Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer wont boot after fake anti-spyware removal

Started by bowenr , Dec 25 2010 08:41 PM

  • Please log in to reply

#1
bowenr
Posted 25 December 2010 - 08:41 PM

bowenr

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I have a Toshiba R600 laptop and after a warning that I was infected and I scanned nd removed the threat my computer wont boot. I scanned again and got an infected userint.exe file and still wont reboot. Help! I need this computer for work. I ran OTL scan and got this file.


Thanks!

OTL logfile created on: 12/25/2010 6:23:15 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 123.63 Gb Free Space | 82.95% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (userinit)
SRV - [2010/12/08 18:45:27 | 003,020,888 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/09/27 11:59:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/23 01:49:01 | 001,398,832 | ---- | M] (Altiris, Inc.) [Auto] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2009/04/22 06:17:02 | 000,614,400 | ---- | M] (Altiris, Inc.) [On_Demand] -- C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider)
SRV - [2008/10/14 02:12:36 | 010,412,108 | ---- | M] (Altiris, Inc.) [Auto] -- C:\Program Files\Altiris\AClient\AClient.exe -- (AClient)
SRV - [2008/09/30 19:41:08 | 000,116,664 | ---- | M] (symantec) [Auto] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/09/30 19:41:04 | 001,956,792 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/30 19:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/08/20 17:50:30 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/08/13 00:00:18 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/06/24 20:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/06/24 20:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/09/12 20:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/26 21:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/05 16:38:46 | 001,568,768 | ---- | M] (Matrikon Pty Ltd +61.2.4960.1000 http://www.matrikon.com) [On_Demand] -- C:\Program Files\Matrikon\OPC\ProcessACT\OPCPACT.exe -- (Matrikon OPC Server for ProcessACT)
SRV - [2006/12/07 13:14:54 | 001,024,000 | ---- | M] (OSIsoft, Inc.) [Auto] -- C:\Program Files\PIPC\BIN\pinetmgr.exe -- (pinetmgr)
SRV - [2006/12/07 13:13:36 | 000,905,216 | ---- | M] (OSIsoft, Inc.) [Auto] -- C:\Program Files\PIPC\BIN\pimsgss.exe -- (pimsgss)
SRV - [2006/11/27 14:18:30 | 000,196,608 | ---- | M] (OSIsoft, Inc.) [Auto] -- C:\Program Files\PIPC\BIN\pilogsrv.exe -- (pilogsrv)
SRV - [2006/11/27 14:18:24 | 000,393,216 | ---- | M] (OSIsoft, Inc.) [On_Demand] -- C:\Program Files\PIPC\BIN\bufserv.exe -- (bufserv)
SRV - [2006/01/18 10:04:46 | 000,053,248 | ---- | M] (IBM Corp) [Auto] -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/11/25 11:11:02 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum)
SRV - [2005/05/09 20:14:28 | 000,243,136 | ---- | M] () [On_Demand] -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)
SRV - [2004/09/23 12:37:10 | 001,564,672 | ---- | M] (Matrikon Inc) [On_Demand] -- C:\Program Files\Matrikon\OPC\Simulation\OPCSim.exe -- (Matrikon OPC Server for Simulation and Testing)
SRV - [2004/09/10 09:00:00 | 000,189,536 | ---- | M] (SafeNet, Inc) [Auto] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2002/04/30 17:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto] -- C:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/22 16:18:55 | 000,002,401 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AlKernel.sys -- (AlKernel)
DRV - [2010/12/13 21:53:10 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101222.003\navex15.sys -- (NAVEX15)
DRV - [2010/12/13 21:53:06 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101222.003\naveng.sys -- (NAVENG)
DRV - [2010/09/27 13:30:40 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/25 14:28:02 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/21 17:41:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/22 20:07:12 | 005,915,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/07 08:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/02/13 14:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/09 08:10:48 | 000,037,760 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\vbmab705.sys -- (vbmab705)
DRV - [2008/12/22 16:10:00 | 000,067,072 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CAG_im51.sys -- (Net6IM)
DRV - [2008/12/12 12:33:58 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/10/09 17:16:26 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/08/21 01:46:30 | 000,106,880 | R--- | M] (LSI Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2008/08/20 17:50:02 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/20 17:49:56 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/14 14:52:00 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/08/12 23:23:32 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/08/05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/24 06:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/13 06:42:56 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/06/05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008/05/28 13:31:24 | 000,337,280 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/05/28 13:31:24 | 000,054,656 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2008/04/27 23:14:00 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/04 15:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2007/07/26 21:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/07/24 01:59:12 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/03/26 14:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 18:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 14:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 18:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2006/10/23 21:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/01/04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/04/03 21:36:52 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand] -- C:\Documents and Settings\BowenR\Desktop\vfd\vfd.sys -- (VirtualFD)
DRV - [2004/09/10 09:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/09/10 09:00:00 | 000,027,056 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com


