Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System32\gezazomi.dll not valid image error and browser redirects

Started by Snow1981 , May 13 2011 02:34 PM

  • This topic is locked This topic is locked

#1
Snow1981
Posted 13 May 2011 - 02:34 PM

Snow1981

    Member

  • Member
  • PipPip
  • 20 posts
I have been getting Bad Image errors every time I open a new program. When I click OK the program opens as normal. This happens frequently during system startup. Internet Explorer 8 is also redirecting me to various websites after I click on a search engine link. I have also noticed that Windows update will not complete required updates. I use AVG Antivirus Free Edition 2010. I have run Malwarebytes Anti Malware. It detects infections, but has not been able to fix them yet. I have also run scans with SpyBot. I have had this computer "fixed" twice before, one time the computer would not even boot. These problems always seem to return. I would greatly apprecieate any help in removing these problems. Below is the OTL Quick Scan log.

OTL logfile created on: 5/13/2011 3:13:21 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Eagle Panel Systems\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 67.52 Gb Free Space | 45.33% Space Free | Partition Type: NTFS
Drive Q: | 38.34 Gb Total Space | 36.76 Gb Free Space | 95.88% Space Free | Partition Type: NTFS

Computer Name: NORTH | User Name: Eagle Panel Systems | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 15:10:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/15 22:27:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/03/15 22:27:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2004/06/04 06:14:40 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe
PRC - [2004/06/04 05:58:22 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 15:10:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DataSvr2)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/11/09 18:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/28 14:14:35 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel®
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004/02/20 14:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [Disabled | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/05/01 14:09:32 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/20 22:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/09 15:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://kotaku.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\extensions\\{30263052-9356-41BB-8251-D4AD4B663270}: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\{30263052-9356-41BB-8251-D4AD4B663270} [2010/11/30 15:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:02:11 | 000,000,000 | ---D | M]

[2006/10/31 16:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Mozilla\Firefox\Profiles\lseu0r1k.default\extensions

O1 HOSTS File: ([2011/03/28 16:31:57 | 000,431,384 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14850 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - HKCU..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} https://favorites.li...?v=13,0,1609,00 (FavImport Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.n...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/...msi.1.0.0.9.cab (CPlayFirstmsiControl Object)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...3/uploader2.cab (UploadListView Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://labcast.dynam...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114w.bay114...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://joeysnow24.sp...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/...me/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} https://offers.e-cen...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view...View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...ersion=1,0,0,10 (AstoundLauncher Control)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CCBDF033-DD85-45FD-AE68-FBC4A7C7C154} http://viewer.networ...ravaClientX.cab (BravaClientXView Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/...sh.1.0.0.94.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.41.107.45
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (gezazomi.dll) - C:\WINDOWS\System32\GEZAZOMI.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/03 10:36:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/11/29 12:03:07 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/11 11:42:07 | 000,000,047 | ---- | M] () - Q:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell - "" = AutoRun
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{6232fd08-43f0-11df-9e06-0013722a98b3}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell - "" = AutoRun
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 15:10:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
[2011/05/12 11:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/01/15 12:54:17 | 005,360,925 | ---- | C] (Console Classix ) -- C:\Documents and Settings\Eagle Panel Systems\Application Data\consoleclassixsetup.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[38 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/13 15:12:08 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AA0897D3-CE67-4F04-96DB-2D6AD101B270}.job
[2011/05/13 15:10:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
[2011/05/13 15:10:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/13 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/05/13 10:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/05/13 09:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/05/13 08:57:28 | 114,929,055 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/13 08:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/05/13 08:10:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 07:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/05/13 06:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/05/13 05:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/05/13 05:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/05/13 04:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/05/13 03:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/05/13 02:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/05/13 01:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/05/13 00:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/05/12 23:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/05/12 23:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/05/12 22:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/05/12 21:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/05/12 20:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/05/12 19:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/05/12 18:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/05/12 17:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/05/12 17:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/05/12 16:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/05/12 15:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/05/12 14:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/05/12 13:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/05/12 12:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/05/12 11:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/05/12 11:14:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/12 11:06:12 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 11:05:42 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/05/12 11:04:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/11 09:02:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/09 17:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/02 11:28:32 | 000,062,391 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\Panels Model (1).pdf
[2011/04/29 14:42:00 | 002,854,325 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\PFS 09-149 Rpt Complete 080210.pdf
[2011/04/29 09:37:29 | 000,014,667 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\202205.pdf
[2011/04/27 09:34:16 | 006,655,890 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\6 Span Charts.PDF
[2011/04/18 13:07:52 | 000,862,828 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\TF-10082.pdf
[2011/04/15 12:38:59 | 523,197,673 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\VA Hospital.zip
[2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/04/14 10:31:54 | 000,014,621 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\202217.pdf
[2011/04/14 08:20:07 | 000,532,300 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/14 08:20:07 | 000,109,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/14 03:33:24 | 000,382,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 03:13:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[38 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 15:07:33 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/02 11:28:32 | 000,062,391 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\Panels Model (1).pdf
[2011/04/29 14:42:00 | 002,854,325 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\PFS 09-149 Rpt Complete 080210.pdf
[2011/04/29 09:37:29 | 000,014,667 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\202205.pdf
[2011/04/27 09:24:30 | 006,655,890 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\6 Span Charts.PDF
[2011/04/18 13:07:52 | 000,862,828 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\TF-10082.pdf
[2011/04/15 12:38:59 | 523,197,673 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\VA Hospital.zip
[2011/04/14 10:31:54 | 000,014,621 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\202217.pdf
[2011/02/09 09:37:10 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011/01/28 09:07:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\GEZAZOMI.DLL
[2010/12/15 13:34:57 | 000,150,921 | ---- | C] () -- C:\WINDOWS\hpwins11.dat
[2010/12/15 13:34:57 | 000,000,522 | ---- | C] () -- C:\WINDOWS\hpwmdl11.dat
[2010/11/30 16:05:25 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\completescan
[2010/11/30 15:57:46 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\install
[2010/11/30 15:51:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gxicivu.dat
[2010/11/30 15:51:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twijuwule.bin
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/09/24 08:44:59 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2010/08/25 16:37:34 | 002,137,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/15 09:13:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010/04/08 14:45:52 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/19 12:57:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/14 15:48:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/14 15:28:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/14 15:08:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/10/28 07:52:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2009/08/21 12:49:39 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\freeIs.cab
[2009/08/21 12:49:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\freekL.cab
[2009/08/13 14:07:23 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\abeyH6.cab
[2009/08/13 14:07:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\csmoY1.cab
[2009/08/11 11:23:00 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\axyuF7.cab
[2009/08/11 11:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\tquiJ1.cab
[2009/08/11 10:20:04 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D6.cab
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/23 08:54:41 | 000,002,462 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D4.cab
[2009/07/23 08:54:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D5.cab
[2009/07/06 14:27:17 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\PnkBstrK.sys
[2009/06/25 15:23:41 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/06/25 15:23:04 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2009/06/12 15:12:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/09/08 14:14:49 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2008/09/08 13:48:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/06/14 16:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Swat.INI
[2007/06/14 15:45:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\VIDX16.DLL
[2007/06/14 15:45:18 | 000,000,480 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/06/14 15:45:17 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007/03/13 10:45:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/26 11:33:36 | 000,006,690 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\ExportFile2.csv.8590828.xml
[2007/01/26 11:33:35 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\BCMMappings.xml
[2007/01/17 09:21:06 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/29 12:03:07 | 000,001,196 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006/11/28 16:56:43 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2006/11/28 09:12:27 | 000,000,851 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/11/28 09:12:00 | 000,000,347 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dat
[2006/11/27 16:14:26 | 000,000,397 | R--- | C] () -- C:\WINDOWS\hpw9800k.ini
[2006/11/27 16:13:09 | 000,000,582 | ---- | C] () -- C:\WINDOWS\hpdj9800.ini
[2006/11/27 16:12:58 | 000,001,487 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2006/10/31 16:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/12 16:10:24 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/12 16:05:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/09/12 13:08:53 | 000,000,409 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2006/09/12 10:13:19 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2006/09/12 10:13:19 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2006/09/12 10:10:57 | 000,001,832 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2006/09/12 10:10:47 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbtih.exe
[2006/09/12 10:10:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2006/09/12 10:10:41 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2006/09/12 08:15:48 | 000,009,333 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Comma Separated Values (DOS).EML
[2006/09/11 17:56:50 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\LEADDIB.DRV
[2006/09/11 17:56:49 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2006/09/11 17:43:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/09/11 17:43:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2006/09/11 17:26:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/09/11 16:56:45 | 000,000,126 | R--- | C] () -- C:\WINDOWS\hpw9600k.ini
[2006/09/11 16:56:44 | 000,102,400 | R--- | C] () -- C:\WINDOWS\scrub2k.exe
[2006/09/11 16:55:35 | 000,006,277 | ---- | C] () -- C:\WINDOWS\hpdj9600.ini
[2006/09/11 16:52:11 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\fusioncache.dat
[2006/09/02 11:46:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/02 11:41:23 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/02 11:39:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/02 11:15:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/02 11:15:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/02 11:14:46 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/04/18 16:13:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/03/17 14:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/17 14:16:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/03/17 14:16:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/17 14:16:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/03/17 14:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/17 14:16:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/17 14:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/17 14:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/03/17 14:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/03/17 14:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/12/01 14:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,382,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:28 | 000,532,300 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,109,316 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/18 18:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2003/04/08 13:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/04 13:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1997/01/20 21:19:42 | 000,258,048 | ---- | C] () -- C:\Program Files\REGISTER.EXE
[1997/01/20 21:19:38 | 000,000,212 | ---- | C] () -- C:\Program Files\PRODUCT.INI

========== LOP Check ==========

[2011/03/03 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/12/10 14:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 08:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/18 09:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/01/10 15:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/04/11 09:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/12/21 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2006/11/29 12:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/11/29 12:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/06/12 11:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2010/10/21 11:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/02/03 16:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/08/28 14:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/06/12 15:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/01/21 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/10/21 11:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/26 08:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\View22
[2006/09/02 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/03/03 09:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/15 08:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 08:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/12/06 14:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Acoustica
[2006/09/20 09:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Atari
[2011/03/03 11:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Autodesk
[2010/10/18 09:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\AVG10
[2007/03/29 14:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2006/09/26 09:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Downloaded Installations
[2006/10/27 13:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Empire XP
[2008/09/08 14:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\GarageGames
[2009/09/03 16:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\GetRightToGo
[2008/09/08 14:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Independent
[2007/01/31 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\KlipFolio
[2006/09/11 18:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Leadertech
[2006/11/16 11:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Netscape
[2008/12/22 13:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\OpenOffice.org
[2007/01/10 15:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Opera
[2008/09/08 13:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Phillip O'Shea
[2010/10/21 11:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\PlayFirst
[2010/09/07 14:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Raptr
[2011/03/28 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Safer Networking
[2008/01/02 15:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Snapfish
[2008/08/25 13:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\StoneTrip
[2009/11/25 10:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Uniblue
[2006/09/12 10:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Video DVD Maker FREE
[2008/04/30 15:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Windows Live Writer
[2009/11/03 17:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Xilisoft Corporation
[2011/05/13 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/05/12 17:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/05/12 23:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/05/13 05:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/05/11 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/13 00:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/05/13 10:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/05/13 09:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/05/12 12:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/05/12 11:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/05/12 14:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/05/12 13:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/05/12 16:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/05/12 15:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/05/12 17:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/05/12 18:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/05/13 02:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/05/12 20:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/05/12 19:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/05/12 22:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/05/12 21:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/05/12 23:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/05/13 01:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/05/13 04:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/05/13 03:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/05/13 06:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/05/13 05:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/05/13 08:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/05/13 07:17:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/05/13 15:12:08 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AA0897D3-CE67-4F04-96DB-2D6AD101B270}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8

< End of report >



OTL Extras logfile created on: 5/13/2011 3:13:21 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Eagle Panel Systems\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 67.52 Gb Free Space | 45.33% Space Free | Partition Type: NTFS
Drive Q: | 38.34 Gb Total Space | 36.76 Gb Free Space | 95.88% Space Free | Partition Type: NTFS

Computer Name: NORTH | User Name: Eagle Panel Systems | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"57858:TCP" = 57858:TCP:*:Enabled:Pando Media Booster
"57858:UDP" = 57858:UDP:*:Enabled:Pando Media Booster
"56865:TCP" = 56865:TCP:*:Enabled:Pando Media Booster
"56865:UDP" = 56865:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"57858:TCP" = 57858:TCP:*:Enabled:Pando Media Booster
"57858:UDP" = 57858:UDP:*:Enabled:Pando Media Booster
"56865:TCP" = 56865:TCP:*:Enabled:Pando Media Booster
"56865:UDP" = 56865:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
"C:\Program Files\Left Behind Games\Eternal Forces Beta Demo\Client.exe" = C:\Program Files\Left Behind Games\Eternal Forces Beta Demo\Client.exe:*:Enabled:Client
"C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe" = C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe:*:Enabled:Toolbox for HP Printing System for Windows
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\NeverwinterNights\NWN\nwserver.exe" = C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe" = C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe:*:Enabled:Tinker -- (Microsoft Corporation)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client -- ()
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054C3038-FFAC-446D-9682-E25891DC2E05}" = QuickBooks Product Listing Service
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C643154-0ADF-4B4C-AF17-E315C946A54B}" = MotoConnect
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{42818C20-762F-4958-9791-CDB459B81382}" = Preboot Manager
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-5004-0409-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2007
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{584109EB-CEA0-4954-804B-211000018301}" = Tinker
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}" = Bing Bar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E545666-F436-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Mfg and Whsle Edition 2007
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A580547F-4FB6-433E-A595-21CAA858C556}" = Microsoft Office Live Small Business Image Uploader
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}" = Atmel TPM Driver Installer 3.0.3.15
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE33EC58-5DFB-4560-9D33-1E7942E0554F}" = HP Deskjet 9800
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AVG" = AVG 2011
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.9
"DWG TrueView 2011" = DWG TrueView 2011
"Episode 1" = Back to the Future The Game - Episode 1
"Fallen" = unInstall Fallen Haven Demo
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"hp Deskjet 9800 series" = HP Deskjet 9800 Series
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Lexmark 5200 Series" = Lexmark 5200 Series
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Star Wars Knights of the Old Republic" = Star Wars Knights of the Old Republic
"SystemRequirementsLab" = System Requirements Lab
"TripMaker" = Rand McNally TripMaker Deluxe
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2011 4:00:31 AM | Computer Name = NORTH | Source = NativeWrapper | ID = 5000
Description =

Error - 5/11/2011 4:00:42 AM | Computer Name = NORTH | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 5/11/2011 4:00:42 AM | Computer Name = NORTH | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 5/11/2011 4:00:43 AM | Computer Name = NORTH | Source = NativeWrapper | ID = 5000
Description =

Error - 5/11/2011 5:34:28 PM | Computer Name = NORTH | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 5/11/2011 5:34:28 PM | Computer Name = NORTH | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 5/11/2011 5:34:29 PM | Computer Name = NORTH | Source = NativeWrapper | ID = 5000
Description =

Error - 5/13/2011 4:00:29 AM | Computer Name = NORTH | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 5/13/2011 4:00:29 AM | Computer Name = NORTH | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 5/13/2011 4:00:30 AM | Computer Name = NORTH | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 5/11/2011 4:05:56 AM | Computer Name = NORTH | Source = NtServicePack | ID = 921877
Description = Windows XP KB2443105 installation failed. Not enough storage is available
to process this command.

Error - 5/11/2011 4:06:28 AM | Computer Name = NORTH | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070008: Security Update for Windows XP (KB2443105).

Error - 5/11/2011 5:34:30 PM | Computer Name = NORTH | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).

Error - 5/11/2011 5:35:03 PM | Computer Name = NORTH | Source = NtServicePack | ID = 921877
Description = Windows XP KB2443105 installation failed. Not enough storage is available
to process this command.

Error - 5/11/2011 5:35:03 PM | Computer Name = NORTH | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070008: Security Update for Windows XP (KB2443105).

Error - 5/12/2011 12:05:06 PM | Computer Name = NORTH | Source = Service Control Manager | ID = 7000
Description = The DataSvr2 service failed to start due to the following error: %%2

Error - 5/12/2011 12:05:50 PM | Computer Name = NORTH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/13/2011 4:00:35 AM | Computer Name = NORTH | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).

Error - 5/13/2011 4:01:03 AM | Computer Name = NORTH | Source = NtServicePack | ID = 921877
Description = Windows XP KB2443105 installation failed. Not enough storage is available
to process this command.

Error - 5/13/2011 4:01:41 AM | Computer Name = NORTH | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070008: Security Update for Windows XP (KB2443105).


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 13 May 2011 - 02:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me know if the errors are still present after this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 1
    O20 - AppInit_DLLs: (gezazomi.dll) - C:\WINDOWS\System32\GEZAZOMI.DLL ()
    [2011/01/28 09:07:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\GEZAZOMI.DLL
    [2010/11/30 15:51:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gxicivu.dat
    [2010/11/30 15:51:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twijuwule.bin
    [2010/01/14 15:48:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
    [2010/01/14 15:28:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
    [2010/01/14 15:08:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Snow1981
Posted 16 May 2011 - 07:49 AM

Snow1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you. My computer started after reboot without any errors. Below is the OTL scan after the fix. I will run the other scan and post it when finished. I really can't thank you enough.

OTL logfile created on: 5/16/2011 8:38:48 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Eagle Panel Systems\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 69.01 Gb Free Space | 46.32% Space Free | Partition Type: NTFS
Drive Q: | 38.34 Gb Total Space | 36.76 Gb Free Space | 95.88% Space Free | Partition Type: NTFS

Computer Name: NORTH | User Name: Eagle Panel Systems | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 08:22:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/15 22:27:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/03/15 22:27:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/15 02:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2004/06/04 06:14:40 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe
PRC - [2004/06/04 05:58:22 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 08:22:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DataSvr2)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/11/09 18:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/28 14:14:35 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel®
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004/02/20 14:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [Disabled | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/05/01 14:09:32 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/20 22:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/09 15:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://kotaku.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""


FF - HKLM\software\mozilla\Firefox\extensions\\{30263052-9356-41BB-8251-D4AD4B663270}: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\{30263052-9356-41BB-8251-D4AD4B663270} [2010/11/30 15:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:02:11 | 000,000,000 | ---D | M]

[2006/10/31 16:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Mozilla\Firefox\Profiles\lseu0r1k.default\extensions

O1 HOSTS File: ([2011/05/16 08:23:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} https://favorites.li...?v=13,0,1609,00 (FavImport Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.n...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/...msi.1.0.0.9.cab (CPlayFirstmsiControl Object)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...3/uploader2.cab (UploadListView Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://labcast.dynam...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114w.bay114...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://joeysnow24.sp...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/...me/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} https://offers.e-cen...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view...View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...ersion=1,0,0,10 (AstoundLauncher Control)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CCBDF033-DD85-45FD-AE68-FBC4A7C7C154} http://viewer.networ...ravaClientX.cab (BravaClientXView Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/...sh.1.0.0.94.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.41.107.45
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/03 10:36:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/11/29 12:03:07 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/11 11:42:07 | 000,000,047 | ---- | M] () - Q:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell - "" = AutoRun
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{6232fd08-43f0-11df-9e06-0013722a98b3}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell - "" = AutoRun
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 08:39:38 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\aswMBR.exe
[2011/05/16 08:22:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
[2011/05/16 08:16:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2008/01/15 12:54:17 | 005,360,925 | ---- | C] (Console Classix ) -- C:\Documents and Settings\Eagle Panel Systems\Application Data\consoleclassixsetup.exe

========== Files - Modified Within 30 Days ==========

[2011/05/16 08:41:15 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AA0897D3-CE67-4F04-96DB-2D6AD101B270}.job
[2011/05/16 08:39:38 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\aswMBR.exe
[2011/05/16 08:36:01 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 08:35:40 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/05/16 08:35:03 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 08:34:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 08:32:21 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/16 08:23:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/16 08:22:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
[2011/05/16 08:12:52 | 115,162,303 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/16 08:10:22 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/13 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/05/13 05:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/05/12 23:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/05/12 17:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/05/12 11:14:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/11 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/11 09:02:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/09 17:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/02 11:28:32 | 000,062,391 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\Panels Model (1).pdf
[2011/04/29 14:42:00 | 002,854,325 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\PFS 09-149 Rpt Complete 080210.pdf
[2011/04/29 09:37:29 | 000,014,667 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\202205.pdf
[2011/04/27 09:34:16 | 006,655,890 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\6 Span Charts.PDF
[2011/04/18 13:07:52 | 000,862,828 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\TF-10082.pdf

========== Files Created - No Company Name ==========

[2011/05/16 08:32:21 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/02 11:28:32 | 000,062,391 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\Panels Model (1).pdf
[2011/04/29 14:42:00 | 002,854,325 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\PFS 09-149 Rpt Complete 080210.pdf
[2011/04/29 09:37:29 | 000,014,667 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\202205.pdf
[2011/04/27 09:24:30 | 006,655,890 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\6 Span Charts.PDF
[2011/04/18 13:07:52 | 000,862,828 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\TF-10082.pdf
[2011/02/09 09:37:10 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/12/15 13:34:57 | 000,150,921 | ---- | C] () -- C:\WINDOWS\hpwins11.dat
[2010/12/15 13:34:57 | 000,000,522 | ---- | C] () -- C:\WINDOWS\hpwmdl11.dat
[2010/11/30 16:05:25 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\completescan
[2010/11/30 15:57:46 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\install
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/09/24 08:44:59 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2010/08/25 16:37:34 | 002,137,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/15 09:13:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010/04/08 14:45:52 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/19 12:57:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/28 07:52:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2009/08/21 12:49:39 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\freeIs.cab
[2009/08/21 12:49:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\freekL.cab
[2009/08/13 14:07:23 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\abeyH6.cab
[2009/08/13 14:07:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\csmoY1.cab
[2009/08/11 11:23:00 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\axyuF7.cab
[2009/08/11 11:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\tquiJ1.cab
[2009/08/11 10:20:04 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D6.cab
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/23 08:54:41 | 000,002,462 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D4.cab
[2009/07/23 08:54:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D5.cab
[2009/07/06 14:27:17 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\PnkBstrK.sys
[2009/06/25 15:23:41 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/06/25 15:23:04 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2009/06/12 15:12:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/09/08 14:14:49 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2008/09/08 13:48:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/06/14 16:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Swat.INI
[2007/06/14 15:45:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\VIDX16.DLL
[2007/06/14 15:45:18 | 000,000,480 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/06/14 15:45:17 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007/03/13 10:45:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/26 11:33:36 | 000,006,690 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\ExportFile2.csv.8590828.xml
[2007/01/26 11:33:35 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\BCMMappings.xml
[2007/01/17 09:21:06 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/29 12:03:07 | 000,001,196 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006/11/28 16:56:43 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2006/11/28 09:12:27 | 000,000,851 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/11/28 09:12:00 | 000,000,347 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dat
[2006/11/27 16:14:26 | 000,000,397 | R--- | C] () -- C:\WINDOWS\hpw9800k.ini
[2006/11/27 16:13:09 | 000,000,582 | ---- | C] () -- C:\WINDOWS\hpdj9800.ini
[2006/11/27 16:12:58 | 000,001,487 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2006/10/31 16:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/12 16:10:24 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/12 16:05:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/09/12 13:08:53 | 000,000,409 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2006/09/12 10:13:19 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2006/09/12 10:13:19 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2006/09/12 10:10:57 | 000,001,832 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2006/09/12 10:10:47 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbtih.exe
[2006/09/12 10:10:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2006/09/12 10:10:41 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2006/09/12 08:15:48 | 000,009,333 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Comma Separated Values (DOS).EML
[2006/09/11 17:56:50 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\LEADDIB.DRV
[2006/09/11 17:56:49 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2006/09/11 17:43:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/09/11 17:43:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2006/09/11 17:26:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/09/11 16:56:45 | 000,000,126 | R--- | C] () -- C:\WINDOWS\hpw9600k.ini
[2006/09/11 16:56:44 | 000,102,400 | R--- | C] () -- C:\WINDOWS\scrub2k.exe
[2006/09/11 16:55:35 | 000,006,277 | ---- | C] () -- C:\WINDOWS\hpdj9600.ini
[2006/09/11 16:52:11 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\fusioncache.dat
[2006/09/02 11:46:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/02 11:41:23 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/02 11:39:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/02 11:15:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/02 11:15:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/02 11:14:46 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/04/18 16:13:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/03/17 14:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/17 14:16:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/03/17 14:16:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/17 14:16:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/03/17 14:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/17 14:16:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/17 14:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/17 14:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/03/17 14:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/03/17 14:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/12/01 14:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,382,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:28 | 000,532,300 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,109,316 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/18 18:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2003/04/08 13:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/04 13:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1997/01/20 21:19:42 | 000,258,048 | ---- | C] () -- C:\Program Files\REGISTER.EXE
[1997/01/20 21:19:38 | 000,000,212 | ---- | C] () -- C:\Program Files\PRODUCT.INI

========== LOP Check ==========

[2011/03/03 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/12/10 14:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 08:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/18 09:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/01/10 15:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/04/11 09:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/12/21 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2006/11/29 12:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/11/29 12:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/06/12 11:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2010/10/21 11:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/02/03 16:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/08/28 14:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/06/12 15:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/01/21 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/10/21 11:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/26 08:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\View22
[2006/09/02 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/03/03 09:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/15 08:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 08:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/12/06 14:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Acoustica
[2006/09/20 09:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Atari
[2011/03/03 11:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Autodesk
[2010/10/18 09:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\AVG10
[2007/03/29 14:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2006/09/26 09:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Downloaded Installations
[2006/10/27 13:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Empire XP
[2008/09/08 14:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\GarageGames
[2009/09/03 16:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\GetRightToGo
[2008/09/08 14:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Independent
[2007/01/31 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\KlipFolio
[2006/09/11 18:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Leadertech
[2006/11/16 11:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Netscape
[2008/12/22 13:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\OpenOffice.org
[2007/01/10 15:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Opera
[2008/09/08 13:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Phillip O'Shea
[2010/10/21 11:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\PlayFirst
[2010/09/07 14:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Raptr
[2011/03/28 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Safer Networking
[2008/01/02 15:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Snapfish
[2008/08/25 13:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\StoneTrip
[2009/11/25 10:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Uniblue
[2006/09/12 10:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Video DVD Maker FREE
[2008/04/30 15:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Windows Live Writer
[2009/11/03 17:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Xilisoft Corporation
[2011/05/13 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/05/12 17:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/05/12 23:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/05/13 05:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/05/11 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/16 08:41:15 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AA0897D3-CE67-4F04-96DB-2D6AD101B270}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8

< End of report >

OTL Extras logfile created on: 5/16/2011 8:38:48 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Eagle Panel Systems\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 69.01 Gb Free Space | 46.32% Space Free | Partition Type: NTFS
Drive Q: | 38.34 Gb Total Space | 36.76 Gb Free Space | 95.88% Space Free | Partition Type: NTFS

Computer Name: NORTH | User Name: Eagle Panel Systems | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"57858:TCP" = 57858:TCP:*:Enabled:Pando Media Booster
"57858:UDP" = 57858:UDP:*:Enabled:Pando Media Booster
"56865:TCP" = 56865:TCP:*:Enabled:Pando Media Booster
"56865:UDP" = 56865:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"57858:TCP" = 57858:TCP:*:Enabled:Pando Media Booster
"57858:UDP" = 57858:UDP:*:Enabled:Pando Media Booster
"56865:TCP" = 56865:TCP:*:Enabled:Pando Media Booster
"56865:UDP" = 56865:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
"C:\Program Files\Left Behind Games\Eternal Forces Beta Demo\Client.exe" = C:\Program Files\Left Behind Games\Eternal Forces Beta Demo\Client.exe:*:Enabled:Client
"C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe" = C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe:*:Enabled:Toolbox for HP Printing System for Windows
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\NeverwinterNights\NWN\nwserver.exe" = C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe" = C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe:*:Enabled:Tinker -- (Microsoft Corporation)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client -- ()
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054C3038-FFAC-446D-9682-E25891DC2E05}" = QuickBooks Product Listing Service
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C643154-0ADF-4B4C-AF17-E315C946A54B}" = MotoConnect
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{42818C20-762F-4958-9791-CDB459B81382}" = Preboot Manager
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-5004-0409-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2007
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{584109EB-CEA0-4954-804B-211000018301}" = Tinker
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}" = Bing Bar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E545666-F436-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Mfg and Whsle Edition 2007
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A580547F-4FB6-433E-A595-21CAA858C556}" = Microsoft Office Live Small Business Image Uploader
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}" = Atmel TPM Driver Installer 3.0.3.15
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE33EC58-5DFB-4560-9D33-1E7942E0554F}" = HP Deskjet 9800
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AVG" = AVG 2011
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.9
"DWG TrueView 2011" = DWG TrueView 2011
"Episode 1" = Back to the Future The Game - Episode 1
"Fallen" = unInstall Fallen Haven Demo
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"hp Deskjet 9800 series" = HP Deskjet 9800 Series
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Lexmark 5200 Series" = Lexmark 5200 Series
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Star Wars Knights of the Old Republic" = Star Wars Knights of the Old Republic
"SystemRequirementsLab" = System Requirements Lab
"TripMaker" = Rand McNally TripMaker Deluxe
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2011 4:00:43 AM | Computer Name = NORTH | Source = NativeWrapper | ID = 5000
Description =

Error - 5/11/2011 5:34:28 PM | Computer Name = NORTH | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 5/11/2011 5:34:28 PM | Computer Name = NORTH | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 5/11/2011 5:34:29 PM | Computer Name = NORTH | Source = NativeWrapper | ID = 5000
Description =

Error - 5/13/2011 4:00:29 AM | Computer Name = NORTH | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 5/13/2011 4:00:29 AM | Computer Name = NORTH | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 5/13/2011 4:00:30 AM | Computer Name = NORTH | Source = NativeWrapper | ID = 5000
Description =

Error - 5/13/2011 5:05:59 PM | Computer Name = NORTH | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 5/13/2011 5:05:59 PM | Computer Name = NORTH | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 5/13/2011 5:06:00 PM | Computer Name = NORTH | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 5/16/2011 9:23:19 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/16/2011 9:23:19 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/16/2011 9:23:19 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/16/2011 9:23:19 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/16/2011 9:23:19 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7031
Description = The MotoConnect Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 6000 milliseconds:
Restart the service.

Error - 5/16/2011 9:23:19 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/16/2011 9:23:19 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7034
Description = The QuickBooks Database Manager Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/16/2011 9:23:19 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 5/16/2011 9:35:16 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7000
Description = The DataSvr2 service failed to start due to the following error: %%2

Error - 5/16/2011 9:35:56 AM | Computer Name = NORTH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >
  • 0

#4
Snow1981
Posted 16 May 2011 - 07:52 AM

Snow1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
And here is the aswMBR scan log.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-16 08:50:16
-----------------------------
08:50:16.359 OS Version: Windows 5.1.2600 Service Pack 3
08:50:16.359 Number of processors: 2 586 0x604
08:50:16.359 ComputerName: NORTH UserName:
08:50:17.109 Initialize success
08:50:20.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
08:50:20.890 Disk 0 Vendor: WDC_WD16 10.0 Size: 152587MB BusType: 3
08:50:20.890 Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600JS-75NCB3_____________________10.02E04#4&302bf1c2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
08:50:20.890 Device \Driver\iaStor -> DriverStartIo 89716af1
08:50:20.906 Disk 0 MBR read successfully
08:50:20.906 Disk 0 MBR scan
08:50:20.906 Disk 0 Windows XP default MBR code
08:50:20.906 Disk 0 scanning sectors +312496380
08:50:20.937 Disk 0 malicious Win32:MBRoot code @ sector 312496383 !
08:50:20.937 Disk 0 PE file @ sector 312496405 !
08:50:20.937 Disk 0 scanning C:\WINDOWS\system32\drivers
08:50:28.953 File C:\WINDOWS\system32\drivers\netbt.sys TDL3 **ROOTKIT**
08:50:28.953 Disk 0 trace - called modules:
08:50:28.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89716ecc]<<
08:50:28.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6ef468]
08:50:28.968 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89d1a2f8]
08:50:28.968 [0x89cf7da0] -> IRP_MJ_CREATE -> 0x89716ecc
08:50:28.968 Scan finished successfully
08:50:43.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eagle Panel Systems\Desktop\MBR.dat"
08:50:43.656 The log file has been saved successfully to "C:\Documents and Settings\Eagle Panel Systems\Desktop\aswMBR.txt"
  • 0

#5
Essexboy
Posted 16 May 2011 - 11:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not quite out of the woods yet - there is a TDL 3 bootkit to remove and a few ports to close

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    3389:TCP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#6
Snow1981
Posted 16 May 2011 - 12:51 PM

Snow1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here are the results of the OTL scan. I am doing the other test and will post that log when finished.

OTL logfile created on: 5/16/2011 1:44:52 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Eagle Panel Systems\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 69.06 Gb Free Space | 46.36% Space Free | Partition Type: NTFS
Drive Q: | 38.34 Gb Total Space | 36.76 Gb Free Space | 95.88% Space Free | Partition Type: NTFS

Computer Name: NORTH | User Name: Eagle Panel Systems | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 08:22:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/15 22:27:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/03/15 22:27:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2004/06/04 06:14:40 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe
PRC - [2004/06/04 05:58:22 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 08:22:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DataSvr2)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/11/09 18:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/28 14:14:35 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/04/26 07:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel®
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004/02/20 14:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [Disabled | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/05/01 14:09:32 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/20 22:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/09 15:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://kotaku.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""


FF - HKLM\software\mozilla\Firefox\extensions\\{30263052-9356-41BB-8251-D4AD4B663270}: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\{30263052-9356-41BB-8251-D4AD4B663270} [2010/11/30 15:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:02:11 | 000,000,000 | ---D | M]

[2006/10/31 16:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Mozilla\Firefox\Profiles\lseu0r1k.default\extensions

O1 HOSTS File: ([2011/05/16 13:24:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} https://favorites.li...?v=13,0,1609,00 (FavImport Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.n...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/...msi.1.0.0.9.cab (CPlayFirstmsiControl Object)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...3/uploader2.cab (UploadListView Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://labcast.dynam...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114w.bay114...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://joeysnow24.sp...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/...me/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} https://offers.e-cen...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view...View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...ersion=1,0,0,10 (AstoundLauncher Control)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CCBDF033-DD85-45FD-AE68-FBC4A7C7C154} http://viewer.networ...ravaClientX.cab (BravaClientXView Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/...sh.1.0.0.94.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.41.107.45
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/03 10:36:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/11/29 12:03:07 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/11 11:42:07 | 000,000,047 | ---- | M] () - Q:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell - "" = AutoRun
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##SERVER#QUICKBOOKS\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{6232fd08-43f0-11df-9e06-0013722a98b3}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell - "" = AutoRun
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{642e866b-aa0f-11df-9e43-0013722a98b3}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 08:39:38 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\aswMBR.exe
[2011/05/16 08:22:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
[2011/05/16 08:16:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2008/01/15 12:54:17 | 005,360,925 | ---- | C] (Console Classix ) -- C:\Documents and Settings\Eagle Panel Systems\Application Data\consoleclassixsetup.exe

========== Files - Modified Within 30 Days ==========

[2011/05/16 13:42:45 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/16 13:42:11 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AA0897D3-CE67-4F04-96DB-2D6AD101B270}.job
[2011/05/16 13:31:15 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 13:30:47 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/05/16 13:30:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 13:29:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 13:24:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/16 13:23:48 | 000,094,776 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\Shop Layout Model (1).pdf
[2011/05/16 13:10:29 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/05/16 08:50:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\Desktop\MBR.dat
[2011/05/16 08:39:38 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\aswMBR.exe
[2011/05/16 08:22:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eagle Panel Systems\Desktop\OTL.exe
[2011/05/16 08:12:52 | 115,162,303 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/13 05:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/05/12 23:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/05/12 17:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/05/12 11:14:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/11 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/11 09:02:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/09 17:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/02 11:28:32 | 000,062,391 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\Panels Model (1).pdf
[2011/04/29 14:42:00 | 002,854,325 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\PFS 09-149 Rpt Complete 080210.pdf
[2011/04/29 09:37:29 | 000,014,667 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\202205.pdf
[2011/04/27 09:34:16 | 006,655,890 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\6 Span Charts.PDF
[2011/04/18 13:07:52 | 000,862,828 | ---- | M] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\TF-10082.pdf

========== Files Created - No Company Name ==========

[2011/05/16 13:42:45 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/16 13:23:48 | 000,094,776 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\Shop Layout Model (1).pdf
[2011/05/16 08:50:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Desktop\MBR.dat
[2011/05/02 11:28:32 | 000,062,391 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\Panels Model (1).pdf
[2011/04/29 14:42:00 | 002,854,325 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\PFS 09-149 Rpt Complete 080210.pdf
[2011/04/29 09:37:29 | 000,014,667 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\202205.pdf
[2011/04/27 09:24:30 | 006,655,890 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\6 Span Charts.PDF
[2011/04/18 13:07:52 | 000,862,828 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\My Documents\TF-10082.pdf
[2011/02/09 09:37:10 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/12/15 13:34:57 | 000,150,921 | ---- | C] () -- C:\WINDOWS\hpwins11.dat
[2010/12/15 13:34:57 | 000,000,522 | ---- | C] () -- C:\WINDOWS\hpwmdl11.dat
[2010/11/30 16:05:25 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\completescan
[2010/11/30 15:57:46 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\install
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/09/24 08:44:59 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2010/08/25 16:37:34 | 002,137,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/15 09:13:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010/04/08 14:45:52 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/19 12:57:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/28 07:52:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2009/08/21 12:49:39 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\freeIs.cab
[2009/08/21 12:49:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\freekL.cab
[2009/08/13 14:07:23 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\abeyH6.cab
[2009/08/13 14:07:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\csmoY1.cab
[2009/08/11 11:23:00 | 000,002,960 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\axyuF7.cab
[2009/08/11 11:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\tquiJ1.cab
[2009/08/11 10:20:04 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D6.cab
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/23 08:54:41 | 000,002,462 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D4.cab
[2009/07/23 08:54:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\upz3D5.cab
[2009/07/06 14:27:17 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\PnkBstrK.sys
[2009/06/25 15:23:41 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/06/25 15:23:04 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2009/06/12 15:12:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/09/08 14:14:49 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2008/09/08 13:48:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/06/14 16:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Swat.INI
[2007/06/14 15:45:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\VIDX16.DLL
[2007/06/14 15:45:18 | 000,000,480 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/06/14 15:45:17 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007/03/13 10:45:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/26 11:33:36 | 000,006,690 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\ExportFile2.csv.8590828.xml
[2007/01/26 11:33:35 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\BCMMappings.xml
[2007/01/17 09:21:06 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/29 12:03:07 | 000,001,196 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006/11/28 16:56:43 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2006/11/28 09:12:27 | 000,000,851 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/11/28 09:12:00 | 000,000,347 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dat
[2006/11/27 16:14:26 | 000,000,397 | R--- | C] () -- C:\WINDOWS\hpw9800k.ini
[2006/11/27 16:13:09 | 000,000,582 | ---- | C] () -- C:\WINDOWS\hpdj9800.ini
[2006/11/27 16:12:58 | 000,001,487 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2006/10/31 16:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/12 16:10:24 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/12 16:05:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/09/12 13:08:53 | 000,000,409 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2006/09/12 10:13:19 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2006/09/12 10:13:19 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2006/09/12 10:10:57 | 000,001,832 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2006/09/12 10:10:47 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbtih.exe
[2006/09/12 10:10:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2006/09/12 10:10:41 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2006/09/12 08:15:48 | 000,009,333 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Comma Separated Values (DOS).EML
[2006/09/11 17:56:50 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\LEADDIB.DRV
[2006/09/11 17:56:49 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\FPRUN300.DLL
[2006/09/11 17:43:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/09/11 17:43:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2006/09/11 17:26:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/09/11 16:56:45 | 000,000,126 | R--- | C] () -- C:\WINDOWS\hpw9600k.ini
[2006/09/11 16:56:44 | 000,102,400 | R--- | C] () -- C:\WINDOWS\scrub2k.exe
[2006/09/11 16:55:35 | 000,006,277 | ---- | C] () -- C:\WINDOWS\hpdj9600.ini
[2006/09/11 16:52:11 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Eagle Panel Systems\Local Settings\Application Data\fusioncache.dat
[2006/09/02 11:46:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/02 11:41:23 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/02 11:39:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/02 11:15:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/02 11:15:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/02 11:14:46 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/04/18 16:13:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/03/17 14:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/17 14:16:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/03/17 14:16:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/17 14:16:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/03/17 14:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/17 14:16:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/17 14:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/17 14:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/03/17 14:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/03/17 14:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/12/01 14:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,382,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:28 | 000,532,300 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,109,316 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/18 18:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2003/04/08 13:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/04 13:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1997/01/20 21:19:42 | 000,258,048 | ---- | C] () -- C:\Program Files\REGISTER.EXE
[1997/01/20 21:19:38 | 000,000,212 | ---- | C] () -- C:\Program Files\PRODUCT.INI

========== LOP Check ==========

[2011/03/03 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/12/10 14:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 08:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/18 09:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/01/10 15:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/04/11 09:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/12/21 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2006/11/29 12:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/11/29 12:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/06/12 11:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2010/10/21 11:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/02/03 16:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/08/28 14:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/06/12 15:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/01/21 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/10/21 11:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/26 08:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\View22
[2006/09/02 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/03/03 09:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/15 08:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 08:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/12/06 14:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Acoustica
[2006/09/20 09:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Atari
[2011/03/03 11:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Autodesk
[2010/10/18 09:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\AVG10
[2007/03/29 14:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2006/09/26 09:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Downloaded Installations
[2006/10/27 13:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Empire XP
[2008/09/08 14:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\GarageGames
[2009/09/03 16:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\GetRightToGo
[2008/09/08 14:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Independent
[2007/01/31 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\KlipFolio
[2006/09/11 18:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Leadertech
[2006/11/16 11:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Netscape
[2008/12/22 13:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\OpenOffice.org
[2007/01/10 15:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Opera
[2008/09/08 13:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Phillip O'Shea
[2010/10/21 11:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\PlayFirst
[2010/09/07 14:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Raptr
[2011/03/28 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Safer Networking
[2008/01/02 15:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Snapfish
[2008/08/25 13:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\StoneTrip
[2009/11/25 10:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Uniblue
[2006/09/12 10:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Video DVD Maker FREE
[2008/04/30 15:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Windows Live Writer
[2009/11/03 17:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eagle Panel Systems\Application Data\Xilisoft Corporation
[2011/05/16 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/05/12 17:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/05/12 23:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/05/13 05:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/05/11 11:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/16 13:42:11 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AA0897D3-CE67-4F04-96DB-2D6AD101B270}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8

< End of report >
  • 0

#7
Snow1981
Posted 16 May 2011 - 01:10 PM

Snow1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
And here is the TDSSKiller log.


2011/05/16 14:01:24.0060 3208 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 14:01:24.0466 3208 ================================================================================
2011/05/16 14:01:24.0466 3208 SystemInfo:
2011/05/16 14:01:24.0466 3208
2011/05/16 14:01:24.0466 3208 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/16 14:01:24.0466 3208 Product type: Workstation
2011/05/16 14:01:24.0466 3208 ComputerName: NORTH
2011/05/16 14:01:24.0466 3208 UserName: Eagle Panel Systems
2011/05/16 14:01:24.0466 3208 Windows directory: C:\WINDOWS
2011/05/16 14:01:24.0466 3208 System windows directory: C:\WINDOWS
2011/05/16 14:01:24.0466 3208 Processor architecture: Intel x86
2011/05/16 14:01:24.0466 3208 Number of processors: 2
2011/05/16 14:01:24.0466 3208 Page size: 0x1000
2011/05/16 14:01:24.0466 3208 Boot type: Normal boot
2011/05/16 14:01:24.0466 3208 ================================================================================
2011/05/16 14:01:24.0701 3208 Initialize success
2011/05/16 14:01:32.0716 3540 ================================================================================
2011/05/16 14:01:32.0716 3540 Scan started
2011/05/16 14:01:32.0716 3540 Mode: Manual;
2011/05/16 14:01:32.0716 3540 ================================================================================
2011/05/16 14:01:33.0216 3540 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/16 14:01:33.0294 3540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/16 14:01:33.0341 3540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/16 14:01:33.0388 3540 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/16 14:01:33.0451 3540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/16 14:01:33.0498 3540 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/16 14:01:33.0560 3540 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/16 14:01:33.0607 3540 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/16 14:01:33.0669 3540 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/16 14:01:33.0716 3540 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/16 14:01:33.0763 3540 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/16 14:01:33.0826 3540 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/16 14:01:33.0857 3540 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/16 14:01:33.0904 3540 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/16 14:01:33.0935 3540 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/16 14:01:33.0982 3540 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/16 14:01:34.0044 3540 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/16 14:01:34.0060 3540 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/16 14:01:34.0138 3540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/16 14:01:34.0154 3540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/16 14:01:34.0201 3540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/16 14:01:34.0279 3540 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/05/16 14:01:34.0326 3540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/16 14:01:34.0419 3540 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/16 14:01:34.0451 3540 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/16 14:01:34.0498 3540 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/16 14:01:34.0560 3540 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/16 14:01:34.0623 3540 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/16 14:01:34.0685 3540 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/16 14:01:34.0732 3540 AvgRkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/16 14:01:34.0810 3540 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/16 14:01:34.0873 3540 b57w2k (bb1a2a73f993b623f99e03ed2f9e014c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/16 14:01:34.0919 3540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/16 14:01:34.0998 3540 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
2011/05/16 14:01:35.0013 3540 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/16 14:01:35.0029 3540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/16 14:01:35.0076 3540 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/16 14:01:35.0107 3540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/16 14:01:35.0169 3540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/16 14:01:35.0232 3540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/16 14:01:35.0279 3540 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/16 14:01:35.0357 3540 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/16 14:01:35.0388 3540 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/16 14:01:35.0482 3540 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/16 14:01:35.0513 3540 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/16 14:01:35.0560 3540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/16 14:01:35.0607 3540 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/16 14:01:35.0623 3540 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/16 14:01:35.0638 3540 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/05/16 14:01:35.0669 3540 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/16 14:01:35.0685 3540 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/16 14:01:35.0716 3540 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/16 14:01:35.0716 3540 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/05/16 14:01:35.0748 3540 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/16 14:01:35.0779 3540 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/16 14:01:35.0857 3540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/16 14:01:35.0919 3540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/05/16 14:01:35.0951 3540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/16 14:01:35.0998 3540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/16 14:01:36.0044 3540 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/16 14:01:36.0091 3540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/16 14:01:36.0154 3540 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/16 14:01:36.0169 3540 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/16 14:01:36.0216 3540 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/16 14:01:36.0294 3540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/16 14:01:36.0341 3540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/16 14:01:36.0373 3540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/16 14:01:36.0404 3540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/16 14:01:36.0466 3540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/16 14:01:36.0498 3540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/16 14:01:36.0513 3540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/16 14:01:36.0560 3540 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/16 14:01:36.0623 3540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/16 14:01:36.0685 3540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/16 14:01:36.0732 3540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/16 14:01:36.0779 3540 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/16 14:01:36.0857 3540 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/16 14:01:36.0873 3540 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/16 14:01:36.0904 3540 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/16 14:01:36.0951 3540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/16 14:01:36.0998 3540 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/16 14:01:37.0029 3540 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/16 14:01:37.0060 3540 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/16 14:01:37.0107 3540 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/16 14:01:37.0185 3540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/16 14:01:37.0232 3540 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/16 14:01:37.0248 3540 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/16 14:01:37.0326 3540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/16 14:01:37.0357 3540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/16 14:01:37.0404 3540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/16 14:01:37.0451 3540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/16 14:01:37.0466 3540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/16 14:01:37.0498 3540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/16 14:01:37.0513 3540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/16 14:01:37.0544 3540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/16 14:01:37.0576 3540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/16 14:01:37.0607 3540 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/16 14:01:37.0654 3540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/16 14:01:37.0685 3540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/16 14:01:37.0794 3540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/16 14:01:37.0857 3540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/16 14:01:37.0904 3540 motccgp (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/05/16 14:01:37.0935 3540 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/05/16 14:01:37.0951 3540 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/05/16 14:01:37.0982 3540 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
2011/05/16 14:01:38.0029 3540 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
2011/05/16 14:01:38.0060 3540 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
2011/05/16 14:01:38.0107 3540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/16 14:01:38.0154 3540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/16 14:01:38.0201 3540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/16 14:01:38.0248 3540 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/16 14:01:38.0294 3540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/16 14:01:38.0357 3540 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/16 14:01:38.0435 3540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/16 14:01:38.0482 3540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/16 14:01:38.0513 3540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/16 14:01:38.0544 3540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/16 14:01:38.0576 3540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/16 14:01:38.0607 3540 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/16 14:01:38.0638 3540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/16 14:01:38.0685 3540 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/16 14:01:38.0701 3540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/16 14:01:38.0732 3540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/16 14:01:38.0779 3540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/16 14:01:38.0826 3540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/16 14:01:38.0857 3540 NetBT (99f7eaa8a6d3ad5e8aaa144d97f02541) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/16 14:01:38.0857 3540 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 99f7eaa8a6d3ad5e8aaa144d97f02541, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2011/05/16 14:01:38.0857 3540 NetBT - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/16 14:01:38.0919 3540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/16 14:01:38.0951 3540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/16 14:01:38.0998 3540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/16 14:01:39.0154 3540 nv (392ad6a1676fbbc80fa1dad4c9955131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/16 14:01:39.0294 3540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/16 14:01:39.0326 3540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/16 14:01:39.0419 3540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/16 14:01:39.0435 3540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/16 14:01:39.0482 3540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/16 14:01:39.0529 3540 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys
2011/05/16 14:01:39.0607 3540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/16 14:01:39.0654 3540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/16 14:01:39.0685 3540 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
2011/05/16 14:01:39.0716 3540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/16 14:01:39.0841 3540 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/16 14:01:39.0873 3540 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/16 14:01:39.0951 3540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/16 14:01:39.0966 3540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/16 14:01:40.0013 3540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/16 14:01:40.0060 3540 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/16 14:01:40.0123 3540 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/16 14:01:40.0169 3540 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/16 14:01:40.0216 3540 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/16 14:01:40.0263 3540 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/16 14:01:40.0294 3540 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/16 14:01:40.0341 3540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/16 14:01:40.0357 3540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/16 14:01:40.0388 3540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/16 14:01:40.0404 3540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/16 14:01:40.0451 3540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/16 14:01:40.0482 3540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/16 14:01:40.0544 3540 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/16 14:01:40.0576 3540 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/16 14:01:40.0623 3540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/16 14:01:40.0716 3540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/16 14:01:40.0763 3540 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/16 14:01:40.0779 3540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/16 14:01:40.0810 3540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/16 14:01:40.0888 3540 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/16 14:01:40.0951 3540 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/16 14:01:41.0029 3540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/16 14:01:41.0076 3540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/16 14:01:41.0138 3540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/16 14:01:41.0216 3540 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/16 14:01:41.0279 3540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/16 14:01:41.0294 3540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/16 14:01:41.0341 3540 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/16 14:01:41.0373 3540 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/16 14:01:41.0404 3540 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/16 14:01:41.0435 3540 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/16 14:01:41.0482 3540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/16 14:01:41.0544 3540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/16 14:01:41.0623 3540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/16 14:01:41.0669 3540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/16 14:01:41.0701 3540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/16 14:01:41.0763 3540 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/16 14:01:41.0810 3540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/16 14:01:41.0873 3540 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/16 14:01:41.0951 3540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/16 14:01:42.0029 3540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/16 14:01:42.0044 3540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/16 14:01:42.0076 3540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/16 14:01:42.0107 3540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/16 14:01:42.0138 3540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/16 14:01:42.0169 3540 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/16 14:01:42.0201 3540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/16 14:01:42.0216 3540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/16 14:01:42.0263 3540 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/16 14:01:42.0326 3540 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/16 14:01:42.0357 3540 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/16 14:01:42.0419 3540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/16 14:01:42.0482 3540 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/16 14:01:42.0560 3540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/16 14:01:42.0669 3540 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/16 14:01:42.0716 3540 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/16 14:01:42.0810 3540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/16 14:01:42.0841 3540 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/16 14:01:42.0998 3540 ================================================================================
2011/05/16 14:01:42.0998 3540 Scan finished
2011/05/16 14:01:42.0998 3540 ================================================================================
2011/05/16 14:01:43.0013 2212 Detected object count: 1
2011/05/16 14:01:55.0748 2212 NetBT (99f7eaa8a6d3ad5e8aaa144d97f02541) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/16 14:01:55.0748 2212 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 99f7eaa8a6d3ad5e8aaa144d97f02541, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2011/05/16 14:01:57.0216 2212 Backup copy found, using it..
2011/05/16 14:01:57.0216 2212 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/05/16 14:01:57.0216 2212 Rootkit.Win32.TDSS.tdl3(NetBT) - User select action: Cure
2011/05/16 14:02:12.0623 3164 Deinitialize success
  • 0

#8
Essexboy
Posted 16 May 2011 - 01:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That one has now bitten the dust :)

What are your current problems now ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
Snow1981
Posted 16 May 2011 - 03:16 PM

Snow1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Below is the Malwarebytes log. It detected no problems. Computer is working great. I need to check the browser redirects and update windows. It's a good feeling having a computer that works. THANK YOU!!


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6593

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/16/2011 4:13:21 PM
mbam-log-2011-05-16 (16-13-21).txt

Scan type: Quick scan
Objects scanned: 199120
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Essexboy
Posted 16 May 2011 - 03:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once you are happy - let me know and I will remove my tools and tidy you up :)
  • 0

Advertisements

#11
Snow1981
Posted 16 May 2011 - 03:44 PM

Snow1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I just tried to update windows with three updates and all three failed. One was a security update. I won't be on for the rest of the night but I will try again tomorrow.
  • 0

#12
Essexboy
Posted 17 May 2011 - 10:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sometimes damage is caused by the malware so lets try a repair

OK windows update repair


Go to this page
Run the fixit there (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode
  • 0

#13
Snow1981
Posted 18 May 2011 - 03:36 PM

Snow1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Everything is working perfectly.
  • 0

#14
Essexboy
Posted 18 May 2011 - 03:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#15
Snow1981
Posted 19 May 2011 - 02:33 PM

Snow1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ran cleanup in OTL, hid my files, updated Java, and did spring cleaning. Malwarebytes has now found a home on my computer. Everything is running great.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP