Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan-bnk.win32.keylogger.gen - Windows 7


  • Please log in to reply

#1
usenikon

usenikon

    Member

  • Member
  • PipPip
  • 12 posts
I started getting the pop up from this "trojan-bnk.win32.keylogger.gen" saying computer is infected etc...
other syptoms
-Browser redirects
-slowness
-could not run cmd
-could not run regedit

I was able to kill a random 3 letter .exe program that was running through task manger and got the pop ups to quit temporarily. I did a system restore and the issue seemed to go away but now the slowness is back and network connectivity is horribly slow.

Can you walk me through getting rid of this?
  • 0

Advertisements


#2
usenikon

usenikon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have run the OTL.exe and below are the otl.txt results:

OTL logfile created on: 12/29/2011 1:35:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Albright\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 55.34% Memory free
7.50 Gb Paging File | 5.73 Gb Available in Paging File | 76.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 203.66 Gb Free Space | 71.14% Space Free | Partition Type: NTFS
Drive H: | 58.59 Gb Total Space | 57.43 Gb Free Space | 98.02% Space Free | Partition Type: NTFS
Drive P: | 307.62 Gb Total Space | 244.83 Gb Free Space | 79.59% Space Free | Partition Type: NTFS
Drive R: | 97.66 Gb Total Space | 87.70 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
Drive T: | 97.66 Gb Total Space | 93.10 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
Drive Z: | 100.71 Gb Total Space | 100.61 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: MOBILEWS | User Name: Albright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/12/29 13:34:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Albright\Downloads\OTL.exe
PRC - [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/01/30 05:39:14 | 000,108,936 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Aec32BitAppServer57.exe
PRC - [2009/08/20 19:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/13 16:08:00 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/20 23:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/02 10:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2011/07/12 12:08:13 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/02 13:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/03/29 14:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/08/24 07:45:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/20 19:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/24 09:58:44 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011/09/08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/12 11:40:26 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/27 10:36:22 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/10/05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/02 13:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/28 09:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 09:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/03/13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009/03/13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/12/29 09:55:54 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E873293F-3709-4471-B0B6-678DB0092183}\MpKsl825c9e28.sys -- (MpKsl825c9e28)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/07 15:47:48 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/13 07:28:46] [Kernel | Auto | Running] -- c:\Program Files (x86)\Cyberlink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2002/04/15 09:21:10 | 000,030,720 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\GIS\ImportExport\2.0\null.dll -- (Null)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 93 F3 C4 FD 6E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/11 18:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/13 15:58:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/13 16:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albright\AppData\Roaming\Mozilla\Extensions
[2011/12/13 15:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/05/03 11:35:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Heleni Uploader] C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: oppenheimerfunds.com ([www] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 108.85.100.94 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E82EA1-D9E2-446D-AB3F-B29D87931FD1}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D43236C-407E-474B-A1A8-67CD11E00772}: DhcpNameServer = 108.85.100.94 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\jpip - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sidlet - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\jpip {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\Express View\expressview.dll (Lizardtech Software)
O18 - Protocol\Handler\sidlet {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\Express View\expressview.dll (Lizardtech Software)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/15 16:11:42 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 10:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Printer Uninstaller
[2011/12/29 10:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/12/28 14:39:07 | 000,000,000 | ---D | C] -- C:\windows\system64
[2011/12/28 07:18:11 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/28 07:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/12/27 15:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileCenter
[2011/12/27 15:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCenter
[2011/12/27 14:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Color Network ScanGear
[2011/12/27 13:13:44 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\LOG
[2011/12/27 13:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011/12/27 13:03:42 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Local\Programs
[2011/12/27 12:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011/12/27 12:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NSI
[2011/12/27 07:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011/12/20 14:47:22 | 000,000,000 | ---D | C] -- C:\Users\Albright\Documents\Outlook Files
[2011/12/15 07:09:02 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Roaming\Trimble Navigation
[2011/12/14 17:09:07 | 000,000,000 | ---D | C] -- C:\Trimble Tutorials
[2011/12/14 17:08:45 | 000,000,000 | ---D | C] -- C:\Trimble Synchronizer Data
[2011/12/14 16:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared
[2011/12/14 16:57:30 | 004,913,608 | ---- | C] (SafeNet Inc.) -- C:\windows\SysNative\hasplms.exe
[2011/12/14 16:54:59 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\SysNative\drivers\hardlock.sys
[2011/12/14 16:54:59 | 000,071,168 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\SysNative\aksusb3.dll
[2011/12/14 16:54:59 | 000,063,488 | ---- | C] (SafeNet Inc.) -- C:\windows\SysNative\akshhl29.dll
[2011/12/14 16:54:59 | 000,053,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\SysNative\drivers\akshasp.sys
[2011/12/14 16:54:59 | 000,025,344 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\SysNative\drivers\aksusb.sys
[2011/12/14 16:54:59 | 000,011,776 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\SysNative\akshsp51.dll
[2011/12/14 16:54:47 | 000,075,648 | ---- | C] (SafeNet Inc.) -- C:\windows\SysNative\drivers\aksdf.sys
[2011/12/14 16:54:47 | 000,014,720 | ---- | C] (SafeNet Inc.) -- C:\windows\SysNative\drivers\aksclass.sys
[2011/12/14 15:43:49 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Local\Trimble
[2011/12/14 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Albright\Documents\Trimble Business Center
[2011/12/14 15:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Trimble
[2011/12/14 15:21:20 | 000,000,000 | ---D | C] -- C:\Trimble Business Center 2.60 Setup
[2011/12/14 15:10:28 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
[2011/12/14 14:47:02 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Roaming\Trimble
[2011/12/14 07:14:52 | 000,000,000 | ---D | C] -- C:\Users\Albright\Desktop\ACCESS
[2011/12/14 07:07:50 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Roaming\DAEMON Tools Lite
[2011/12/13 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Roaming\Mozilla
[2011/12/13 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Local\Mozilla
[2011/12/13 15:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/12/13 12:34:58 | 000,000,000 | ---D | C] -- C:\Users\Albright\AppData\Roaming\Real
[2011/12/11 13:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\DOSLib 8.6
[2011/12/08 16:08:29 | 000,000,000 | ---D | C] -- C:\Users\Albright\Desktop\Survey Codes
[2011/12/08 15:55:37 | 000,000,000 | ---D | C] -- C:\Users\Albright\Desktop\BEACH
[2011/12/08 15:18:47 | 000,000,000 | ---D | C] -- C:\Users\Albright\Desktop\CAD Manual
[2011/12/02 10:51:58 | 004,913,608 | ---- | C] (SafeNet Inc.) -- C:\windows\SysNative\aksllmtp.exe

========== Files - Modified Within 30 Days ==========

[2011/12/29 13:33:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 12:01:16 | 000,000,209 | -H-- | M] () -- C:\Users\Albright\Desktop\Drawing1.dwl2
[2011/12/29 12:01:16 | 000,000,059 | -H-- | M] () -- C:\Users\Albright\Desktop\Drawing1.dwl
[2011/12/29 07:14:12 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 07:14:12 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 07:07:29 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 07:07:13 | 000,000,499 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2011/12/29 07:07:02 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2011/12/29 07:06:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/29 07:06:39 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 14:01:18 | 000,973,922 | ---- | M] () -- C:\Users\Albright\Documents\fletchers.dwg
[2011/12/28 13:57:06 | 000,014,372 | ---- | M] () -- C:\Users\Albright\Desktop\Detail.pdf
[2011/12/28 13:53:54 | 000,010,483 | ---- | M] () -- C:\Users\Albright\Desktop\Overall.pdf
[2011/12/28 08:59:03 | 002,072,576 | ---- | M] () -- C:\Users\Albright\Desktop\Database5.accdb
[2011/12/28 08:58:55 | 002,076,672 | ---- | M] () -- C:\Users\Albright\Documents\Database5.accdb
[2011/12/27 16:04:57 | 002,001,058 | ---- | M] () -- C:\Users\Albright\New Scan_3.pdf
[2011/12/27 16:03:47 | 001,270,618 | ---- | M] () -- C:\Users\Albright\New Scan_2_2.pdf
[2011/12/27 16:02:57 | 000,003,822 | ---- | M] () -- C:\Users\Albright\New Scan_2.pdf
[2011/12/27 16:02:07 | 000,973,858 | ---- | M] () -- C:\Users\Albright\New Scan.pdf
[2011/12/27 07:11:50 | 001,900,544 | ---- | M] () -- C:\Users\Albright\Documents\Database4.accdb
[2011/12/22 16:17:18 | 007,456,995 | ---- | M] () -- C:\Users\Albright\Desktop\11-046-TopoBase_CEC.dwg
[2011/12/22 13:52:56 | 001,998,848 | ---- | M] () -- C:\Users\Albright\Documents\Database3.accdb
[2011/12/22 13:50:44 | 001,658,880 | ---- | M] () -- C:\Users\Albright\Documents\Database2.accdb
[2011/12/21 16:17:44 | 002,056,192 | ---- | M] () -- C:\Users\Albright\Documents\Call Tracker6.accdb
[2011/12/21 15:45:31 | 001,998,848 | ---- | M] () -- C:\Users\Albright\Documents\Call Tracker5.accdb
[2011/12/19 16:56:46 | 002,928,640 | ---- | M] () -- C:\Users\Albright\Desktop\MEGA.accdb
[2011/12/19 16:38:27 | 001,744,896 | ---- | M] () -- C:\Users\Albright\Documents\Call Tracker4.accdb
[2011/12/19 08:21:26 | 000,000,063 | ---- | M] () -- C:\windows\ccolwiz.ini
[2011/12/18 22:15:45 | 001,736,704 | ---- | M] () -- C:\Users\Albright\Documents\Call Tracker3.accdb
[2011/12/18 07:18:53 | 000,525,072 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/14 20:13:15 | 002,359,296 | ---- | M] () -- C:\Users\Albright\Documents\Call Tracker2.accdb
[2011/12/14 19:58:47 | 002,097,152 | ---- | M] () -- C:\Users\Albright\Documents\Call Tracker1.accdb
[2011/12/14 17:07:42 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Trimble Business Center.lnk
[2011/12/14 14:48:54 | 000,000,919 | ---- | M] () -- C:\Users\Albright\Desktop\Windows Mobile Device Center.lnk
[2011/12/14 14:48:00 | 000,889,902 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/12/14 14:48:00 | 000,203,194 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/12/14 14:48:00 | 000,006,610 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/12/14 12:16:12 | 001,736,704 | ---- | M] () -- C:\Users\Albright\Documents\Call Tracker.accdb
[2011/12/14 11:58:51 | 000,006,612 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/14 11:55:38 | 001,320,819 | ---- | M] () -- C:\Users\Albright\Documents\CallTracker.accdt
[2011/12/14 11:47:03 | 001,003,520 | ---- | M] () -- C:\Users\Albright\Documents\Tasks.accdb
[2011/12/13 06:38:22 | 000,000,742 | ---- | M] () -- C:\Users\Albright\Desktop\Projects 2011.lnk
[2011/12/13 06:37:20 | 000,000,663 | ---- | M] () -- C:\Users\Albright\Desktop\Projects.lnk
[2011/12/12 16:49:08 | 001,163,264 | ---- | M] () -- C:\Users\Albright\Documents\Time Tracking.accdb
[2011/12/12 10:33:19 | 000,000,672 | ---- | M] () -- C:\Users\Albright\Desktop\Field Book Entry.MAF
[2011/12/12 10:08:35 | 001,540,096 | ---- | M] () -- C:\Users\Albright\Documents\Database1.accdb
[2011/12/12 08:44:35 | 000,884,736 | ---- | M] () -- C:\Users\Albright\Documents\FieldBook.accdb
[2011/12/12 07:23:37 | 000,000,280 | ---- | M] () -- C:\Users\Albright\Documents\acad.err
[2011/12/11 14:52:15 | 000,737,280 | ---- | M] () -- C:\Users\Albright\Documents\Events.accdb
[2011/12/06 07:32:06 | 000,921,600 | ---- | M] () -- C:\Users\Albright\Documents\Faculty.accdb
[2011/12/06 07:03:54 | 002,936,832 | ---- | M] () -- C:\Users\Albright\Documents\Projects Web Database.accdb
[2011/12/05 14:40:33 | 000,002,382 | ---- | M] () -- C:\Users\Albright\Desktop\MEGA Civil 3D 2012.lnk
[2011/12/02 10:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) -- C:\windows\SysNative\hasplms.exe
[2011/12/02 10:51:58 | 004,913,608 | ---- | M] (SafeNet Inc.) -- C:\windows\SysNative\aksllmtp.exe

========== Files Created - No Company Name ==========

[2011/12/29 12:01:16 | 000,000,209 | -H-- | C] () -- C:\Users\Albright\Desktop\Drawing1.dwl2
[2011/12/29 12:01:16 | 000,000,059 | -H-- | C] () -- C:\Users\Albright\Desktop\Drawing1.dwl
[2011/12/29 11:39:34 | 007,456,995 | ---- | C] () -- C:\Users\Albright\Desktop\11-046-TopoBase_CEC.dwg
[2011/12/28 14:01:18 | 000,973,922 | ---- | C] () -- C:\Users\Albright\Documents\fletchers.dwg
[2011/12/28 13:57:06 | 000,014,372 | ---- | C] () -- C:\Users\Albright\Desktop\Detail.pdf
[2011/12/28 13:53:54 | 000,010,483 | ---- | C] () -- C:\Users\Albright\Desktop\Overall.pdf
[2011/12/28 08:59:02 | 002,072,576 | ---- | C] () -- C:\Users\Albright\Desktop\Database5.accdb
[2011/12/28 07:33:52 | 002,076,672 | ---- | C] () -- C:\Users\Albright\Documents\Database5.accdb
[2011/12/27 16:04:57 | 002,001,058 | ---- | C] () -- C:\Users\Albright\New Scan_3.pdf
[2011/12/27 16:03:47 | 001,270,618 | ---- | C] () -- C:\Users\Albright\New Scan_2_2.pdf
[2011/12/27 16:02:58 | 000,003,822 | ---- | C] () -- C:\Users\Albright\New Scan_2.pdf
[2011/12/27 16:02:07 | 000,973,858 | ---- | C] () -- C:\Users\Albright\New Scan.pdf
[2011/12/27 06:51:45 | 001,900,544 | ---- | C] () -- C:\Users\Albright\Documents\Database4.accdb
[2011/12/22 13:50:48 | 001,998,848 | ---- | C] () -- C:\Users\Albright\Documents\Database3.accdb
[2011/12/22 13:50:01 | 001,658,880 | ---- | C] () -- C:\Users\Albright\Documents\Database2.accdb
[2011/12/21 15:46:05 | 002,056,192 | ---- | C] () -- C:\Users\Albright\Documents\Call Tracker6.accdb
[2011/12/21 15:44:44 | 001,998,848 | ---- | C] () -- C:\Users\Albright\Documents\Call Tracker5.accdb
[2011/12/19 16:38:27 | 002,928,640 | ---- | C] () -- C:\Users\Albright\Desktop\MEGA.accdb
[2011/12/19 16:37:58 | 001,744,896 | ---- | C] () -- C:\Users\Albright\Documents\Call Tracker4.accdb
[2011/12/18 22:14:58 | 001,736,704 | ---- | C] () -- C:\Users\Albright\Documents\Call Tracker3.accdb
[2011/12/14 19:59:14 | 002,359,296 | ---- | C] () -- C:\Users\Albright\Documents\Call Tracker2.accdb
[2011/12/14 19:57:32 | 002,097,152 | ---- | C] () -- C:\Users\Albright\Documents\Call Tracker1.accdb
[2011/12/14 17:07:42 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Trimble Business Center.lnk
[2011/12/14 14:48:54 | 000,000,919 | ---- | C] () -- C:\Users\Albright\Desktop\Windows Mobile Device Center.lnk
[2011/12/14 12:16:04 | 001,736,704 | ---- | C] () -- C:\Users\Albright\Documents\Call Tracker.accdb
[2011/12/14 11:55:38 | 001,320,819 | ---- | C] () -- C:\Users\Albright\Documents\CallTracker.accdt
[2011/12/14 11:46:32 | 001,003,520 | ---- | C] () -- C:\Users\Albright\Documents\Tasks.accdb
[2011/12/13 06:37:39 | 000,000,742 | ---- | C] () -- C:\Users\Albright\Desktop\Projects 2011.lnk
[2011/12/13 06:36:35 | 000,000,663 | ---- | C] () -- C:\Users\Albright\Desktop\Projects.lnk
[2011/12/12 16:45:45 | 001,163,264 | ---- | C] () -- C:\Users\Albright\Documents\Time Tracking.accdb
[2011/12/12 10:33:19 | 000,000,672 | ---- | C] () -- C:\Users\Albright\Desktop\Field Book Entry.MAF
[2011/12/12 08:13:10 | 000,884,736 | ---- | C] () -- C:\Users\Albright\Documents\FieldBook.accdb
[2011/12/12 07:23:11 | 000,000,280 | ---- | C] () -- C:\Users\Albright\Documents\acad.err
[2011/12/11 14:52:52 | 001,540,096 | ---- | C] () -- C:\Users\Albright\Documents\Database1.accdb
[2011/12/11 14:51:14 | 000,737,280 | ---- | C] () -- C:\Users\Albright\Documents\Events.accdb
[2011/12/06 07:03:54 | 000,921,600 | ---- | C] () -- C:\Users\Albright\Documents\Faculty.accdb
[2011/12/06 07:01:41 | 002,936,832 | ---- | C] () -- C:\Users\Albright\Documents\Projects Web Database.accdb
[2011/09/30 06:54:29 | 000,000,899 | ---- | C] () -- C:\windows\TIMEZONE.INI
[2011/09/30 06:53:54 | 000,009,136 | ---- | C] () -- C:\windows\SysWow64\INETWH16.DLL
[2011/08/17 05:44:43 | 000,000,063 | ---- | C] () -- C:\windows\ccolwiz.ini
[2011/05/03 12:01:15 | 000,006,612 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/03 11:25:37 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/05/03 11:25:37 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/05/03 11:25:37 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/05/03 11:25:37 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/05/03 11:25:37 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/03/01 14:53:51 | 000,000,000 | ---- | C] () -- C:\windows\mtstack16.INI
[2011/01/12 01:29:30 | 000,041,472 | ---- | C] () -- C:\windows\SysWow64\TCC Explorer.exe
[2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2010/11/02 13:41:43 | 000,000,038 | ---- | C] () -- C:\windows\cdplayer.ini
[2010/09/21 13:34:52 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2010/06/30 16:37:20 | 000,204,800 | ---- | C] () -- C:\windows\SysWow64\lpng.dll
[2010/05/13 10:01:45 | 000,000,481 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/05/13 09:48:14 | 000,001,561 | ---- | C] () -- C:\windows\WPatchProgress.ini
[2009/08/15 02:35:10 | 000,872,448 | ---- | C] () -- C:\windows\iconv.dll
[2009/08/15 02:35:10 | 000,743,424 | ---- | C] () -- C:\windows\libxml2.dll
[2009/08/15 02:35:08 | 000,000,189 | ---- | C] () -- C:\windows\Prelaunch.ini
[2009/08/15 02:35:08 | 000,000,147 | ---- | C] () -- C:\windows\WisPriority.ini
[2009/08/15 02:35:08 | 000,000,119 | ---- | C] () -- C:\windows\WisLangCode.ini
[2009/08/15 01:42:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2000/10/25 17:15:00 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\Implode.dll

========== LOP Check ==========

[2011/09/14 07:50:43 | 000,000,000 | ---D | M] -- C:\Users\Albright\AppData\Roaming\Autodesk
[2011/09/09 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\Albright\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/14 07:08:25 | 000,000,000 | ---D | M] -- C:\Users\Albright\AppData\Roaming\DAEMON Tools Lite
[2011/12/14 19:52:09 | 000,000,000 | ---D | M] -- C:\Users\Albright\AppData\Roaming\Trimble
[2011/12/15 07:09:02 | 000,000,000 | ---D | M] -- C:\Users\Albright\AppData\Roaming\Trimble Navigation
[2011/07/11 18:52:43 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP