000000000}" = TurboTax 2009 wiliper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}" = Lenovo Hard Drive Quick Test
"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{473E9B0A-C70A-4891-A74F-72D6877A5FAC}" = CompanionLink for Google
"{47F294A8-AAA7-43F3-B494-77FE7A7B404C}" = DVR Controls 2.0
"{50EE3E64-FE60-4803-BCDC-A8CD6830D185}" = Documents To Go
"{52242A19-B603-4A86-9101-8B6E0442C16C}" = Palm
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5D30FCC4-F7C9-488E-90D2-5A6C132039FD}" = SnagIt 6
"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.5
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{82B2DB92-98CA-4a0e-B1BD-18B6E2D320CB}" = Memeo Backup
"{833CF9E6-42DD-46EB-BC96-50A88FFC7A61}" = Foxit PDF Preview Handler for XP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C84C6E-2A24-478F-B421-5B69B3919DE8}" = VZAccess Manager
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C66BE4C2-E583-473D-8719-AE05CD7EDEE2}" = PalmTether
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}" = Palm
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{FB394215-5A77-46B7-A035-12BBFAA4D665}" = Adobe Acrobat Connect Pro Add-in for Microsoft Outlook
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"32fsu32_is1" = File Scavenger 3.2 (English)
"8461-7759-5462-8226" = Vuze
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Acrobat Connect Pro Add-in for Microsoft Outlook_is1" = Adobe Acrobat Connect Pro Add-in for Microsoft Outlook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"AutoHotkey" = AutoHotkey 1.0.48.05
"CCleaner" = CCleaner
"CodInstl" = Intel A/V Codecs V2.0
"Copernic Agent Basic" = Copernic Agent Basic
"Countdown Clock Demo 3.3" = Countdown Clock Demo 3.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Google Calendar Sync" = Google Calendar Sync
"HijackThis" = HijackThis 2.0.2
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"hp officejet v series 1209995096" = hp officejet v series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Input Director" = Input Director v1.2.2
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetSwitcher for Windows" = NetSwitcher for Windows
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PC-Doctor for Windows" = Lenovo System Toolbox
"PdaNet_is1" = PdaNet for Android 2.41
"PeerGuardian_is1" = PeerGuardian 2.0
"Pocket Tunes" = Pocket Tunes 4.0.6
"Power Management Driver" = ThinkPad Power Management Driver
"PRJPROR" = Microsoft Office Project Professional 2007
"ST6UNST #1" = SubSync
"Street Atlas USA 8.0" = Street Atlas USA 8.0
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Textanz_is1" = Textanz 2.4
"The KMPlayer" = The KMPlayer (remove only)
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TurboTax 2009" = TurboTax 2009
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"UN070410" = BUFFALO TurboUSB for FLASH/HDD
"VISPROR" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-228494952-3277817695-227144936-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2010 1:48:05 PM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

Error - 6/5/2010 6:51:07 PM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

Error - 6/5/2010 6:53:23 PM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

Error - 6/5/2010 9:31:53 PM | Computer Name = T42-JFF | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 6/5/2010 11:45:35 PM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

Error - 6/5/2010 11:46:15 PM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

Error - 6/6/2010 4:45:10 AM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

Error - 6/6/2010 4:45:50 AM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

Error - 6/6/2010 9:45:13 AM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

Error - 6/6/2010 9:45:52 AM | Computer Name = T42-JFF | Source = MsiInstaller | ID = 11402
Description =

[ OSession Events ]
Error - 1/30/2009 8:31:18 AM | Computer Name = T42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 50022
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 6/18/2009 11:55:19 AM | Computer Name = T42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31705
seconds with 900 seconds of active time. This session ended with a crash.

Error - 9/18/2009 1:14:49 PM | Computer Name = T42-JFF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/28/2009 7:46:27 PM | Computer Name = T42-JFF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/13/2009 4:54:23 PM | Computer Name = T42-JFF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29184
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 10/13/2009 5:05:12 PM | Computer Name = T42-JFF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 629
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/15/2009 4:45:15 PM | Computer Name = T42-JFF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12961
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 11/23/2009 12:09:28 PM | Computer Name = T42-JFF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/11/2009 8:17:44 AM | Computer Name = T42-JFF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20118
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/14/2009 11:33:46 PM | Computer Name = T42-JFF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 75394
seconds with 2400 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/5/2010 10:41:26 AM | Computer Name = T42-JFF | Source = Service Control Manager | ID = 7034
Description = The ThinkPad PM Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/5/2010 10:41:26 AM | Computer Name = T42-JFF | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/5/2010 10:41:26 AM | Computer Name = T42-JFF | Source = Service Control Manager | ID = 7034
Description = The IBM Rapid Restore Ultra Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/5/2010 10:41:26 AM | Computer Name = T42-JFF | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/5/2010 10:41:27 AM | Computer Name = T42-JFF | Source = Service Control Manager | ID = 7034
Description = The ThinkVantage Registry Monitor Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/5/2010 10:41:27 AM | Computer Name = T42-JFF | Source = Service Control Manager | ID = 7034
Description = The ThinkPad HDD APS Logging Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/5/2010 10:41:27 AM | Computer Name = T42-JFF | Source = Service Control Manager | ID = 7034
Description = The TVT Scheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 6/5/2010 10:41:27 AM | Computer Name = T42-JFF | Source = Service Control Manager | ID = 7034
Description = The System Update service terminated unexpectedly. It has done this
1 time(s).

Error - 6/5/2010 5:16:31 PM | Computer Name = T42-JFF | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{7A31473A-083F-4AED-BA18-831ECFCE95ED}. The
backup browser is stopping.

Error - 6/6/2010 1:49:36 AM | Computer Name = T42-JFF | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{7A31473A-083F-4AED-BA18-831ECFCE95ED}. The
backup browser is stopping.

< End of report >

#9 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 07 June 2010 - 11:09 AM

8:20 PM PD 6/6/2010 Noticed Internet Explorer new tabs would NOT open with my home page, although the box to use home page was checked. It seemed simple enough, and microsoft.com self-service invoked a known fix it: which reset the internet explorer settings:

Microsoft Fix It 50195
disabling browser addons
deleting browser history
resetting user customizations
ap[plying manufacturer's settings

Just keeping you in the loop... believing it completely unreleated (although I've been wrong before.) But that didn't fix anything. Then I noticed that IE 7 was running; so odd; because months earlier I had installed IE 8!

Although I had ie 8 installed (before the username issue) it defaulted back to ie 7.
So, I ran the fixit, not paying any attention that it was ie.7; after fix it; was prompted to install i.e 8; which I did. Sorry.. it wasn't my plan; just keeping you in the loop. It HAD been IE 8 for months.
Well, now that I'm back to IE 8; the tabs and all are working. (this is so strange.... strange....so strange). No other updates or changes made on my side.

Also a bit strange: I did search, and instead of giving me an option for search pictures/music/video; documentions, ?? it gave me different search criteria. I don't remember seeing search like this... picture attached...<I could be losing my mind> Like the system did a "throw back". I'm also prompted to do some "updates" which I have chosen not to...till your advice is received. Those updates pending are:
Security Update for Jscript 5.8 for Windows XP (KB971961) odd since I have java 6, (confirmed I am Java 6 update 16)
Security Update for Windows XP KB981332
Update for Windows XP kb976662

dw

Attached thumbnail(s)

#10 Gammo

Group: Malware Removal
Posts: 2,299
Joined: 21-December 08

Posted 07 June 2010 - 11:32 AM

Hi,

Quote

Also a bit strange: I did search, and instead of giving me an option for search pictures/music/video; documentions, ?? it gave me different search criteria. I don't remember seeing search like this... picture attached...<I could be losing my mind> Like the system did a "throw back".

I think I've seen this before. I don't know why you get this instead of the usual options, but it's not malware related.

Quote

I'm also prompted to do some "updates" which I have chosen not to...till your advice is received. Those updates pending are:
Security Update for Jscript 5.8 for Windows XP (KB971961) odd since I have java 6, (confirmed I am Java 6 update 16)
Security Update for Windows XP KB981332
Update for Windows XP kb976662

You can update your system after you've completed all steps in this post.
Java and Jscript are two different programs.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (CKXEZ)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-228494952-3277817695-227144936-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your logs appears to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections.

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
SpywareBlaster to help prevent spyware from installing in the first place.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo

#11 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 07 June 2010 - 01:58 PM

Followed your instructions, and glad to see a double check for the group policies by golaxt.dll. Interesting that you said: if I am not having any problems.... because as you recall, I wasn't having any problems; but saw some "symtoms" (2 - dll) that I don't recall loading... and don't know what damage they have done...or what else can be analized. Some observations follow. (PS: Thank you for your generous help to this point... outstanding.)

Interesting: I ran javaRa, removed older version, and did the updates. Then for "grins" rebooted and ran remove old versions again; and again; and again; and each time, the files removed were the same! Does that mean I'm getting bogus information from this javaRA; or that the items removed are just replacing themselves; or that the removal process being noted isn't working?

Also, as an aside, I do know that I continue to use I.E. But you already know my java was current (then regressed as did my outlook, outlook express, and any other application on the computer it seems); run zone alarm; my anti-virus is current; and added to that is spybot. That should be fairly tight, right? Then where did this dll come from; and why am I still getting netflix pop ups... when I have no-one in my safe zone?

All processes killed
========== OTL ==========
Service CKXEZ stopped successfully!
Service CKXEZ deleted successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-228494952-3277817695-227144936-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jody
->Temp folder emptied: 913797 bytes
->Temporary Internet Files folder emptied: 43038207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78248043 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jody
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.5.3 log created on 06072010_110500

Files\Folders moved on Reboot...
C:\Documents and Settings\Jody\Local Settings\Temp\~DF8A31.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT074da.TMP not found!

Registry entries deleted on Reboot...

JavaRa log. The attached picture shows you what I mean better...

JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Mon Jun 07 11:58:54 2010

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_12Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_12Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511002Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150120}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_12Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zipFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zipFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip------------------------------------Finished reporting.JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Mon Jun 07 12:08:13 2010

Found and removed: C:\Documents and Settings\Jody\Application Data\Sun\Java\jre1.6.0_16Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}------------------------------------Finished reporting.JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Mon Jun 07 12:08:47 2010

------------------------------------Finished reporting.JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Mon Jun 07 12:09:37 2010

------------------------------------Finished reporting.JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Mon Jun 07 12:33:27 2010

------------------------------------Finished reporting.

Attached thumbnail(s)

#12 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 07 June 2010 - 02:52 PM

I cannot connect nor print to another computer on my network. This is a shared printer. When I click on the item it says no print spooler is working; but if you check the services it is working.
1) Connecting to a previously working Windows 7 laptop: can't see the shared folder
2) ditto ditto can't connect to the printer that I was print to, just 2 days ago.
(No changes made to the Windows 7 latop.)

This laptop, the one we are working on is working for normal use; but now strange:
- old views like search bring up somethng unfamiliar (start bar > search)
- printers that I used to connect to, saying print server isn't running
- computers that I could see/connect to; can still see, but not connect to.
Could give you pictures... but something is amiss, still.

#13 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 07 June 2010 - 02:59 PM

I am an admin account on my own laptop; I went to view workgroup computers (there should be 5). But instead received this messae:

Workgroup is not acessible. You might not have permissions to use this network resource. Contact the administrator of this server to find out if you have access permissions. The list of servers for this workgroup is not current available.

??? Worked for months, up to yesterday ???

#14 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 07 June 2010 - 03:03 PM

Oops, never mind. Zonealarm was stopping the connection. Remember, every setting/application "regressed." So, even though zonealarm was updated; it had no settings to work with. I'll turn zone-alarmoff; and expect to be prompted to "allow" this connections when I restart it. Imagine these types of issues will continue for weeks. That takes care of printer sharing; but not the JavaRA results.

#15 drwireMORE

Group: Member
Posts: 17
Joined: 27-November 05

Posted 07 June 2010 - 08:08 PM

Getting spooky down here. Because I have an external backup device, I went in and checked system restore settings. Only to find out that some step in this process turned OFF system restore. Which means there are no saved settings, despite a number of our steps creating system restore points. Hummm, you'd think
1) Something changed the system restore on C: (root) to off
2) None of the applications we ran, despite attempting to create system restore points, flagged "no can do."

For grins, how did I discover this...
Well, I went to set the system restore fo 1gb or such, since I have a 160gb disk. Noticed that the slider was greyed out. So, while I was googling why the slide bar would be greyed out, I cleared the X in the top box. Poof... now the slider was there, and I says to myself. What The Heck..... why was system restore turned off. Sometimes the tree blinds you from the forest. But very disappointed that I have no restore points, and none of the apps warned me.

Still I have an issue with the search being very odd...
1) I downloaded and ran SP3 again; hoping it would fix anything that was undone (by me, not you) No Joy.
2) Ran all the updates... but basically nothing signifant, 3 little KBs.
3) And still my search is somehow legacy.... so odd; search; system restore off; more to find.

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Question: found unknown "golaxt.dll" possibly part of a new - Geeks to Go Forums