IE - HKU\!ALTSVC.GLOBAL_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecore/
IE - HKU\!ALTSVC.GLOBAL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\!ALTSVC.GLOBAL_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\!smsclientpush_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecore/
IE - HKU\!smsclientpush_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\!smsclientpush_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ""
IE - HKU\!smsclientpush_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ""

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecore/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\BowenR_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://thecore
IE - HKU\BowenR_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKU\BowenR_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\BowenR_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Client_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecore/
IE - HKU\Client_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Metafore_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecore/
IE - HKU\Metafore_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Metafore_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Metafore_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ""


IE - HKU\SmithRO_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecore/
IE - HKU\SmithRO_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\SmithRO_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ""
IE - HKU\SmithRO_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ""


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/29 21:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23B4B578-E99A-4AFE-8779-FC82E3725834}: C:\Documents and Settings\BowenR\Local Settings\Application Data\{23B4B578-E99A-4AFE-8779-FC82E3725834} [2010/12/14 00:07:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/23 15:01:52 | 000,000,979 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\!ALTSVC.GLOBAL_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\BowenR_ON_C\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\BowenR_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\BowenR_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CfgDownload] C:\Program Files\IXOS\IXOS-eCONtext\bin\CfgDownload.exe (IXOS SOFTWARE AG)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SplitView] C:\Program Files\SplitView 2009\SplitScr.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\!ALTSVC.GLOBAL_ON_C..\Run: [SplitScreen] C:\Program Files\SplitView 2009\SplitScr.exe ()
O4 - HKU\.DEFAULT..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
O4 - HKU\BowenR_ON_C..\Run: [Atubexadapeqiko] C:\WINDOWS\Nentwt.DLL ()
O4 - HKU\BowenR_ON_C..\Run: [Canexus Post Login Script] File not found
O4 - HKU\BowenR_ON_C..\Run: [dtpCAwvBpJBC.exe] C:\Documents and Settings\BowenR\Local Settings\Temp\dtpCAwvBpJBC.exe (iWin software)
O4 - HKU\BowenR_ON_C..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\BowenR_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\BowenR_ON_C..\Run: [ykAGlpHBmWgv.exe] C:\Documents and Settings\All Users\Application Data\ykAGlpHBmWgv.exe File not found
O4 - HKU\LocalService_ON_C..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\!ALTSVC.GLOBAL_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\!ALTSVC.GLOBAL_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\!ALTSVC.GLOBAL_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\!ALTSVC.GLOBAL_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\!ALTSVC.GLOBAL_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\!ALTSVC.GLOBAL_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\!ALTSVC.GLOBAL_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\!ALTSVC.GLOBAL_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = msimn.exe
O7 - HKU\!ALTSVC.GLOBAL_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =
O7 - HKU\!smsclientpush_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\!smsclientpush_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\!smsclientpush_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\!smsclientpush_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\!smsclientpush_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\!smsclientpush_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\!smsclientpush_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\!smsclientpush_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\!smsclientpush_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\BowenR_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\BowenR_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\BowenR_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\BowenR_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\BowenR_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\BowenR_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\BowenR_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\BowenR_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\BowenR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\BowenR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\BowenR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\BowenR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\BowenR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\BowenR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\BowenR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\Client_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Client_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Client_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\Client_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\Client_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Client_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\Client_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\Client_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\Client_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Metafore_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Metafore_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Metafore_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\Metafore_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\Metafore_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Metafore_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\Metafore_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\Metafore_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\Metafore_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\SmithRO_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\SmithRO_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\SmithRO_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\SmithRO_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\SmithRO_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\SmithRO_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\SmithRO_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\SmithRO_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\SmithRO_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1272044339437 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://demos.webex....bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.ad
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (cusgina.dll) - C:\WINDOWS\System32\CUSGina.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/05 16:55:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1c9ce5d4-0e53-11de-aa35-d1d19a55b935}\Shell - "" = AutoRun
O33 - MountPoints2\{1c9ce5d4-0e53-11de-aa35-d1d19a55b935}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1c9ce5d4-0e53-11de-aa35-d1d19a55b935}\Shell\AutoRun\command - "" = E:\launcher.exe -- File not found
O33 - MountPoints2\{3a8b2d06-03b3-11e0-94b6-0022fa3c311e}\Shell - "" = AutoRun
O33 - MountPoints2\{3a8b2d06-03b3-11e0-94b6-0022fa3c311e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a8b2d06-03b3-11e0-94b6-0022fa3c311e}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{9a73afba-cfcd-11df-9440-0022fa3c311e}\Shell - "" = AutoRun
O33 - MountPoints2\{9a73afba-cfcd-11df-9440-0022fa3c311e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a73afba-cfcd-11df-9440-0022fa3c311e}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{ef2ddd24-cd74-11df-943a-0022fa3c311e}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{f972a8ff-ca4a-11df-942c-0022fa3c311e}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/24 22:28:09 | 008,582,536 | ---- | C] (Mozilla) -- C:\Documents and Settings\BowenR\Desktop\Firefox Setup 3.6.13.exe
[2010/12/24 22:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2010/12/24 14:19:02 | 000,000,000 | ---D | C] -- C:\a1724a53d8e721c9b56b
[2010/12/24 13:33:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BowenR\Recent
[2010/12/22 14:58:26 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\BowenR\Desktop\IE7-WindowsXP-x86-enu.exe
[2010/12/21 02:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BowenR\Application Data\Malwarebytes
[2010/12/21 02:16:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/21 02:16:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/21 02:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/21 02:16:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BowenR\Desktop\TFC.exe
[2010/12/21 02:14:15 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\BowenR\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/21 00:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/12/21 00:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/12/19 17:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/12/18 10:36:44 | 000,000,000 | ---D | C] -- C:\ads
[2010/12/17 00:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BowenR\Local Settings\Application Data\Mozilla
[2010/12/16 17:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/12/16 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/12/16 12:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/12/16 12:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/15 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/15 01:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/12/15 01:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/14 00:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BowenR\Local Settings\Application Data\{23B4B578-E99A-4AFE-8779-FC82E3725834}
[2010/12/14 00:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/14 00:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/13 23:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BowenR\Application Data\3CF49942F73F4F8F79FC0FD631C30944
[2010/12/08 16:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Uconeer
[2010/11/25 18:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BowenR\Desktop\Physics
[2010/09/25 14:16:02 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2010/09/25 14:16:02 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2010/09/25 14:16:01 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2010/09/25 14:16:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx

========== Files - Modified Within 30 Days ==========

[2010/12/24 22:28:25 | 000,001,438 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\FREE MUSIC.lnk
[2010/12/24 22:28:25 | 000,001,344 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\Press to smile.lnk
[2010/12/24 22:28:23 | 008,582,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\BowenR\Desktop\Firefox Setup 3.6.13.exe
[2010/12/24 22:27:13 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1818127703-1673859529-518595180-172047.job
[2010/12/24 22:27:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1818127703-1673859529-518595180-172047.job
[2010/12/24 22:25:06 | 000,001,447 | ---- | M] () -- C:\AClient.cfg
[2010/12/24 22:25:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/24 22:22:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/24 22:21:44 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\wwxcbzci.job
[2010/12/24 22:20:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/24 14:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/22 17:07:29 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\BowenR\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook 2003.lnk
[2010/12/22 17:05:57 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\Backup Outlook Personal Folders (PST).lnk
[2010/12/22 16:18:55 | 000,002,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2010/12/22 14:58:26 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\BowenR\Desktop\IE7-WindowsXP-x86-enu.exe
[2010/12/21 21:59:59 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/12/21 21:39:16 | 272,221,528 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\501_b084_multilanguage.exe
[2010/12/21 11:51:16 | 000,000,071 | ---- | M] () -- C:\WINDOWS\PIPC.INI
[2010/12/21 11:27:50 | 003,309,568 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\800xATags.doc
[2010/12/21 02:15:42 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BowenR\Desktop\TFC.exe
[2010/12/21 02:13:46 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\BowenR\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/19 21:22:43 | 000,000,510 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/12/19 04:07:38 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\BowenR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 10:36:56 | 005,469,250 | ---- | M] () -- C:\u9iavi3324u3069bm.bin
[2010/12/18 10:36:52 | 000,003,691 | ---- | M] () -- C:\avg9infolx.ctf
[2010/12/18 10:36:52 | 000,003,503 | ---- | M] () -- C:\avg9infoavi.ctf
[2010/12/15 19:07:36 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xhuna.dat
[2010/12/15 19:06:20 | 000,074,770 | RHS- | M] () -- C:\Documents and Settings\BowenR\ntuser.pol
[2010/12/15 09:32:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bzekihajile.bin
[2010/12/15 01:05:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/12/12 16:48:01 | 007,614,464 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\ica32web.msi
[2010/12/09 19:59:51 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\BowenR\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/09 11:44:33 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\Chattering Alarms 08-Dec-2010.XLS
[2010/12/09 02:02:30 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\eight_meg.test
[2010/12/08 16:49:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\Uconeer.lnk
[2010/12/08 16:49:27 | 000,519,618 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\uconeer.zip
[2010/12/07 15:20:32 | 000,024,950 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\email - DeviceNet use on Critical Pumps.pdf
[2010/12/05 17:54:10 | 000,003,990 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\November 2010.csv
[2010/12/05 17:53:38 | 000,004,114 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\October2010.csv
[2010/12/01 15:33:49 | 000,020,143 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\Andritz Automation Invoice 33679.pdf
[2010/11/29 20:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 20:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 13:23:28 | 005,518,028 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\P_I_D_1848162421.rar
[2010/11/29 11:57:37 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\Chattering Alarms 29-Nov-2010.XLS
[2010/11/29 02:29:01 | 000,086,441 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\autpro invoice 8-15Nov 2010.TIF
[2010/11/26 01:10:40 | 000,274,432 | ---- | M] () -- C:\Documents and Settings\BowenR\Desktop\Calc downtime June 2006.xls

