My ISP has sent me multiple warnings of a possible BOT on my computer. I also received an online "DNS switching" alert while visiting a frequented and trusted site.
hijack this gave me a message saying that it could not access host files, therefore, a hijacked DNS would not be fixable. Hijackthis then asked me to run as administrator as a workaround, however, this option is not visible regardless of where I attempt to launch the program. This brought me here...my OTL log follows. Thanks for any assistance when you have a chance! Cheers.
OTL logfile created on: 1/27/2012 3:47:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Media
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 38.58% Memory free
3.99 Gb Paging File | 1.93 Gb Available in Paging File | 48.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.61 Gb Total Space | 70.65 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 1.35 Gb Free Space | 13.27% Space Free | Partition Type: NTFS
Computer Name: MAIN | User Name: Main | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/27 15:46:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Media\OTL.exe
PRC - [2012/01/27 15:33:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Media\HijackThis.exe
PRC - [2012/01/09 12:20:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/17 12:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/12/17 12:15:12 | 004,689,992 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2011/08/17 14:39:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/05 09:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files\SFT\GuardedID\GIDD.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/03/20 07:57:27 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\f5efcf0f-4259-4393-8747-e56eea616980.com
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/05 09:39:54 | 000,336,896 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/01/05 09:39:52 | 000,052,224 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2008/11/28 10:27:11 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/07/03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 14:47:30 | 001,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/03 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/04 11:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/02 15:24:32 | 000,184,320 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/27 07:58:48 | 000,052,736 | ---- | M] () -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/20 22:00:30 | 000,063,488 | ---- | M] () -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/20 22:00:28 | 000,052,224 | ---- | M] () -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/20 22:00:26 | 000,117,760 | ---- | M] () -- C:\Users\Main\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/11 09:03:08 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\10119412ef1e74d19dd37d159f3e9def\System.WorkflowServices.ni.dll
MOD - [2012/01/11 09:02:50 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e67932bb74fcd05c8a8705c9a706b2e5\System.ServiceModel.Web.ni.dll
MOD - [2012/01/11 09:01:27 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
MOD - [2012/01/11 09:01:24 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
MOD - [2012/01/11 09:00:06 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll
MOD - [2012/01/11 09:00:01 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012/01/09 12:20:35 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/17 12:15:16 | 000,091,720 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2011/10/13 05:55:29 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
MOD - [2011/10/13 05:55:27 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll
MOD - [2011/10/13 05:54:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/13 05:54:32 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\22e853d2fe1435baa459685dee7ce7b7\WindowsFormsIntegration.ni.dll
MOD - [2011/10/13 05:54:23 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
MOD - [2011/10/13 05:54:22 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/13 05:54:04 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011/10/13 05:53:29 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll
MOD - [2011/10/13 05:53:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 05:51:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 05:51:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 05:51:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 05:51:11 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011/10/13 05:51:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 05:50:59 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 05:50:44 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 05:50:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 05:50:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 05:49:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/09/13 09:40:16 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/06/12 14:32:16 | 000,104,456 | ---- | M] () -- C:\WINDOWS\System32\EasyHook32.dll
MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/11/26 14:47:34 | 000,038,216 | ---- | M] () -- C:\Program Files\Webroot\Washer\Languages\English.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/17 12:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/08/17 14:39:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/10 15:09:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/05 09:39:52 | 000,052,224 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2008/11/28 10:27:11 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/07/06 16:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2006/12/14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006/11/02 15:24:32 | 000,184,320 | ---- | M] (VoyagerSoft, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- (ScReadSpool)
========== Driver Services (SafeList) ==========
DRV - [2011/12/15 18:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120126.003\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 08:09:43 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 08:09:42 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/05 07:00:09 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/05 07:00:09 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/04 05:34:32 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120127.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 05:34:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120127.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/05 09:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/07/03 15:05:51 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
DRV - [2009/06/19 16:02:54 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/03/15 05:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/01/05 09:39:52 | 000,103,936 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/24 20:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/05/22 20:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/25 14:02:04 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/08/21 03:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/07/12 05:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2001/04/13 19:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01)
DRV - [2000/03/17 09:07:42 | 000,011,136 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Softlok.sys -- (SOFTLOK)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://producer.col...ome/default.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...rchSource=3&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.washingto...ports/redskins"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.4
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.9rc4
FF - prefs.js..extensions.enabledItems: [email protected]:0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: idvaultaddin@whitesky:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/27 07:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/27 07:55:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 12:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 16:24:55 | 000,000,000 | ---D | M]
[2008/10/02 11:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Extensions
[2012/01/27 10:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions
[2011/08/25 08:51:22 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/03 16:20:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/24 08:21:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/14 07:16:05 | 000,000,000 | ---D | M] (Plain Text to Link) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21}
[2009/10/31 07:30:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/15 14:12:24 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2011/12/12 18:07:16 | 000,000,000 | ---D | M] (PhZilla) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\[email protected]
[2010/06/13 10:21:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\[email protected]
[2011/10/22 07:57:37 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="Matthew David Kesack" em:description="Upload images from the web directly to your Photobucket account." em:homepageURL="http://www.photobucket.com/" em:iconURL="chrome://photobucket/content/images/pb-logo.png" em:id="[email protected]" em:name="Photobucket Uploader" em:version="1.3.3">) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\[email protected]
[2010/07/15 14:26:29 | 000,000,000 | ---D | M] (Selection Links) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\extensions\[email protected]
[2009/08/01 07:43:29 | 000,002,164 | ---- | M] () -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\searchplugins\bing.xml
[2008/11/24 14:50:50 | 000,000,838 | ---- | M] () -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\searchplugins\conduit.xml
[2009/06/19 16:06:12 | 000,002,399 | ---- | M] () -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\searchplugins\daemon-search.xml
[2009/05/11 14:49:02 | 000,000,961 | ---- | M] () -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\9pt9fy38.default\searchplugins\shareminercom.xml
[2012/01/09 12:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/15 12:56:38 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2012/01/27 07:55:50 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_4_3
() (No name found) -- C:\USERS\MAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PT9FY38.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\MAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PT9FY38.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
() (No name found) -- C:\USERS\MAIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PT9FY38.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/09 12:20:35 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/08/09 05:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2009/03/04 09:10:01 | 000,002,151 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{9709A281-0F0B-0EA7-178C-03DEC4FC736B}] C:\Users\Main\AppData\Roaming\firefox.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [Java Platform SE 6 U7] C:\Users\Main\AppData\Roaming\firefox.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\f5efcf0f-4259-4393-8747-e56eea616980.com (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: coloniallife.com ([clamail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coloniallife.com ([producer] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coloniallife.com ([services2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coloniallife.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: litorders.com ([colonial] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA76CB46-2C32-4956-B29B-876E2B444942}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/05 12:45:51 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7d12c0e3-2dcd-11de-8e19-001e903de10c}\Shell - "" = AutoRun
O33 - MountPoints2\{7d12c0e3-2dcd-11de-8e19-001e903de10c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{ff400a83-5485-11de-8c55-001e903de10c}\Shell - "" = AutoRun
O33 - MountPoints2\{ff400a83-5485-11de-8c55-001e903de10c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/27 15:36:37 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/27 15:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/11 08:34:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 08:34:37 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 08:34:35 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 08:34:31 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 08:34:31 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/06/13 10:12:18 | 008,042,120 | ---- | C] (White Sky, Inc.) -- C:\Program Files\constantguard.exe
[2009/02/22 09:56:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Main\AppData\Roaming\pcouffin.sys
[2007/07/13 13:36:22 | 000,220,184 | ---- | C] ( ) -- C:\Users\Main\AppData\Local\Interop.Microsoft.Office.Core.dll
[2005/12/13 16:12:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Users\Main\AppData\Local\stdole.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/27 15:36:37 | 000,001,946 | ---- | M] () -- C:\Users\Main\Desktop\HiJackThis.lnk
[2012/01/27 13:56:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 13:56:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 10:27:07 | 000,167,936 | ---- | M] () -- C:\Users\Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/27 07:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 07:55:20 | 2011,615,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/26 16:57:28 | 000,062,787 | ---- | M] () -- C:\Users\Main\Desktop\lincoln-stretch-limo.jpg
[2012/01/26 08:12:55 | 000,009,768 | ---- | M] () -- C:\Users\Main\Desktop\JWA Logan Dec.pdf
[2012/01/26 08:12:25 | 000,009,584 | ---- | M] () -- C:\Users\Main\Desktop\JWA Jenkins Dec.pdf
[2012/01/26 08:11:54 | 000,009,620 | ---- | M] () -- C:\Users\Main\Desktop\JWA Rogers Dec.pdf
[2012/01/23 13:14:08 | 000,305,017 | ---- | M] () -- C:\Users\Main\Desktop\JWA Donald Rogers.pdf
[2012/01/23 13:13:20 | 000,303,186 | ---- | M] () -- C:\Users\Main\Desktop\JWA Anthony Jenkins.pdf
[2012/01/22 14:37:53 | 000,001,176 | ---- | M] () -- C:\Users\Main\AppData\Roaming\vso_ts_preview.xml
[2012/01/11 08:12:06 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/11 08:12:06 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/06 16:02:44 | 008,345,469 | ---- | M] () -- C:\Users\Main\Desktop\Good Rats - Tasty (probably the Best Song in the world....)-1.flv
[2012/01/06 10:27:54 | 018,598,280 | ---- | M] () -- C:\Users\Main\Desktop\Steve Goodman - Momma Don_t Allow It.flv
[2011/12/29 07:07:58 | 000,000,936 | ---- | M] () -- C:\Users\Main\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/27 15:36:37 | 000,001,946 | ---- | C] () -- C:\Users\Main\Desktop\HiJackThis.lnk
[2012/01/26 16:57:38 | 000,062,787 | ---- | C] () -- C:\Users\Main\Desktop\lincoln-stretch-limo.jpg
[2012/01/26 08:12:55 | 000,009,768 | ---- | C] () -- C:\Users\Main\Desktop\JWA Logan Dec.pdf
[2012/01/26 08:12:25 | 000,009,584 | ---- | C] () -- C:\Users\Main\Desktop\JWA Jenkins Dec.pdf
[2012/01/26 08:11:54 | 000,009,620 | ---- | C] () -- C:\Users\Main\Desktop\JWA Rogers Dec.pdf
[2012/01/23 13:14:08 | 000,305,017 | ---- | C] () -- C:\Users\Main\Desktop\JWA Donald Rogers.pdf
[2012/01/23 13:13:20 | 000,303,186 | ---- | C] () -- C:\Users\Main\Desktop\JWA Anthony Jenkins.pdf
[2012/01/06 16:02:01 | 008,345,469 | ---- | C] () -- C:\Users\Main\Desktop\Good Rats - Tasty (probably the Best Song in the world....)-1.flv
[2012/01/06 10:24:45 | 018,598,280 | ---- | C] () -- C:\Users\Main\Desktop\Steve Goodman - Momma Don_t Allow It.flv
[2011/12/29 07:07:57 | 000,000,936 | ---- | C] () -- C:\Users\Main\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/06/21 14:07:42 | 000,065,536 | ---- | C] () -- C:\Program Files\ice_jniregistry.dll
[2011/05/18 18:43:17 | 000,001,940 | ---- | C] () -- C:\Users\Main\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/14 07:09:56 | 000,001,860 | ---- | C] () -- C:\Program Files\Recipe Keeper Plus 8.2.lnk
[2011/01/24 15:43:06 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2010/07/25 11:50:28 | 000,000,120 | ---- | C] () -- C:\Users\Main\AppData\Roaming\FixVTS.ini
[2010/03/01 10:41:08 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/01/02 14:23:51 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/09/24 17:35:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 17:35:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 09:49:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/09/15 08:36:59 | 000,023,888 | ---- | C] () -- C:\Users\Main\AppData\Roaming\UserTile.png
[2009/09/15 07:42:08 | 000,191,488 | ---- | C] () -- C:\Windows\System32\ProfMan.dll
[2009/09/08 06:01:51 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/19 14:37:56 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/06/12 14:32:16 | 000,104,456 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2009/03/27 15:09:02 | 000,001,652 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009/03/27 13:40:18 | 000,000,148 | ---- | C] () -- C:\Users\Main\AppData\Roaming\default.rss
[2009/03/23 17:10:10 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/23 17:10:05 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/03/23 17:10:04 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/23 17:01:54 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/23 17:01:53 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/23 15:50:20 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/03/16 15:38:25 | 000,000,062 | ---- | C] () -- C:\Windows\MyProg.ini
[2009/03/11 21:23:14 | 000,000,477 | ---- | C] () -- C:\Program Files\outdated.dat
[2009/03/11 21:23:12 | 001,079,403 | ---- | C] () -- C:\Program Files\JDownloader.jar
[2009/03/11 21:23:12 | 000,034,816 | ---- | C] () -- C:\Program Files\JDownloader.exe
[2009/03/07 10:50:28 | 000,011,136 | ---- | C] () -- C:\Windows\System32\drivers\Softlok.sys
[2009/02/22 09:57:39 | 000,001,176 | ---- | C] () -- C:\Users\Main\AppData\Roaming\vso_ts_preview.xml
[2009/02/22 09:56:30 | 000,087,608 | ---- | C] () -- C:\Users\Main\AppData\Roaming\inst.exe
[2009/02/22 09:56:30 | 000,007,887 | ---- | C] () -- C:\Users\Main\AppData\Roaming\pcouffin.cat
[2009/02/22 09:56:30 | 000,001,144 | ---- | C] () -- C:\Users\Main\AppData\Roaming\pcouffin.inf
[2009/02/22 07:39:47 | 000,212,992 | ---- | C] () -- C:\Windows\ALCHUNIN.EXE
[2009/02/20 10:00:46 | 000,000,173 | ---- | C] () -- C:\Windows\SQ.INI
[2009/02/08 14:08:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2009/01/29 08:36:07 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/01/13 15:00:26 | 000,000,310 | ---- | C] () -- C:\Users\Main\AppData\Roaming\wklnhst.dat
[2008/11/05 16:13:10 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI
[2008/11/04 14:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\MusicStudio.INI
[2008/11/04 14:22:23 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008/11/04 14:21:28 | 000,005,817 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/10/19 07:36:21 | 000,000,022 | ---- | C] () -- C:\Users\Main\AppData\Local\kodakpcd.ini
[2008/10/09 15:21:45 | 000,037,166 | ---- | C] () -- C:\Users\Main\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/10/07 16:25:45 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/10/03 13:12:03 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/10/02 17:49:16 | 000,167,936 | ---- | C] () -- C:\Users\Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 15:50:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/02 11:50:31 | 000,000,680 | ---- | C] () -- C:\Users\Main\AppData\Local\d3d9caps.dat
[2008/10/02 11:30:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/05 12:46:06 | 000,691,481 | ---- | C] () -- C:\Windows\unins000.exe
[2008/05/05 12:46:06 | 000,001,446 | ---- | C] () -- C:\Windows\unins000.dat
[2008/05/05 12:30:59 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/05/05 12:30:59 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/04/24 13:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006/12/05 03:27:04 | 000,184,320 | ---- | C] () -- C:\Windows\System32\SatSrv.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,438,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/03 00:00:00 | 000,000,202 | ---- | C] () -- C:\Program Files\attr_example.lst
[2001/02/26 13:01:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\msasf.exe
[2000/07/14 23:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997/10/06 20:22:28 | 000,033,024 | ---- | C] () -- C:\Program Files\JOIN16.EXE
[1997/10/06 20:15:48 | 000,045,056 | ---- | C] () -- C:\Program Files\Join32.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:5FE21F898D476741
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:C647387D
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:0295CBF7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:526199B2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6971CCC5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BFE23423
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B3D74A13
< End of report >