========== Files Created - No Company Name ==========

[2010/12/24 22:28:25 | 000,001,438 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\FREE MUSIC.lnk
[2010/12/24 22:28:25 | 000,001,344 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\Press to smile.lnk
[2010/12/24 22:27:12 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1818127703-1673859529-518595180-172047.job
[2010/12/21 21:38:56 | 272,221,528 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\501_b084_multilanguage.exe
[2010/12/21 19:33:32 | 000,001,227 | ---- | C] () -- C:\Documents and Settings\BowenR\Application Data\BBMS_EXCEPTION.txt
[2010/12/21 11:27:55 | 003,309,568 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\800xATags.doc
[2010/12/18 10:36:55 | 005,469,250 | ---- | C] () -- C:\u9iavi3324u3069bm.bin
[2010/12/18 10:36:52 | 000,003,691 | ---- | C] () -- C:\avg9infolx.ctf
[2010/12/18 10:36:52 | 000,003,503 | ---- | C] () -- C:\avg9infoavi.ctf
[2010/12/16 12:57:12 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/16 12:57:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/15 01:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/12/14 00:07:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xhuna.dat
[2010/12/14 00:07:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzekihajile.bin
[2010/12/13 23:52:57 | 000,000,302 | -HS- | C] () -- C:\WINDOWS\tasks\wwxcbzci.job
[2010/12/12 16:47:45 | 007,614,464 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\ica32web.msi
[2010/12/09 11:45:04 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\Chattering Alarms 08-Dec-2010.XLS
[2010/12/09 02:02:20 | 008,388,608 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\eight_meg.test
[2010/12/08 16:49:53 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\Uconeer.lnk
[2010/12/08 16:49:26 | 000,519,618 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\uconeer.zip
[2010/12/07 15:20:30 | 000,024,950 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\email - DeviceNet use on Critical Pumps.pdf
[2010/12/05 17:54:10 | 000,003,990 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\November 2010.csv
[2010/12/05 17:53:37 | 000,004,114 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\October2010.csv
[2010/12/03 11:48:18 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\BowenR\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook 2003.lnk
[2010/12/01 15:33:49 | 000,020,143 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\Andritz Automation Invoice 33679.pdf
[2010/11/29 13:26:10 | 009,356,152 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\HANDBOOK OF PI AND PID CONTROLLER TUNING RULES_ Aidan O'Dwyer_3rd edition, 1848162421.pdf
[2010/11/29 13:23:25 | 005,518,028 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\P_I_D_1848162421.rar
[2010/11/29 11:57:59 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\Chattering Alarms 29-Nov-2010.XLS
[2010/11/29 02:29:00 | 000,086,441 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\autpro invoice 8-15Nov 2010.TIF
[2010/11/26 02:27:38 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\A51 Precip Interstage Cooling Impr.doc
[2010/11/26 02:04:51 | 002,826,470 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\Emerson_ControlValve_HBook.pdf
[2010/11/26 01:10:40 | 000,274,432 | ---- | C] () -- C:\Documents and Settings\BowenR\Desktop\Calc downtime June 2006.xls
[2010/11/24 03:28:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BowenR\Local Settings\Application Data\housecall.guid.cache
[2010/11/12 23:01:41 | 000,000,693 | ---- | C] () -- C:\WINDOWS\Procbook.INI
[2010/11/08 19:51:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2010/10/15 17:05:35 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EvMoveW.INI
[2010/10/15 17:05:01 | 000,000,031 | ---- | C] () -- C:\WINDOWS\RESET.INI
[2010/10/15 16:33:16 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EVMOVE.INI
[2010/09/30 12:44:04 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\BowenR\g2mdlhlpx.exe
[2010/09/27 20:12:52 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\BowenR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 18:23:50 | 000,018,034 | RHS- | C] () -- C:\Documents and Settings\!ALTSVC.GLOBAL\ntuser.pol
[2010/09/27 11:32:08 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PIPC.INI
[2010/09/27 10:02:43 | 000,074,770 | RHS- | C] () -- C:\Documents and Settings\BowenR\ntuser.pol
[2010/09/25 14:38:14 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/09/25 14:33:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BowenR\Application Data\monFDE.log
[2010/09/25 14:33:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\!smsclientpush\Application Data\monFDE.log
[2010/09/25 14:33:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SmithRO\Application Data\monFDE.log
[2010/09/25 14:33:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Metafore\Application Data\monFDE.log
[2010/09/25 14:18:15 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini
[2010/09/25 14:16:14 | 000,005,003 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2010/09/25 14:16:14 | 000,000,200 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2010/09/25 14:16:01 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2010/09/25 14:16:01 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2010/09/25 14:13:14 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2010/09/25 14:13:14 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2010/09/25 14:13:14 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2010/09/25 14:13:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2010/09/25 14:13:13 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2010/09/25 14:12:40 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2010/09/25 14:11:24 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/09/25 14:05:26 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/25 13:49:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\!ALTSVC.GLOBAL\Application Data\monFDE.log
[2010/09/25 13:49:44 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2009/09/30 16:09:49 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/30 16:09:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/09/30 10:19:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\monFDE.log
[2009/06/01 18:09:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/01 17:59:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\monFDE.log
[2009/03/11 10:41:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Client\Application Data\monFDE.log
[2009/03/04 20:08:49 | 000,004,322 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/12 16:40:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2008/04/14 14:00:00 | 000,900,944 | ---- | C] () -- C:\WINDOWS\System32\msfimyze.dll
[2008/04/14 14:00:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\Nentwt.dll
[2008/04/14 14:00:00 | 000,037,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbmab705.sys
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/27 11:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\!ALTSVC.GLOBAL\Application Data\Autodesk
[2010/09/25 14:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\!ALTSVC.GLOBAL\Application Data\Xerox
[2010/12/14 23:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\3CF49942F73F4F8F79FC0FD631C30944
[2010/10/07 15:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\Autodesk
[2010/10/04 12:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\GMCL
[2010/12/12 16:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\ICAClient
[2010/09/25 14:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\OpenOffice.org
[2010/11/12 23:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\PISystem
[2010/12/21 19:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\Research In Motion
[2010/11/18 15:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\Thunderbird
[2010/09/27 22:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\TOSHIBA
[2010/10/09 16:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\UDC Profiles
[2010/10/17 16:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\vShare
[2010/10/14 16:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\webex
[2010/09/27 10:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BowenR\Application Data\Xerox
[2010/12/24 22:21:44 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\wwxcbzci.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/04/14 14:00:00 | 000,308,736 | ---- | M] ()(C:\WINDOWS\System32\us?rinit_exe_1293292505.arl) -- C:\WINDOWS\System32\usеrinit_exe_1293292505.arl
[2008/04/14 14:00:00 | 000,308,736 | ---- | C] ()(C:\WINDOWS\System32\us?rinit_exe_1293292505.arl) -- C:\WINDOWS\System32\usеrinit_exe_1293292505.arl
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP