[code] OTScanIt2 logfile created on: 12/12/2008 11:23:40 AM - Run 1 OTScanIt2 by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\bob thomas\Desktop\OTScanIt2 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.71% Memory free 3.84 Gb Paging File | 3.42 Gb Available in Paging File | 89.01% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.75 Gb Total Space | 65.53 Gb Free Space | 45.58% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BOB Current User Name: bob thomas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 90 Days [Processes - Safe List] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> [2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) avgam.exe -> %ProgramFiles%\AVG\AVG8\avgam.exe -> [2008/12/10 22:35:23 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/12/10 22:35:23 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> [2008/12/10 22:35:26 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2008/12/10 22:35:26 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> [2008/12/10 22:42:23 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/12/10 22:35:22 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> [2005/12/19 13:08:40 | 01,200,128 | ---- | M] (Dell Inc.) dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 00:06:00 | 00,024,576 | ---- | M] (BVRP Software) dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [2005/01/26 23:02:00 | 00,086,016 | ---- | M] () dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> [2006/08/28 19:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2006/11/28 07:25:00 | 00,236,544 | ---- | M] (Google) googledesktopindex.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIndex.exe -> [2006/11/28 07:25:00 | 00,785,920 | ---- | M] (Google) hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2005/12/13 07:41:08 | 00,077,824 | ---- | M] (Intel Corporation) hotsync.exe -> %ProgramFiles%\Palm\HOTSYNC.EXE -> [2003/03/17 17:50:26 | 00,299,008 | ---- | M] (Palm, Inc.) igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/12/13 07:45:00 | 00,118,784 | ---- | M] (Intel Corporation) igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/12/13 07:41:00 | 00,159,744 | ---- | M] (Intel Corporation) isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> [2006/11/09 15:07:30 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) lxdiamon.exe -> %ProgramFiles%\Lexmark 3500-4500 Series\lxdiamon.exe -> [2007/03/05 04:40:25 | 00,020,480 | ---- | M] (Lexmark) lxdicoms.exe -> %SystemRoot%\system32\lxdicoms.exe -> [2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) netwaiting.exe -> %ProgramFiles%\NetWaiting\netwaiting.exe -> [2003/09/10 00:24:00 | 00,020,480 | ---- | M] () otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools) pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> [2007/05/02 17:16:54 | 00,184,320 | ---- | M] (CyberLink Corp.) pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> [2007/03/12 17:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> [2007/03/12 17:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [2006/08/03 16:51:42 | 01,032,192 | ---- | M] (Dell Inc) realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2007/09/16 16:58:54 | 00,185,632 | ---- | M] (RealNetworks, Inc.) sqlmangr.exe -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 20:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) sqlservr.exe -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -> [2005/05/03 22:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) stsystra.exe -> %SystemRoot%\stsystra.exe -> [2006/03/24 21:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/03/16 22:15:35 | 01,251,720 | ---- | M] () syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2006/03/08 16:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2004/12/05 23:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> [2005/12/19 13:08:42 | 01,347,584 | ---- | M] (Dell Inc.) wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2005/12/19 13:08:42 | 00,018,944 | ---- | M] () wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 16:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) zunebusenum.exe -> %SystemRoot%\system32\ZuneBusEnum.exe -> [2008/01/11 17:54:42 | 00,061,856 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/12/10 22:35:23 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/12/10 22:35:22 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopManager.exe -> [2006/11/28 07:25:00 | 00,086,528 | ---- | M] (Google) (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/02/24 14:43:43 | 00,138,168 | ---- | M] (Google) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> [2007/03/12 17:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) (lxdiCATSCustConnectService) lxdiCATSCustConnectService [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxdiserv.exe -> [2007/04/26 07:38:21 | 00,099,248 | ---- | M] (Lexmark International, Inc.) (lxdi_device) lxdi_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lxdicoms.exe -> [2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) (MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) (MSSQL$MICROSOFTSMLBIZ) MSSQL$MICROSOFTSMLBIZ [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -> [2005/05/03 22:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) (MSSQLServerADHelper) MSSQLServerADHelper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -> [2005/05/03 20:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) (QBFCService) Intuit QuickBooks FCS [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> [2006/09/16 21:08:00 | 00,071,184 | ---- | M] (Intuit Inc.) (Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> [2007/07/24 04:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) (Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> [2007/07/24 04:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) (RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> [2007/08/16 07:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) (RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2007/08/16 07:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) (RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2007/08/16 07:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) (SQLAgent$MICROSOFTSMLBIZ) SQLAgent$MICROSOFTSMLBIZ [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -> [2005/05/03 19:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/03/16 22:15:35 | 01,251,720 | ---- | M] () (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2005/12/19 13:08:42 | 00,018,944 | ---- | M] () (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) (ZuneBusEnum) Zune Bus Enumerator [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZuneBusEnum.exe -> [2008/01/11 17:54:42 | 00,061,856 | ---- | M] (Microsoft Corporation) (ZuneNetworkSvc) Zune Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Zune\ZuneNss.exe -> [2008/01/11 17:55:38 | 02,138,528 | ---- | M] (Microsoft Corporation) (ZuneWlanCfgSvc) Zune Wireless Configuration Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ZuneWlanCfgSvc.exe -> [2008/01/11 17:54:58 | 00,245,664 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> [2004/10/07 17:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2005/08/12 15:50:46 | 00,016,128 | ---- | M] (Dell Inc) (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/12/10 22:35:40 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/12/10 22:35:38 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgRkx86) avgrkx86.sys [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\avgrkx86.sys -> [2008/12/10 22:35:41 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgTdiX) AVG8 Network Redirector [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008/12/10 22:35:40 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> [2005/11/02 17:24:34 | 00,424,320 | ---- | M] (Broadcom Corporation) (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2006/08/25 05:23:08 | 00,044,544 | ---- | M] (Broadcom Corporation) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2004/12/01 01:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) (drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2004/11/23 00:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) (DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> [2006/01/10 09:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 10:12:10 | 00,117,760 | ---- | M] (Intel Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2007/02/06 01:00:00 | 00,383,800 | ---- | M] (Symantec Corporation) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DPV.sys -> [2005/12/01 05:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWAZL.sys -> [2005/12/01 05:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2005/12/13 08:09:34 | 01,364,574 | ---- | M] (Intel Corporation) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2005/10/05 02:57:08 | 00,012,544 | ---- | M] (Conexant) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 14:46:00 | 00,017,153 | ---- | M] (Dell Inc) (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> [2003/03/17 17:50:46 | 00,016,509 | ---- | M] (Palm, Inc.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2007/05/01 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> [2005/07/14 21:58:14 | 00,028,544 | ---- | M] (REDC) (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> [2005/07/12 22:00:30 | 00,051,328 | ---- | M] (REDC) (RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RimUsb.sys -> [2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) (RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RimSerial.sys -> [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) (rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> [2005/07/14 20:28:38 | 00,307,968 | ---- | M] (REDC) (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rootmdm.sys -> [2004/08/04 03:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) (sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 10:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sffdisk) SFF Storage Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffdisk.sys -> [2008/04/13 10:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) (sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffp_sd.sys -> [2008/04/13 10:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2004/07/14 09:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) (ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2004/07/14 09:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2006/03/24 21:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2006/11/28 07:22:44 | 00,010,344 | ---- | M] (Symantec Corporation) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2006/03/08 16:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) (tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2004/12/05 23:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) (tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2004/12/05 23:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) (tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2004/12/05 23:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) (tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2004/12/05 23:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) (tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2004/12/05 23:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) (tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2004/12/05 23:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) (tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2004/12/05 23:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) (tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2004/12/05 23:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2004/12/05 23:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) (Wdf01000) Wdf01000 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdf01000.sys -> [2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> [2005/12/01 05:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) (WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wmiacpi.sys -> [2008/04/13 10:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 03:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) (zumbus) Zune Bus Enumerator Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\zumbus.sys -> [2008/01/11 17:39:34 | 00,040,832 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.dell.com -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.dell.com -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128 -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us -> HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128 -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.coaxis-asp.net/ -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\bob thomas\Application Data\Mozilla\FireFox\Profiles\ejk4kbdv.default\prefs.js -> browser.startup.homepage -> "http://www.kineticdiecasting.com" -> browser.startup.homepage_override.mstone -> "rv:1.8.1.18" -> < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2008/12/10 22:35:26 | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> [2004/05/12 01:03:00 | 00,744,960 | ---- | M] (Safer Networking Limited) {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2004/12/05 23:05:00 | 00,118,842 | ---- | M] (Sonic Solutions) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> [2006/11/09 15:21:52 | 00,440,056 | ---- | M] (Sun Microsystems, Inc.) {8041E642-8CFC-4720-BC9D-D2DB8904286F} [HKLM] -> %ProgramFiles%\QdrDrive\QdrDrive12.dll [BndFibu7 IE Helper] -> File not found {A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008/12/10 22:35:30 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/01/19 23:55:32 | 02,403,392 | R--- | M] (Google Inc.) {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/11/17 09:46:38 | 00,098,304 | ---- | M] (Dell Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 23:55:32 | 02,403,392 | R--- | M] (Google Inc.) "{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008/12/10 22:35:30 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 23:55:32 | 02,403,392 | R--- | M] (Google Inc.) WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 23:55:32 | 02,403,392 | R--- | M] (Google Inc.) WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found "Adobe Photo Downloader" -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> [2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) "Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) "AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2008/12/10 22:42:23 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) "Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> [2005/12/19 13:08:42 | 01,347,584 | ---- | M] (Dell Inc.) "Dell QuickSet" -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2006/08/03 16:51:42 | 01,032,192 | ---- | M] (Dell Inc) "dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2004/12/05 23:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) "DMXLauncher" -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2005/01/26 23:02:00 | 00,086,016 | ---- | M] () "FaxCenterServer" -> ["C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s] -> File not found "Google Desktop Search" -> ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found "igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/12/13 07:41:08 | 00,077,824 | ---- | M] (Intel Corporation) "igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/12/13 07:45:00 | 00,118,784 | ---- | M] (Intel Corporation) "igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/12/13 07:44:18 | 00,098,304 | ---- | M] (Intel Corporation) "ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) "ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2006/09/11 03:40:34 | 00,086,960 | ---- | M] (Macrovision Corporation) "lxdiamon" -> %ProgramFiles%\Lexmark 3500-4500 Series\lxdiamon.exe ["C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"] -> [2007/03/05 04:40:25 | 00,020,480 | ---- | M] (Lexmark) "lxdimon.exe" -> %ProgramFiles%\Lexmark 3500-4500 Series\lxdimon.exe ["C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"] -> [2007/05/07 10:07:08 | 00,435,120 | ---- | M] () "PCMService" -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/05/02 17:16:54 | 00,184,320 | ---- | M] (CyberLink Corp.) "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/11/28 07:19:51 | 00,098,304 | ---- | M] (Apple Computer, Inc.) "RoxWatchTray" -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> [2007/08/16 07:56:14 | 00,236,016 | ---- | M] (Sonic Solutions) "SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2006/03/24 21:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe ["C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"] -> [2006/11/09 15:07:30 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) "Symantec PIF AlertEng" -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> [2007/03/12 17:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) "SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/08 16:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) "TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2007/09/16 16:58:54 | 00,185,632 | ---- | M] (RealNetworks, Inc.) "vdrdpup" -> %SystemRoot%\system32\vdrdpup.dll [C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\vdrdpup.dll,RegisterVirtualChannel] -> [2006/03/17 10:37:26 | 00,094,208 | ---- | M] (Emergent OnLine) "Zune Launcher" -> %ProgramFiles%\Zune\ZuneLauncher.exe ["c:\Program Files\Zune\ZuneLauncher.exe"] -> [2008/01/11 17:54:52 | 00,166,304 | ---- | M] (Microsoft Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DellSupport" -> ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> File not found "ISUSPM" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) "ModemOnHold" -> %ProgramFiles%\NetWaiting\netwaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe] -> [2003/09/10 00:24:00 | 00,020,480 | ---- | M] () "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Desktop Manager.lnk -> %ProgramFiles%\Research In Motion\BlackBerry\DesktopMgr.exe -> [2007/08/17 08:14:08 | 01,447,184 | ---- | M] (Research In Motion Limited) %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 00:06:00 | 00,024,576 | ---- | M] (BVRP Software) %AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2006/09/19 10:36:08 | 00,960,032 | ---- | M] (Intuit Inc.) %AllUsersProfile%\Start Menu\Programs\Startup\Service Manager.lnk -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 20:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) < bob thomas Startup Folder > -> C:\Documents and Settings\bob thomas\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Desktop Manager.lnk -> %ProgramFiles%\Research In Motion\BlackBerry\DesktopMgr.exe -> [2007/08/17 08:14:08 | 01,447,184 | ---- | M] (Research In Motion Limited) %UserProfile%\Start Menu\Programs\Startup\HotSync Manager.lnk -> %ProgramFiles%\Palm\HOTSYNC.EXE -> [2003/03/17 17:50:26 | 00,299,008 | ---- | M] (Palm, Inc.) < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"DisableTaskMgr" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableTaskMgr" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2005/05/26 23:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Menu: Sun Java Console] -> [2006/11/09 15:21:53 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 20:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> [2006/11/09 15:21:53 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 20:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {240EEE8D-91DB-4D74-A87E-671026601333} [HKLM] -> https://www.coaxis-asp.net/eolupcli.cab[EOLUP.Version] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {7584C670-2274-4EFB-B00B-D6AABA6D3850} [HKLM] -> https://www.coaxis-asp.net/msrdp.cab[Microsoft RDP Client Control (redist)] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {24F34B25-7F54-44F1-AAD5-BC03F49F7FC1} -> (Dell Wireless 1390 WLAN Mini-Card) -> {4A6E9025-32BC-4F72-9C9A-FA039BA5609A} -> (1394 Net Adapter) -> {63115C0A-E209-4B5A-A86B-BDC0769442EB} -> (Broadcom 440x 10/100 Integrated Controller) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2006/11/28 07:25:00 | 00,164,864 | ---- | M] (Google) avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %SystemRoot%\system32\avgrsstx.dll -> [2008/12/10 22:35:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\mgmrwmrv.exe -> %SystemRoot%\system32\mgmrwmrv.exe -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *UserInit* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> -> -> File not found C:\WINDOWS\system32\mgmrwmrv.exe -> %SystemRoot%\system32\mgmrwmrv.exe -> File not found *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/12/13 07:40:12 | 00,139,264 | ---- | M] (Intel Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" -> C:\Program Files\Lexmark 3500-4500 Series\App4R.exe [C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio] -> [2007/05/07 10:07:22 | 00,029,616 | ---- | M] () < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\bob thomas\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe" -> C:\Documents and Settings\bob thomas\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe [C:\Documents and Settings\bob thomas\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:*:Enabled: ] -> File not found "C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" -> C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe [C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader] -> [2007/02/05 23:07:14 | 01,171,456 | ---- | M] (ABBYY (BIT Software)) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\AVG\AVG8\avgam.exe" -> C:\Program Files\AVG\AVG8\avgam.exe [C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe] -> [2008/12/10 22:35:23 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2008/12/10 22:35:23 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2008/12/10 22:35:26 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008/12/10 22:35:25 | 00,652,056 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Dell\MediaDirect\PCMService.exe" -> C:\Program Files\Dell\MediaDirect\PCMService.exe [C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program] -> [2007/05/02 17:16:54 | 00,184,320 | ---- | M] (CyberLink Corp.) "C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" -> C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager] -> [2006/09/13 10:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) "C:\Program Files\Lexmark 3500-4500 Series\App4r.exe" -> C:\Program Files\Lexmark 3500-4500 Series\App4R.exe [C:\Program Files\Lexmark 3500-4500 Series\App4r.exe:*:Enabled:Lexmark Imaging Studio] -> [2007/05/07 10:07:22 | 00,029,616 | ---- | M] () "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" -> C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor] -> [2007/03/05 04:40:25 | 00,020,480 | ---- | M] (Lexmark) "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" -> C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor] -> [2007/05/07 10:07:08 | 00,435,120 | ---- | M] () "C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe" -> C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe [C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software] -> [2007/05/07 10:10:20 | 00,717,744 | ---- | M] () "C:\WINDOWS\system32\lxdicfg.exe" -> C:\WINDOWS\system32\lxdicfg.exe [C:\WINDOWS\system32\lxdicfg.exe:*:Enabled:Printer Communication System] -> [2007/04/26 07:38:36 | 00,340,912 | ---- | M] ( ) "C:\WINDOWS\system32\lxdicoms.exe" -> C:\WINDOWS\system32\lxdicoms.exe [C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System] -> [2007/04/26 07:38:38 | 00,517,040 | ---- | M] ( ) "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface] -> [2007/04/26 07:38:47 | 00,398,256 | ---- | M] () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface] -> [2007/04/26 07:38:45 | 00,291,760 | ---- | M] () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable] -> [2007/04/26 07:38:31 | 00,082,864 | ---- | M] (Lexmark International, Inc.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 10:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 11:04:08 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \E HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell \E\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun \E\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command \E\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found [Registry - Additional Scans - Safe List] < ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2007/05/10 22:54:08 | 00,372,736 | ---- | M] (Adobe Systems, Inc.) < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/13 16:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/04 03:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) .hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2008/04/13 16:12:27 | 00,029,184 | ---- | M] (Microsoft Corporation) .html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/11/14 17:32:02 | 07,676,528 | ---- | M] (Mozilla Corporation) .inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 16:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 16:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/04/13 16:12:41 | 00,155,648 | ---- | M] (Microsoft Corporation) .jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/04/13 16:12:41 | 00,155,648 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/13 16:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) .scr [@ = scrfile] -> "%1" /S -> .txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 16:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/04/13 16:12:41 | 00,155,648 | ---- | M] (Microsoft Corporation) .vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/04/13 16:12:41 | 00,155,648 | ---- | M] (Microsoft Corporation) .wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/04/13 16:12:41 | 00,155,648 | ---- | M] (Microsoft Corporation) .wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/04/13 16:12:41 | 00,155,648 | ---- | M] (Microsoft Corporation) < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> [] -> AppMgmt -> C:\WINDOWS\System32\appmgmts.dll [C:\WINDOWS\System32\appmgmts.dll] -> File not found HidServ -> C:\WINDOWS\System32\hidserv.dll [C:\WINDOWS\System32\hidserv.dll] -> File not found Ias -> [] -> Iprip -> [] -> Irmon -> [] -> NWCWorkstation -> [] -> Nwsapagent -> [] -> Wmi -> [] -> WmdmPmSp -> [] -> helpsvc -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll] -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL[Reg Error: Value does not exist or could not be read.] -> [2003/07/14 20:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ic32pp:{BBCA9F81-8F4F-11D2-90FF-0080C83D3571} [HKLM] -> %SystemRoot%\wc98pp.dll[Reg Error: Value does not exist or could not be read.] -> File not found ipp: [HKLM] -> No CLSID value ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 00:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> [2008/12/10 22:35:30 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) msdaipp: [HKLM] -> No CLSID value msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 00:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2003/07/11 00:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\MSITSS.DLL[Microsoft Infotech Storage Protocol for IE 4.0] -> [2000/04/19 16:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2005/04/25 11:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group SCSI Class -> Driver Group sermouse.sys -> Driver System Bus Extender -> Driver Group vds -> Service vga.sys -> Driver < SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E972-E325-11CE-BFC1-08002BE10318} -> Net {4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient {4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService {4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) NDIS Wrapper -> Driver Group NetBIOSGroup -> Driver Group NetDDEGroup -> Driver Group Network -> Driver Group NetworkProvider -> Driver Group PCI Configuration -> Driver Group PNP Filter -> Driver Group PNP_TDI -> Driver Group Primary disk -> Driver Group rdpdd.sys -> %SystemRoot%\System32\rdpdd.dll -> [2008/04/13 16:13:22 | 00,092,424 | ---- | M] (Microsoft Corporation) SCSI Class -> Driver Group sermouse.sys -> Driver Streams Drivers -> Driver Group System Bus Extender -> Driver Group TDI -> Driver Group vga.sys -> Driver < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> "BootExecute" -> autocheck autochk *; -> "ExcludeFromKnownDlls" -> -> *ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> \Windows -> -> File not found \RPC Control -> -> File not found *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> "ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/13 16:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) "TEMP" -> %SystemRoot%\TEMP -> "TMP" -> %SystemRoot%\TEMP -> "windir" -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32 -> %SystemRoot%\system32 -> [2008/12/12 00:20:42 | 00,000,000 | ---D | M] %SystemRoot% -> %SystemRoot% -> [2008/12/12 07:34:53 | 00,000,000 | ---D | M] %SystemRoot%\System32\Wbem -> %SystemRoot%\system32\wbem -> [2008/12/11 22:50:56 | 00,000,000 | ---D | M] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn -> [2006/11/28 07:32:12 | 00,000,000 | ---D | M] C:\Program Files\Common Files\Roxio Shared\DLLShared\ -> %CommonProgramFiles%\Roxio Shared\DLLShared -> [2008/08/17 13:19:39 | 00,000,000 | ---D | M] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ -> %CommonProgramFiles%\Roxio Shared\9.0\DLLShared -> [2008/08/17 13:16:14 | 00,000,000 | ---D | M] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> File not found .EXE -> -> File not found .BAT -> -> File not found .CMD -> -> File not found .VBS -> -> File not found .VBE -> -> File not found .JS -> -> File not found .JSE -> -> File not found .WSF -> -> File not found .WSH -> -> File not found *MultiFile Done* -> -> < Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> < Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> "advapi32" -> C:\WINDOWS\system32\advapi32.dll -> [2008/04/13 16:11:48 | 00,617,472 | ---- | M] (Microsoft Corporation) "comdlg32" -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/13 16:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation) "DllDirectory" -> C:\WINDOWS\system32 -> [2008/12/12 00:20:42 | 00,000,000 | ---D | M] "gdi32" -> C:\WINDOWS\system32\gdi32.dll -> [2008/10/23 04:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) "imagehlp" -> C:\WINDOWS\system32\imagehlp.dll -> [2008/04/13 16:11:54 | 00,144,384 | ---- | M] (Microsoft Corporation) "kernel32" -> C:\WINDOWS\system32\kernel32.dll -> [2008/04/13 16:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) "lz32" -> C:\WINDOWS\system32\lz32.dll -> [2004/08/04 03:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation) "ole32" -> C:\WINDOWS\system32\ole32.dll -> [2008/04/13 16:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation) "oleaut32" -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/13 16:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation) "olecli32" -> C:\WINDOWS\system32\olecli32.dll -> [2008/04/13 16:12:02 | 00,074,752 | ---- | M] (Microsoft Corporation) "olecnv32" -> C:\WINDOWS\system32\olecnv32.dll -> [2008/04/13 16:12:02 | 00,037,376 | ---- | M] (Microsoft Corporation) "olesvr32" -> C:\WINDOWS\system32\olesvr32.dll -> [2004/08/04 03:00:00 | 00,022,016 | ---- | M] (Microsoft Corporation) "olethk32" -> C:\WINDOWS\system32\olethk32.dll -> [2004/08/04 03:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) "rpcrt4" -> C:\WINDOWS\system32\rpcrt4.dll -> [2008/04/13 16:12:04 | 00,584,704 | ---- | M] (Microsoft Corporation) "shell32" -> C:\WINDOWS\system32\shell32.dll -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) "url" -> C:\WINDOWS\system32\url.dll -> [2008/04/13 16:12:08 | 00,037,888 | ---- | M] (Microsoft Corporation) "urlmon" -> C:\WINDOWS\system32\urlmon.dll -> [2008/10/15 17:00:11 | 00,619,520 | ---- | M] (Microsoft Corporation) "user32" -> C:\WINDOWS\system32\user32.dll -> [2008/04/13 16:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) "version" -> C:\WINDOWS\system32\version.dll -> [2008/04/13 16:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation) "wininet" -> C:\WINDOWS\system32\wininet.dll -> [2008/10/15 17:00:11 | 00,666,112 | ---- | M] (Microsoft Corporation) "wldap32" -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/13 16:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation) < Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> "CommonFilesDir" -> C:\Program Files\Common Files -> [2008/08/17 13:26:49 | 00,000,000 | ---D | M] "ProgramFilesDir" -> C:\Program Files -> [2008/12/12 00:20:43 | 00,000,000 | R--D | M] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 8/30/2008 2:13:31 AM Computer Name = BOB | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 8/30/2008 2:13:31 AM Computer Name = BOB | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 8/30/2008 2:13:37 AM Computer Name = BOB | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 12/7/2008 12:43:36 AM Computer Name = BOB | Source = Microsoft Office 11 | ID = 1000 -> Description = Faulting application winword.exe, version 11.0.6568.0, stamp 42e178a5, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x00000000. Application [ Error ] 12/9/2008 3:01:51 AM Computer Name = BOB | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.8.20081.2918, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 12/11/2008 3:10:02 AM Computer Name = BOB | Source = Application Hang | ID = 1002 -> Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 12/12/2008 3:04:26 AM Computer Name = BOB | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20081.2918, faulting module unknown, version 0.0.0.0, fault address 0x0000010c. Application [ Error ] 12/12/2008 2:55:32 PM Computer Name = BOB | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20081.2918, faulting module unknown, version 0.0.0.0, fault address 0x0000010e. Application [ Error ] 12/12/2008 2:55:47 PM Computer Name = BOB | Source = Application Error | ID = 1001 -> Description = Fault bucket 1010862393. Application [ Error ] 12/12/2008 3:01:04 PM Computer Name = BOB | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20081.2918, faulting module , version 0.0.0.0, fault address 0x00000000. System [ Error ] 12/12/2008 4:24:13 AM Computer Name = BOB | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService service to connect. System [ Error ] 12/12/2008 4:24:13 AM Computer Name = BOB | Source = Service Control Manager | ID = 7000 -> Description = The lxdiCATSCustConnectService service failed to start due to the following error: %%1053 System [ Error ] 12/12/2008 4:24:20 AM Computer Name = BOB | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.103 for the Network Card with network address 0018F3D66696 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 12/12/2008 4:24:53 AM Computer Name = BOB | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.15.101 for the Network Card with network address 0018F3D66696 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). System [ Error ] 12/12/2008 7:00:13 AM Computer Name = BOB | Source = MRxSmb | ID = 8003 -> Description = The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24F34B25-7F54-44F1-. The master browser is stopping or an election is being forced. System [ Error ] 12/12/2008 7:00:40 AM Computer Name = BOB | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.103 for the Network Card with network address 0018F3D66696 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 12/12/2008 11:35:00 AM Computer Name = BOB | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService service to connect. System [ Error ] 12/12/2008 11:35:00 AM Computer Name = BOB | Source = Service Control Manager | ID = 7000 -> Description = The lxdiCATSCustConnectService service failed to start due to the following error: %%1053 System [ Error ] 12/12/2008 11:35:41 AM Computer Name = BOB | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.15.101 for the Network Card with network address 0018F3D66696 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). System [ Error ] 12/12/2008 1:01:06 PM Computer Name = BOB | Source = Tcpip | ID = 4199 -> Description = The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00:19:DB:04:E4:43. Network operations on this system may be disrupted as a result. [Files/Folders - Created Within 90 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/12 11:12:38 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/12 11:10:46 | 00,647,677 | ---- | C] () GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2008/12/12 10:27:29 | 00,090,112 | ---- | C] () HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2008/12/12 08:48:23 | 00,401,720 | ---- | C] (Trend Micro Inc.) Tools -> %UserProfile%\Desktop\Tools -> [2008/12/12 00:14:26 | 00,000,000 | ---D | C] Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/12 00:11:17 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/12 00:11:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/12 00:11:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/12 00:11:12 | 00,000,000 | ---D | C] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/12 00:11:12 | 00,000,000 | ---D | C] ERDNT -> %SystemRoot%\ERDNT -> [2008/12/12 00:08:01 | 00,000,000 | ---D | C] ERUNT -> %ProgramFiles%\ERUNT -> [2008/12/12 00:07:13 | 00,000,000 | ---D | C] Prefetch -> %SystemRoot%\Prefetch -> [2008/12/11 22:51:28 | 00,000,000 | ---D | C] scripting -> %SystemRoot%\System32\scripting -> [2008/12/11 22:42:22 | 00,000,000 | ---D | C] l2schemas -> %SystemRoot%\l2schemas -> [2008/12/11 22:42:22 | 00,000,000 | ---D | C] en-us -> %SystemRoot%\System32\en-us -> [2008/12/11 22:42:22 | 00,000,000 | ---D | C] en -> %SystemRoot%\System32\en -> [2008/12/11 22:42:21 | 00,000,000 | ---D | C] bits -> %SystemRoot%\System32\bits -> [2008/12/11 22:42:21 | 00,000,000 | ---D | C] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2008/12/11 22:39:38 | 00,000,000 | ---D | C] network diagnostic -> %SystemRoot%\network diagnostic -> [2008/12/11 22:36:54 | 00,000,000 | ---D | C] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2008/12/11 22:32:54 | 00,000,000 | -H-D | C] EHome -> %SystemRoot%\EHome -> [2008/12/11 22:32:53 | 00,000,000 | ---D | C] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [2008/12/10 23:46:23 | 00,000,000 | -H-D | C] avgrkx86.sys -> %SystemRoot%\System32\drivers\avgrkx86.sys -> [2008/12/10 22:35:41 | 00,012,936 | ---- | C] (AVG Technologies CZ, s.r.o.) avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2008/12/10 22:35:41 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2008/12/10 22:35:40 | 00,098,440 | ---- | C] (AVG Technologies CZ, s.r.o.) avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2008/12/10 22:35:40 | 00,090,632 | ---- | C] (AVG Technologies CZ, s.r.o.) incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008/12/10 22:35:31 | 30,697,890 | ---- | C] () avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2008/12/10 22:35:31 | 06,061,540 | ---- | C] () miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008/12/10 22:35:31 | 00,334,743 | ---- | C] () microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008/12/10 22:35:31 | 00,089,309 | ---- | C] () AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [2008/12/10 22:35:31 | 00,000,000 | ---D | C] Avg -> %SystemRoot%\System32\drivers\Avg -> [2008/12/10 22:35:31 | 00,000,000 | ---D | C] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [2008/12/10 22:35:21 | 00,000,000 | ---D | C] AVG -> %ProgramFiles%\AVG -> [2008/12/10 22:35:21 | 00,000,000 | ---D | C] 40 Die Casting Part Articles -> %UserProfile%\Desktop\40 Die Casting Part Articles -> [2008/12/08 21:27:24 | 00,000,000 | ---D | C] Gingerbread and Family Pics 197.JPG -> %UserProfile%\Desktop\Gingerbread and Family Pics 197.JPG -> [2008/12/04 13:07:54 | 00,016,944 | ---- | C] () Gingerbread and Family Pics 209.JPG -> %UserProfile%\Desktop\Gingerbread and Family Pics 209.JPG -> [2008/12/04 12:45:35 | 00,022,168 | ---- | C] () Due Diligence checklist bt.xls -> %UserProfile%\My Documents\Due Diligence checklist bt.xls -> [2008/11/20 10:46:01 | 00,020,992 | ---- | C] () chores2.xls -> %UserProfile%\My Documents\chores2.xls -> [2008/11/15 21:19:14 | 00,019,968 | ---- | C] () mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/12 21:03:58 | 00,455,296 | ---- | C] (Microsoft Corporation) Speed Golfing.pdf -> %UserProfile%\My Documents\Speed Golfing.pdf -> [2008/11/09 09:13:30 | 01,112,705 | ---- | C] () netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/23 18:10:14 | 00,337,408 | ---- | C] (Microsoft Corporation) gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 04:36:14 | 00,286,720 | ---- | C] (Microsoft Corporation) QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/10/14 20:24:30 | 00,054,156 | -H-- | C] () QTFont.for -> %SystemRoot%\QTFont.for -> [2008/10/14 20:24:30 | 00,001,409 | ---- | C] () srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/14 15:24:11 | 00,333,824 | ---- | C] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/14 15:24:07 | 01,846,400 | ---- | C] (Microsoft Corporation) ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/14 15:24:02 | 02,145,280 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/14 15:24:00 | 02,189,184 | ---- | C] (Microsoft Corporation) ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/14 15:23:58 | 02,023,936 | ---- | C] (Microsoft Corporation) ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/14 15:23:56 | 02,066,048 | ---- | C] (Microsoft Corporation) Delmar pc -> %UserProfile%\Desktop\Delmar pc -> [2008/10/08 18:50:00 | 00,000,000 | ---D | C] U3 -> %AppData%\U3 -> [2008/10/08 18:28:17 | 00,000,000 | ---D | C] msxml4.dll -> %SystemRoot%\System32\msxml4.dll -> [2008/09/30 16:43:34 | 01,286,152 | ---- | C] (Microsoft Corporation) 07 Personal Tax Return -> %UserProfile%\My Documents\07 Personal Tax Return -> [2008/09/29 06:38:04 | 00,000,000 | ---D | C] New Microsoft Word Document.doc -> %UserProfile%\Desktop\New Microsoft Word Document.doc -> [2008/09/28 14:28:52 | 00,026,112 | ---- | C] () [Files/Folders - Modified Within 90 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2006/11/28 07:25:00 | 00,000,000 | ---D | M] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/11 23:03:21 | 00,005,391 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/11 23:03:21 | 00,004,232 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2006/12/04 23:03:40 | 00,000,000 | ---D | M] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2006/12/04 23:04:04 | 00,011,076 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting -> [2006/11/28 07:31:49 | 00,000,000 | ---D | M] GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\GridLayout.dat -> [2005/09/16 09:05:20 | 00,101,321 | ---- | M] () pa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\pa.dat -> [2005/09/16 09:05:20 | 00,000,000 | ---- | M] () C:\Documents and Settings\bob thomas\Local Settings\Temp\ -> C:\Documents and Settings\bob thomas\Local Settings\Temp -> [2008/12/12 11:12:57 | 00,000,000 | ---D | M] ycomp_setup.exe -> C:\Documents and Settings\bob thomas\Local Settings\Temp\ycomp_setup.exe -> [2007/01/09 15:09:00 | 01,636,376 | ---- | M] () 15 C:\Documents and Settings\bob thomas\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\bob thomas\Local Settings\Temp\*.tmp -> C:\Documents and Settings\bob thomas\Local Settings\Temp\ -> C:\Documents and Settings\bob thomas\Local Settings\Temp -> [2008/12/12 11:12:57 | 00,000,000 | ---D | M] uninst.dll -> C:\Documents and Settings\bob thomas\Local Settings\Temp\uninst.dll -> [2004/09/01 10:56:56 | 00,114,688 | ---- | M] () 15 C:\Documents and Settings\bob thomas\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\bob thomas\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/12 11:25:45 | 00,000,000 | ---D | M] Perflib_Perfdata_b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b4.dat -> [2008/12/12 07:33:49 | 00,016,384 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/12 11:10:43 | 00,647,677 | ---- | M] () GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2008/12/12 10:26:59 | 00,090,112 | ---- | M] () HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2008/12/12 08:48:24 | 00,401,720 | ---- | M] (Trend Micro Inc.) pool.bin -> %SystemRoot%\System32\pool.bin -> [2008/12/12 07:35:59 | 00,000,256 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/12 07:35:52 | 00,002,206 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/12 07:33:37 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/12 07:33:22 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/12 07:33:13 | 21,374,56640 | -HS- | M] () incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008/12/12 06:43:36 | 30,697,890 | ---- | M] () kk.ini -> %SystemRoot%\kk.ini -> [2008/12/12 00:53:49 | 00,000,599 | ---- | M] () GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/12/12 00:03:41 | 00,333,048 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/12/11 23:22:34 | 00,510,270 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/12/11 23:22:34 | 00,428,972 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/12/11 23:22:34 | 00,073,198 | ---- | M] () desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [2008/12/11 22:53:30 | 00,000,081 | -HS- | M] () FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/12/11 22:51:02 | 00,957,936 | ---- | M] () ntldr -> %SystemDrive%\ntldr -> [2008/12/11 22:36:31 | 00,250,048 | RHS- | M] () microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008/12/11 21:41:57 | 00,089,309 | ---- | M] () miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008/12/10 22:42:23 | 00,334,743 | ---- | M] () avgrkx86.sys -> %SystemRoot%\System32\drivers\avgrkx86.sys -> [2008/12/10 22:35:41 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2008/12/10 22:35:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2008/12/10 22:35:40 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2008/12/10 22:35:40 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2008/12/10 22:35:38 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2008/12/10 22:35:31 | 06,061,540 | ---- | M] () Gingerbread and Family Pics 197.JPG -> %UserProfile%\Desktop\Gingerbread and Family Pics 197.JPG -> [2008/12/04 13:07:54 | 00,016,944 | ---- | M] () Gingerbread and Family Pics 209.JPG -> %UserProfile%\Desktop\Gingerbread and Family Pics 209.JPG -> [2008/12/04 12:45:39 | 00,022,168 | ---- | M] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:58:36 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:58:32 | 00,015,504 | ---- | M] (Malwarebytes Corporation) MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/12/02 13:26:30 | 17,593,280 | ---- | M] (Microsoft Corporation) DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/11/26 09:27:20 | 00,008,192 | ---- | M] () Due Diligence checklist bt.xls -> %UserProfile%\My Documents\Due Diligence checklist bt.xls -> [2008/11/20 15:57:38 | 00,020,992 | ---- | M] () chores2.xls -> %UserProfile%\My Documents\chores2.xls -> [2008/11/15 21:21:52 | 00,019,968 | ---- | M] () Speed Golfing.pdf -> %UserProfile%\My Documents\Speed Golfing.pdf -> [2008/11/09 09:13:30 | 01,112,705 | ---- | M] () New Microsoft Word Document.doc -> %UserProfile%\Desktop\New Microsoft Word Document.doc -> [2008/10/29 08:20:01 | 00,026,112 | ---- | M] () mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008/10/23 04:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 04:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\dllcache\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) wuweb.dll -> %SystemRoot%\System32\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) wuweb.dll -> %SystemRoot%\System32\dllcache\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) wucltui.dll -> %SystemRoot%\System32\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) wucltui.dll -> %SystemRoot%\System32\dllcache\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\dllcache\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) wuaucpl.cpl -> %SystemRoot%\System32\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) wuaucpl.cpl -> %SystemRoot%\System32\dllcache\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) cdm.dll -> %SystemRoot%\System32\dllcache\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) cdm.dll -> %SystemRoot%\System32\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\dllcache\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) wucltui.dll.mui -> %SystemRoot%\System32\wucltui.dll.mui -> [2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\dllcache\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) wuaucpl.cpl.mui -> %SystemRoot%\System32\wuaucpl.cpl.mui -> [2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation) wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation) wuaueng.dll.mui -> %SystemRoot%\System32\wuaueng.dll.mui -> [2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation) mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/10/15 17:00:11 | 03,067,904 | ---- | M] (Microsoft Corporation) mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/10/15 17:00:11 | 03,067,904 | ---- | M] (Microsoft Corporation) wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008/10/15 17:00:11 | 00,666,112 | ---- | M] (Microsoft Corporation) wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008/10/15 17:00:11 | 00,666,112 | ---- | M] (Microsoft Corporation) urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008/10/15 17:00:11 | 00,619,520 | ---- | M] (Microsoft Corporation) urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008/10/15 17:00:11 | 00,619,520 | ---- | M] (Microsoft Corporation) shdocvw.dll -> %SystemRoot%\System32\shdocvw.dll -> [2008/10/15 17:00:10 | 01,499,136 | ---- | M] (Microsoft Corporation) shdocvw.dll -> %SystemRoot%\System32\dllcache\shdocvw.dll -> [2008/10/15 17:00:10 | 01,499,136 | ---- | M] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 08:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 08:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/10/14 20:24:30 | 00,054,156 | -H-- | M] () QTFont.for -> %SystemRoot%\QTFont.for -> [2008/10/14 20:24:30 | 00,001,409 | ---- | M] () strmdll.dll -> %SystemRoot%\System32\strmdll.dll -> [2008/10/03 02:02:42 | 00,247,326 | ---- | M] (Microsoft Corporation) strmdll.dll -> %SystemRoot%\System32\dllcache\strmdll.dll -> [2008/10/03 02:02:42 | 00,247,326 | ---- | M] (Microsoft Corporation) msxml4.dll -> %SystemRoot%\System32\msxml4.dll -> [2008/09/30 16:43:34 | 01,286,152 | ---- | M] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\win32k.sys -> [2008/09/15 04:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/09/15 04:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) [File - Lop Check] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/12 00:11:12 | 00,000,000 | RH-D | M] Broderbund Software -> C:\Documents and Settings\All Users\Application Data\Broderbund Software -> [2007/05/25 19:35:12 | 00,000,000 | ---D | M] COMMON FILES -> C:\Documents and Settings\All Users\Application Data\COMMON FILES -> [2007/03/06 19:12:15 | 00,000,000 | ---D | M] CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2006/11/28 07:27:17 | 00,000,000 | ---D | M] Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [2008/01/26 00:17:48 | 00,000,000 | ---D | M] FaxCtr -> C:\Documents and Settings\All Users\Application Data\FaxCtr -> [2008/01/12 14:57:36 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2007/03/06 19:15:02 | 00,000,000 | ---D | M] Roxio -> C:\Documents and Settings\All Users\Application Data\Roxio -> [2008/08/17 13:15:14 | 00,000,000 | ---D | M] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2004/08/10 11:13:06 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2006/11/28 07:19:52 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\bob thomas\Application Data -> [2008/12/12 00:11:17 | 00,000,000 | RH-D | M] AVGTOOLBAR -> C:\Documents and Settings\bob thomas\Application Data\AVGTOOLBAR -> [2008/12/10 22:35:31 | 00,000,000 | ---D | M] Blackberry Desktop -> C:\Documents and Settings\bob thomas\Application Data\Blackberry Desktop -> [2008/08/17 13:37:35 | 00,000,000 | ---D | M] CyberLink -> C:\Documents and Settings\bob thomas\Application Data\CyberLink -> [2006/12/04 22:36:36 | 00,000,000 | ---D | M] FaxCtr -> C:\Documents and Settings\bob thomas\Application Data\FaxCtr -> [2008/01/12 15:04:28 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\bob thomas\Application Data\Intuit -> [2007/03/06 19:20:50 | 00,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\bob thomas\Application Data\Leadertech -> [2007/03/19 08:30:04 | 00,000,000 | ---D | M] Lexmark Productivity Studio -> C:\Documents and Settings\bob thomas\Application Data\Lexmark Productivity Studio -> [2008/01/13 17:58:07 | 00,000,000 | ---D | M] Micro-Sys -> C:\Documents and Settings\bob thomas\Application Data\Micro-Sys -> [2008/02/28 23:05:05 | 00,000,000 | ---D | M] Move Networks -> C:\Documents and Settings\bob thomas\Application Data\Move Networks -> [2007/05/29 20:11:42 | 00,000,000 | ---D | M] Research In Motion -> C:\Documents and Settings\bob thomas\Application Data\Research In Motion -> [2008/08/17 11:57:48 | 00,000,000 | ---D | M] Roxio -> C:\Documents and Settings\bob thomas\Application Data\Roxio -> [2008/08/30 18:44:32 | 00,000,000 | ---D | M] Syntrillium -> C:\Documents and Settings\bob thomas\Application Data\Syntrillium -> [2007/07/13 07:15:18 | 00,000,000 | ---D | M] Thunderbird -> C:\Documents and Settings\bob thomas\Application Data\Thunderbird -> [2006/12/04 20:29:19 | 00,000,000 | ---D | M] U3 -> C:\Documents and Settings\bob thomas\Application Data\U3 -> [2008/10/08 20:00:13 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/03/30 14:17:09 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/12 07:33:37 | 00,000,006 | -H-- | M] () [File - Purity Scan] ?ymantec -> C:\WINDOWS\Ѕymantec -> [2008/03/17 23:21:21 | 00,000,000 | ---D | M] ?ymantec -> C:\WINDOWS\Ѕymantec\Ѕymantec -> [2008/03/16 20:02:41 | 00,000,000 | ---D | M] [File - Signature Check] < Cached Copy > -> < OS Copy > -> < MD5's > C:\WINDOWS\servicepackfiles\i386\explorer.exe [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> Cached Copy = 12896823FB95BFB3DC9B46BCAEDC9923 \ OS Copy = 12896823FB95BFB3DC9B46BCAEDC9923 C:\WINDOWS\servicepackfiles\i386\csrss.exe [2008/04/13 16:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2008/04/13 16:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = 44F275C64738EA2056E3D9580C23B60F \ OS Copy = 44F275C64738EA2056E3D9580C23B60F C:\WINDOWS\servicepackfiles\i386\lsass.exe [2008/04/13 16:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2008/04/13 16:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = BF2466B3E18E970D8A976FB95FC1CA85 \ OS Copy = BF2466B3E18E970D8A976FB95FC1CA85 C:\WINDOWS\servicepackfiles\i386\rundll32.exe [2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = 037B1E7798960E0420003D05BB577EE6 \ OS Copy = 037B1E7798960E0420003D05BB577EE6 C:\WINDOWS\servicepackfiles\i386\services.exe [2008/04/13 16:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2008/04/13 16:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> Cached Copy = 0E776ED5F7CC9F94299E70461B7B8185 \ OS Copy = 0E776ED5F7CC9F94299E70461B7B8185 C:\WINDOWS\servicepackfiles\i386\smss.exe [2008/04/13 16:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2008/04/13 16:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = 5F816C1F539266D2D4C78694239DA0B5 \ OS Copy = 5F816C1F539266D2D4C78694239DA0B5 C:\WINDOWS\servicepackfiles\i386\spoolsv.exe [2008/04/13 16:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2008/04/13 16:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B \ OS Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B C:\WINDOWS\servicepackfiles\i386\svchost.exe [2008/04/13 16:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2008/04/13 16:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 \ OS Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 C:\WINDOWS\servicepackfiles\i386\taskmgr.exe [2008/04/13 16:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2008/04/13 16:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = 2CD1C3506A85B38E2D17E61ADED175C4 \ OS Copy = 2CD1C3506A85B38E2D17E61ADED175C4 C:\WINDOWS\servicepackfiles\i386\userinit.exe [2008/04/13 16:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2008/04/13 16:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> Cached Copy = A93AEE1928A9D7CE3E16D24EC7380F89 \ OS Copy = A93AEE1928A9D7CE3E16D24EC7380F89 C:\WINDOWS\servicepackfiles\i386\winlogon.exe [2008/04/13 16:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2008/04/13 16:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> Cached Copy = ED0EF0A136DEC83DF69F04118870003E \ OS Copy = ED0EF0A136DEC83DF69F04118870003E [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\bob thomas\My Documents\bob_cell.xls:SummaryInformation 88 bytes C:\Documents and Settings\bob thomas\My Documents\bob_cell.xls:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\901.wav:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\354.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\014A.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\014B.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\054.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\083.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\103.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\201.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\222.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\224.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\234.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\243.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\254.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\261.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\263.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\274.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\283.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\301.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\322.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\324.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\334.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\343.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\361.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\363.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\374.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\383.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\401.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\422.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\424.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\434.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\443.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\454.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\461.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\463.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\474.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\483.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\501.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\522.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\524.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\534.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\543.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\554.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\561.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\563.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\574.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\CHEA Disc 1\583.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\603.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\701.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\722.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\724.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\734.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\743.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\754.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\761.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\763.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\774.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\783.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\801.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\822.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\824.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\834.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\843.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\854.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\861.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\863.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\874.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\883.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\901.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\922.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\924.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\934.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\943.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\954.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\961.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\963.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\974.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\983.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\T10.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\T20.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\T30.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\T40.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\T50.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\T60.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\CHEA LB07\Disc 2\T70.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My DVDs\Alexander\Alexander.dvd:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My DVDs\Connor\SF2\Street Fighter 1 and 2\Street Fighter 1 and 2.dvd:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\354.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\014A.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\014B.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\054.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\083.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\103.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\201.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\222.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\224.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\234.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\243.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\254.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\261.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\263.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\274.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\283.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\301.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\322.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\324.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\334.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\343.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\361.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\363.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\374.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\383.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\401.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\422.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\424.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\434.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\443.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\454.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\461.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\463.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\474.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\483.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\501.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\522.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\524.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\534.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\543.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\554.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\561.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\563.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\574.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Music\CHEA Disc 1\583.mp3:Roxio EMC Stream 76 bytes C:\Documents and Settings\bob thomas\My Documents\My Videos\CaptainNoah and the One and Only Zoo Cruise for s\CaptainNoah and the One and Only Zoo Cruise for s.dvd:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My Videos\CaptainNoah and the One and Only Zoo Cruise for s\Sources\IFO_T010000.mpv:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My Videos\CaptainNoah and the One and Only Zoo Cruise for s\Sources\IFO_T01_00000.ac3:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My Videos\CaptainNoah and the One and Only Zoo Cruise for s\Sources\IFO_T01_S00.mpv:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My Videos\CaptainNoah and the One and Only Zoo Cruise for s\Sources\IFO_T01_S00_0.ac3:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My Videos\CaptainNoah and the One and Only Zoo Cruise for s\Sources\IFO_T01_S01.mpv:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My Videos\CaptainNoah and the One and Only Zoo Cruise for s\Sources\IFO_T01_S01_0.ac3:Afp_AfpInfo 48 bytes C:\Documents and Settings\bob thomas\My Documents\My Videos\CaptainNoah and the One and Only Zoo Cruise for s\Sources\thumb1_3353383.bmp:Afp_AfpInfo 48 bytes scan completed successfully hidden files: 514 [Custom Scans] < %systemroot%\Prefetch\*.* /s > C:\WINDOWS\Prefetch\ -> C:\WINDOWS\Prefetch -> [2008/12/12 11:25:57 | 00,000,000 | ---D | M] ACRORD32INFO.EXE-1A3A138E.pf -> C:\WINDOWS\Prefetch\ACRORD32INFO.EXE -> [2008/12/12 02:03:11 | 00,005,876 | ---- | M] () AGENT.EXE-00ED4190.pf -> C:\WINDOWS\Prefetch\AGENT.EXE -> [2008/12/12 11:27:15 | 00,019,352 | ---- | M] () ALG.EXE-275708CF.pf -> C:\WINDOWS\Prefetch\ALG.EXE -> [2008/12/12 07:35:06 | 00,016,216 | ---- | M] () APDPROXY.EXE-1570C10E.pf -> C:\WINDOWS\Prefetch\APDPROXY.EXE -> [2008/12/12 07:34:58 | 00,005,772 | ---- | M] () AUPDATE.EXE-223E3682.pf -> C:\WINDOWS\Prefetch\AUPDATE.EXE -> [2008/12/12 11:09:20 | 00,025,980 | ---- | M] () AVGCMGR.EXE-017B654E.pf -> C:\WINDOWS\Prefetch\AVGCMGR.EXE -> [2008/12/12 11:26:00 | 00,012,948 | ---- | M] () AVGDIAG.EXE-15877776.pf -> C:\WINDOWS\Prefetch\AVGDIAG.EXE -> [2008/12/12 07:34:58 | 00,026,566 | ---- | M] () AVGTRAY.EXE-11DB8130.pf -> C:\WINDOWS\Prefetch\AVGTRAY.EXE -> [2008/12/12 07:34:58 | 00,032,010 | ---- | M] () AVGUI.EXE-0D7989A9.pf -> C:\WINDOWS\Prefetch\AVGUI.EXE -> [2008/12/12 07:39:38 | 00,036,518 | ---- | M] () AVGUPD.EXE-2AED0BE6.pf -> C:\WINDOWS\Prefetch\AVGUPD.EXE -> [2008/12/12 09:35:02 | 00,037,390 | ---- | M] () BBDEVMGR.EXE-1F1F62F4.pf -> C:\WINDOWS\Prefetch\BBDEVMGR.EXE -> [2008/12/12 07:35:48 | 00,015,458 | ---- | M] () BRIGHTNESS.EXE-238597DB.pf -> C:\WINDOWS\Prefetch\BRIGHTNESS.EXE -> [2008/12/12 07:35:26 | 00,017,076 | ---- | M] () CATCHME.EXE-318FA45D.pf -> C:\WINDOWS\Prefetch\CATCHME.EXE -> [2008/12/12 11:27:46 | 00,058,514 | ---- | M] () CC.EXE-1A273E57.pf -> C:\WINDOWS\Prefetch\CC.EXE -> [2008/12/12 00:45:32 | 00,020,970 | ---- | M] () CHESS.EXE-3B43575F.pf -> C:\WINDOWS\Prefetch\CHESS.EXE -> [2008/12/12 00:45:38 | 00,021,072 | ---- | M] () CMD.EXE-034B0549.pf -> C:\WINDOWS\Prefetch\CMD.EXE -> [2008/12/12 10:51:06 | 00,012,664 | ---- | M] () CTFMON.EXE-05E57A5E.pf -> C:\WINDOWS\Prefetch\CTFMON.EXE -> [2008/12/12 07:34:58 | 00,015,564 | ---- | M] () DEFRAG.EXE-2858C7E2.pf -> C:\WINDOWS\Prefetch\DEFRAG.EXE -> [2008/12/12 02:26:07 | 00,016,568 | ---- | M] () DESKTOPMGR.EXE-04F88D9A.pf -> C:\WINDOWS\Prefetch\DESKTOPMGR.EXE -> [2008/12/12 07:35:10 | 00,013,238 | ---- | M] () DFRGNTFS.EXE-38C3807C.pf -> C:\WINDOWS\Prefetch\DFRGNTFS.EXE -> [2008/12/12 02:25:59 | 00,080,514 | ---- | M] () DIRLOOK.EXE-1BD64341.pf -> C:\WINDOWS\Prefetch\DIRLOOK.EXE -> [2008/12/12 08:30:17 | 00,012,386 | ---- | M] () DLG.EXE-332F77D1.pf -> C:\WINDOWS\Prefetch\DLG.EXE -> [2008/12/12 07:34:58 | 00,004,552 | ---- | M] () DMXLAUNCHER.EXE-268192CB.pf -> C:\WINDOWS\Prefetch\DMXLAUNCHER.EXE -> [2008/12/12 07:34:58 | 00,009,864 | ---- | M] () DNSCHECK.EXE-3ACCD5D2.pf -> C:\WINDOWS\Prefetch\DNSCHECK.EXE -> [2008/12/12 08:24:51 | 00,015,590 | ---- | M] () DSAGNT.EXE-2C86BFCE.pf -> C:\WINDOWS\Prefetch\DSAGNT.EXE -> [2008/12/12 07:34:58 | 00,017,366 | ---- | M] () DWWIN.EXE-2C373FB7.pf -> C:\WINDOWS\Prefetch\DWWIN.EXE -> [2008/12/12 11:01:14 | 00,039,938 | ---- | M] () EXPLORER.EXE-02121B1A.pf -> C:\WINDOWS\Prefetch\EXPLORER.EXE -> [2008/12/12 07:41:15 | 00,017,754 | ---- | M] () FIREFOX.EXE-06188867.pf -> C:\WINDOWS\Prefetch\FIREFOX.EXE -> [2008/12/12 11:02:19 | 00,099,062 | ---- | M] () FIXCFG.EXE-3A39BB3F.pf -> C:\WINDOWS\Prefetch\FIXCFG.EXE -> [2008/12/12 09:35:06 | 00,018,356 | ---- | M] () GOOGLEDESKTOPINDEX.EXE-21D8CD89.pf -> C:\WINDOWS\Prefetch\GOOGLEDESKTOPINDEX.EXE -> [2008/12/12 07:34:58 | 00,015,604 | ---- | M] () GOOREDFIX.EXE-02A96BD6.pf -> C:\WINDOWS\Prefetch\GOOREDFIX.EXE -> [2008/12/12 10:50:44 | 00,006,790 | ---- | M] () HIJACKTHIS.EXE-0B4ACB7E.pf -> C:\WINDOWS\Prefetch\HIJACKTHIS.EXE -> [2008/12/12 08:49:00 | 00,013,232 | ---- | M] () HOTSYNC.EXE-198F92AB.pf -> C:\WINDOWS\Prefetch\HOTSYNC.EXE -> [2008/12/12 07:35:10 | 00,002,604 | ---- | M] () IGFXEXT.EXE-05A27A3D.pf -> C:\WINDOWS\Prefetch\IGFXEXT.EXE -> [2008/12/12 07:35:32 | 00,011,432 | ---- | M] () IGFXPERS.EXE-19DA7B04.pf -> C:\WINDOWS\Prefetch\IGFXPERS.EXE -> [2008/12/12 07:34:57 | 00,006,948 | ---- | M] () ISUSPM.EXE-0FE4BBE2.pf -> C:\WINDOWS\Prefetch\ISUSPM.EXE -> [2008/12/12 07:34:58 | 00,013,644 | ---- | M] () JUSCHED.EXE-32330AF0.pf -> C:\WINDOWS\Prefetch\JUSCHED.EXE -> [2008/12/12 07:34:57 | 00,010,284 | ---- | M] () Layout.ini -> C:\WINDOWS\Prefetch\Layout.ini -> [2008/12/12 06:47:13 | 00,059,142 | ---- | M] () LOGONUI.EXE-312BE1BF.pf -> C:\WINDOWS\Prefetch\LOGONUI.EXE -> [2008/12/12 07:32:18 | 00,017,966 | ---- | M] () LUCOMS~1.EXE-1DF6F3E9.pf -> C:\WINDOWS\Prefetch\LUCOMS~1.EXE -> [2008/12/12 11:09:20 | 00,059,996 | ---- | M] () LXDIJSWX.EXE-1AA352DE.pf -> C:\WINDOWS\Prefetch\LXDIJSWX.EXE -> [2008/12/12 08:24:05 | 00,017,628 | ---- | M] () LXDIPSWX.EXE-0038BB5F.pf -> C:\WINDOWS\Prefetch\LXDIPSWX.EXE -> [2008/12/12 08:24:04 | 00,028,902 | ---- | M] () LXDITIME.EXE-289C8BDA.pf -> C:\WINDOWS\Prefetch\LXDITIME.EXE -> [2008/12/12 08:34:14 | 00,019,354 | ---- | M] () MBAM.EXE-0D37CDF0.pf -> C:\WINDOWS\Prefetch\MBAM.EXE -> [2008/12/12 09:54:28 | 00,050,744 | ---- | M] () MSMSGS.EXE-0620E8B3.pf -> C:\WINDOWS\Prefetch\MSMSGS.EXE -> [2008/12/12 07:34:58 | 00,020,358 | ---- | M] () NETWAITING.EXE-350657BF.pf -> C:\WINDOWS\Prefetch\NETWAITING.EXE -> [2008/12/12 07:34:58 | 00,010,376 | ---- | M] () NOTEPAD.EXE-2F2D61E1.pf -> C:\WINDOWS\Prefetch\NOTEPAD.EXE -> [2008/12/12 10:51:06 | 00,016,912 | ---- | M] () NSLOOKUP.EXE-03DDCBB1.pf -> C:\WINDOWS\Prefetch\NSLOOKUP.EXE -> [2008/12/12 08:24:46 | 00,014,472 | ---- | M] () NTOSBOOT-B00DFAAD.pf -> C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -> [2008/12/12 07:34:57 | 00,704,974 | ---- | M] () OTSCANIT2.EXE-212B397B.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2008/12/12 11:12:09 | 00,012,294 | ---- | M] () OTSCANIT2.EXE-3643120B.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2008/12/12 11:14:34 | 00,023,436 | ---- | M] () PIFSVC.EXE-263A5067.pf -> C:\WINDOWS\Prefetch\PIFSVC.EXE -> [2008/12/12 07:34:58 | 00,013,262 | ---- | M] () QBUPDATE.EXE-3321108A.pf -> C:\WINDOWS\Prefetch\QBUPDATE.EXE -> [2008/12/12 07:35:02 | 00,005,360 | ---- | M] () QTTASK.EXE-1876A1A1.pf -> C:\WINDOWS\Prefetch\QTTASK.EXE -> [2008/12/12 07:34:57 | 00,009,252 | ---- | M] () QUICKSET.EXE-0D149022.pf -> C:\WINDOWS\Prefetch\QUICKSET.EXE -> [2008/12/12 07:34:58 | 00,021,518 | ---- | M] () READER_SL.EXE-02E193BD.pf -> C:\WINDOWS\Prefetch\READER_SL.EXE -> [2008/12/12 07:34:58 | 00,011,872 | ---- | M] () REG.EXE-07FA5B3F.pf -> C:\WINDOWS\Prefetch\REG.EXE -> [2008/12/12 08:27:22 | 00,012,024 | ---- | M] () REGEDIT.EXE-2AE3423E.pf -> C:\WINDOWS\Prefetch\REGEDIT.EXE -> [2008/12/12 07:34:58 | 00,012,898 | ---- | M] () REGQUERY.EXE-03D666E7.pf -> C:\WINDOWS\Prefetch\REGQUERY.EXE -> [2008/12/12 08:27:00 | 00,013,374 | ---- | M] () REGSVR32.EXE-396DEA2C.pf -> C:\WINDOWS\Prefetch\REGSVR32.EXE -> [2008/12/12 09:35:02 | 00,015,498 | ---- | M] () RIMDEVICEMANAGER.EXE-243E30C2.pf -> C:\WINDOWS\Prefetch\RIMDEVICEMANAGER.EXE -> [2008/12/12 07:35:45 | 00,014,562 | ---- | M] () ROXWATCHTRAY9.EXE-19521D9A.pf -> C:\WINDOWS\Prefetch\ROXWATCHTRAY9.EXE -> [2008/12/12 07:34:58 | 00,007,374 | ---- | M] () RUNDLL32.EXE-5E1518B3.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/12 07:34:57 | 00,013,090 | ---- | M] () SETUP.EXE-0743E6C4.pf -> C:\WINDOWS\Prefetch\SETUP.EXE -> [2008/12/12 07:34:58 | 00,014,704 | ---- | M] () SQLMANGR.EXE-19670CF9.pf -> C:\WINDOWS\Prefetch\SQLMANGR.EXE -> [2008/12/12 07:35:03 | 00,007,842 | ---- | M] () SSTEXT3D.SCR-0586736D.pf -> C:\WINDOWS\Prefetch\SSTEXT3D.SCR -> [2008/12/12 10:46:54 | 00,015,662 | ---- | M] () STSYSTRA.EXE-250DA2AC.pf -> C:\WINDOWS\Prefetch\STSYSTRA.EXE -> [2008/12/12 07:34:58 | 00,021,080 | ---- | M] () SVCHOST.EXE-2D5FBD18.pf -> C:\WINDOWS\Prefetch\SVCHOST.EXE -> [2008/12/12 07:35:58 | 00,015,158 | ---- | M] () SYNTPENH.EXE-2B70B91C.pf -> C:\WINDOWS\Prefetch\SYNTPENH.EXE -> [2008/12/12 07:34:58 | 00,014,294 | ---- | M] () TFSWCTRL.EXE-2D67C816.pf -> C:\WINDOWS\Prefetch\TFSWCTRL.EXE -> [2008/12/12 07:34:58 | 00,015,906 | ---- | M] () THUNDERBIRD.EXE-1BF62657.pf -> C:\WINDOWS\Prefetch\THUNDERBIRD.EXE -> [2008/12/12 09:16:57 | 00,070,644 | ---- | M] () VERCLSID.EXE-28F52AD2.pf -> C:\WINDOWS\Prefetch\VERCLSID.EXE -> [2008/12/12 09:42:34 | 00,016,890 | ---- | M] () WGATRAY.EXE-350D4455.pf -> C:\WINDOWS\Prefetch\WGATRAY.EXE -> [2008/12/12 07:35:55 | 00,037,406 | ---- | M] () WINWORD.EXE-33AEA629.pf -> C:\WINDOWS\Prefetch\WINWORD.EXE -> [2008/12/12 10:10:47 | 00,075,054 | ---- | M] () WLTRAY.EXE-0D3A5A80.pf -> C:\WINDOWS\Prefetch\WLTRAY.EXE -> [2008/12/12 07:34:58 | 00,018,450 | ---- | M] () WMIPRVSE.EXE-0D449B4F.pf -> C:\WINDOWS\Prefetch\WMIPRVSE.EXE -> [2008/12/12 08:49:40 | 00,024,246 | ---- | M] () WUAUCLT.EXE-1360D60A.pf -> C:\WINDOWS\Prefetch\WUAUCLT.EXE -> [2008/12/12 07:35:39 | 00,020,338 | ---- | M] () ZUNELAUNCHER.EXE-133823A0.pf -> C:\WINDOWS\Prefetch\ZUNELAUNCHER.EXE -> [2008/12/12 07:34:58 | 00,005,626 | ---- | M] () < %systemroot%\system32\drivers\*.dat > < %systemroot%\Temp\bca4e2da.$$$ > < %systemroot%\Temp\ed47fa.$ > < %systemroot%\Temp\fa56d7ec.$$$ > < %systemroot%\System32\antiwpa.dll > < %PROGRAMFILES%\*crack*. > Program Files -> C:\Program Files -> [2008/12/12 00:20:43 | 00,000,000 | R--D | M] < %PROGRAMFILES%\*keygen*. > Program Files -> C:\Program Files -> [2008/12/12 00:20:43 | 00,000,000 | R--D | M] < %SYSTEMDRIVE%\*crack*. > OTScanIt2 -> C: -> [2008/12/12 11:27:37 | 00,000,000 | ---D | M] < %SYSTEMDRIVE%\*keygen*. > OTScanIt2 -> C: -> [2008/12/12 11:27:37 | 00,000,000 | ---D | M] < %SYSTEMDRIVE%\*.zip > < %SYSTEMDRIVE%\*.rar > < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\*.dll > < %systemroot%\*.zip > < %systemroot%\*.rar > < %systemroot%\system32\*.zip > < %systemroot%\system32\*.rar > < %PROGRAMFILES%\*.zip > < %PROGRAMFILES%\*.rar > < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*.dll > Invalid Environment Variable: DESKTOP Invalid Environment Variable: DESKTOP Invalid Environment Variable: DESKTOP < %PROGRAMFILES%\Common Files\*.* > < %PROGRAMFILES%\Common Files\*bak*. > Common Files -> C:\Program Files\Common Files -> [2008/08/17 13:26:49 | 00,000,000 | ---D | M] < %systemroot%\SYSTEM32\*bak*. > 1 C:\WINDOWS\SYSTEM32\*.tmp files -> C:\WINDOWS\SYSTEM32\*.tmp -> system32 -> C:\WINDOWS\SYSTEM32 -> [2008/12/12 00:20:42 | 00,000,000 | ---D | M] < %PROGRAMFILES%\*bak*. > Program Files -> C:\Program Files -> [2008/12/12 00:20:43 | 00,000,000 | R--D | M] < %USERNAME%\*.zip > < %USERNAME%\*.rar > < %USERNAME%\*.exe > < %USERPROFILE%\*.zip > < %USERPROFILE%\*.rar > < %USERPROFILE%\*.exe > < %ALLUSERSPROFILE%\*.zip > < %ALLUSERSPROFILE%\*.rar > < %ALLUSERSPROFILE%\*.exe > < %APPDATA%\*.zip > < %APPDATA%\*.rar > < %APPDATA%\*.exe > Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSAPPDATA Invalid Environment Variable: ALLUSERSAPPDATA Invalid Environment Variable: ALLUSERSAPPDATA < %APPDATA%\*.zip > < %APPDATA%\*.rar > < %APPDATA%\*.exe > Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTMENU Invalid Environment Variable: STARTMENU Invalid Environment Variable: STARTMENU Invalid Environment Variable: MYDOCUMENTS Invalid Environment Variable: MYDOCUMENTS Invalid Environment Variable: MYDOCUMENTS < %PROGRAMFILES%\Mozilla Firefox\plugins\*.* > C:\Program Files\Mozilla Firefox\plugins\ -> C:\Program Files\Mozilla Firefox\plugins -> [2008/11/14 17:32:07 | 00,000,000 | ---D | M] npnul32.dll -> C:\Program Files\Mozilla Firefox\plugins\npnul32.dll -> [2008/11/14 17:32:06 | 00,022,664 | ---- | M] (mozilla.org) nppdf32.dll -> C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll -> [2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) nppl3260.dll -> C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll -> [2007/09/16 16:59:09 | 00,144,720 | ---- | M] (RealNetworks, Inc.) npqtplugin.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -> [2006/11/28 07:19:49 | 00,106,496 | ---- | M] (Apple Computer, Inc.) nprjplug.dll -> C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll -> [2007/09/16 16:59:19 | 00,024,576 | ---- | M] (RealNetworks, Inc.) nprpjplug.dll -> C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll -> [2007/09/16 16:59:01 | 00,081,920 | ---- | M] (RealNetworks, Inc.) nsIQTScriptablePlugin.xpt -> C:\Program Files\Mozilla Firefox\plugins\nsIQTScriptablePlugin.xpt -> [2006/11/28 07:19:49 | 00,002,394 | ---- | M] () QuickTimePlugin.class -> C:\Program Files\Mozilla Firefox\plugins\QuickTimePlugin.cla -> [2007/11/03 09:58:08 | 00,004,208 | ---- | M] () < %PROGRAMFILES%\Internet Explorer\*.* > C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/12/11 22:42:22 | 00,000,000 | ---D | M] hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2008/04/13 16:11:54 | 00,038,912 | ---- | M] (Microsoft Corporation) iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2008/04/13 16:12:22 | 00,018,432 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/04/13 16:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) < %PROGRAMFILES%\Mozilla Firefox\*.zip /s > < %PROGRAMFILES%\Mozilla Firefox\*.rar /s > < %PROGRAMFILES%\Mozilla Firefox\*.exe /s > C:\Program Files\Mozilla Firefox\ -> C:\Program Files\Mozilla Firefox -> [2008/12/12 11:02:14 | 00,000,000 | ---D | M] firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2008/11/14 17:32:02 | 07,676,528 | ---- | M] (Mozilla Corporation) updater.exe -> C:\Program Files\Mozilla Firefox\updater.exe -> [2008/11/14 17:32:06 | 00,132,232 | ---- | M] (Mozilla Foundation) xpicleanup.exe -> C:\Program Files\Mozilla Firefox\xpicleanup.exe -> [2008/11/14 17:32:07 | 00,073,336 | ---- | M] (Mozilla Foundation) C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\ -> C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components -> [2008/11/14 17:32:07 | 00,000,000 | ---D | M] talkback.exe -> C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe -> [2008/11/14 17:32:00 | 00,407,040 | ---- | M] (Full Circle Software, Inc.) C:\Program Files\Mozilla Firefox\uninstall\ -> C:\Program Files\Mozilla Firefox\uninstall -> [2008/11/14 17:32:09 | 00,000,000 | ---D | M] helper.exe -> C:\Program Files\Mozilla Firefox\uninstall\helper.exe -> [2008/11/14 17:32:06 | 00,450,936 | ---- | M] (Mozilla Corporation) < %PROGRAMFILES%\Internet Explorer\*.zip /s > < %PROGRAMFILES%\Internet Explorer\*.rar /s > < %PROGRAMFILES%\Internet Explorer\*.exe /s > C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/12/11 22:42:22 | 00,000,000 | ---D | M] iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2008/04/13 16:12:22 | 00,018,432 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/04/13 16:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Internet Explorer\Connection Wizard\ -> C:\Program Files\Internet Explorer\Connection Wizard -> [2008/12/11 22:39:22 | 00,000,000 | ---D | M] icwconn1.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe -> [2008/04/13 16:12:22 | 00,214,528 | ---- | M] (Microsoft Corporation) icwconn2.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe -> [2008/04/13 16:12:22 | 00,086,016 | ---- | M] (Microsoft Corporation) icwrmind.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe -> [2008/04/13 16:12:22 | 00,024,576 | ---- | M] (Microsoft Corporation) icwtutor.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe -> [2004/08/04 03:00:00 | 00,073,728 | ---- | M] (Microsoft Corporation) inetwiz.exe -> C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe -> [2008/04/13 16:12:22 | 00,020,480 | ---- | M] (Microsoft Corporation) isignup.exe -> C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe -> [2004/08/04 03:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation) < %SYSTEMDRIVE%\*.dat > < %SYSTEMDRIVE%\*.sys > C:\ -> -> [2008/12/12 11:27:37 | 00,000,000 | ---D | M] CONFIG.SYS -> C:\CONFIG.SYS -> [2004/08/10 11:04:08 | 00,000,000 | ---- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2008/12/12 07:33:13 | 21,374,56640 | -HS- | M] () IO.SYS -> C:\IO.SYS -> [2004/08/10 11:04:08 | 00,000,000 | -H-- | M] () MSDOS.SYS -> C:\MSDOS.SYS -> [2004/08/10 11:04:08 | 00,000,000 | -H-- | M] () pagefile.sys -> C:\pagefile.sys -> [2008/12/12 07:33:11 | 21,453,86496 | -HS- | M] () < %SYSTEMROOT%\*.dat > C:\WINDOWS\ -> C:\WINDOWS -> [2008/12/12 07:34:53 | 00,000,000 | ---D | M] bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2008/12/12 07:33:22 | 00,002,048 | --S- | M] () mozver.dat -> C:\WINDOWS\mozver.dat -> [2007/07/03 18:25:55 | 00,004,320 | ---- | M] () nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2006/11/28 07:18:44 | 00,000,335 | ---- | M] () PowerReg.dat -> C:\WINDOWS\PowerReg.dat -> [2007/07/31 09:17:29 | 00,000,000 | ---- | M] () 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> < %SYSTEMROOT%\*.sys > < %systemroot%\system32\drivers\*.exe /s > < %systemroot%\system32\drivers\*.zip /s > < %systemroot%\system32\drivers\*.rar /s > < %systemroot%\system\*.exe /s > < %systemroot%\system\*.zip /s > < %systemroot%\system\*.rar /s > < %systemroot%\AppPatch\*.exe /s > < %systemroot%\AppPatch\*.zip /s > < %systemroot%\AppPatch\*.rar /s > < %systemroot%\Cache\*.* > < %systemroot%\Downloaded Program Files\*.* > C:\WINDOWS\Downloaded Program Files\ -> C:\WINDOWS\Downloaded Program Files -> [2008/08/17 11:51:42 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Downloaded Program Files\desktop.ini -> [2004/08/10 11:03:04 | 00,000,065 | -H-- | M] () dwusplay.dll -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll -> [2002/07/25 16:13:18 | 00,024,576 | ---- | M] () dwusplay.exe -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe -> [2002/07/25 16:13:12 | 00,196,608 | ---- | M] () eolupcli.inf -> C:\WINDOWS\Downloaded Program Files\eolupcli.inf -> [2006/01/09 11:01:02 | 00,000,122 | ---- | M] () isusweb.dll -> C:\WINDOWS\Downloaded Program Files\isusweb.dll -> [2006/09/11 03:40:36 | 00,484,272 | ---- | M] () msrdp.inf -> C:\WINDOWS\Downloaded Program Files\msrdp.inf -> [2003/03/25 12:09:02 | 00,001,558 | ---- | M] () msrdp.ocx -> C:\WINDOWS\Downloaded Program Files\msrdp.ocx -> [2003/03/24 23:03:32 | 00,683,008 | ---- | M] () swflash.inf -> C:\WINDOWS\Downloaded Program Files\swflash.inf -> [2007/06/11 11:21:02 | 00,005,021 | ---- | M] () < %systemroot%\Fonts\*.exe /s > < %systemroot%\Fonts\*.zip /s > < %systemroot%\Fonts\*.rar /s > < %systemroot%\Fonts\*.dll /s > < %systemroot%\Help\*.exe /s > C:\WINDOWS\Help\SBSI\Training\ -> C:\WINDOWS\Help\SBSI\Training -> [2007/02/13 22:28:29 | 00,000,000 | ---D | M] orun32.exe -> C:\WINDOWS\Help\SBSI\Training\orun32.exe -> [2006/08/21 15:57:14 | 01,077,321 | ---- | M] (Microsoft Corporation) ounins32_s.exe -> C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe -> [2001/06/11 15:19:04 | 00,233,472 | ---- | M] (Microsoft and LearnIT Corporation) usersid.exe -> C:\WINDOWS\Help\SBSI\Training\usersid.exe -> [2001/11/07 10:28:32 | 00,049,152 | ---- | M] () C:\WINDOWS\Help\Tours\mmTour\ -> C:\WINDOWS\Help\Tours\mmTour -> [2004/08/10 10:52:56 | 00,000,000 | ---D | M] tour.exe -> C:\WINDOWS\Help\Tours\mmTour\tour.exe -> [2004/08/04 03:00:00 | 03,374,640 | ---- | M] (Macromedia, Inc.) < %systemroot%\Help\*.zip /s > < %systemroot%\Help\*.rar /s > < %systemroot%\Tasks\*.* > C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/03/30 14:17:09 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/12 07:33:37 | 00,000,006 | -H-- | M] () < %APPDATA%\*.sys > < %systemroot%\system32\serauth1.dll > < %systemroot%\system32\serauth2.dll > < %systemroot%\system32\sysaudio.sys > < %PROGRAMFILES%\*TinyProxy*. > Program Files -> C:\Program Files -> [2008/12/12 00:20:43 | 00,000,000 | R--D | M] < %PROGRAMFILES%\Bitlord\Downloads\*.zip /s > < %PROGRAMFILES%\Bitlord\Downloads\*.rar /s > < %PROGRAMFILES%\Bitlord\Downloads\*.exe /s > < %PROGRAMFILES%\Bitlord\Downloads\*crack*. > < %PROGRAMFILES%\Bitlord\Downloads\*keygen*. > < %PROGRAMFILES%\eMule\Incoming\*.zip /s > < %PROGRAMFILES%\eMule\Incoming\*.rar /s > < %PROGRAMFILES%\eMule\Incoming\*.exe /s > < %PROGRAMFILES%\eMule\Incoming\*crack*. > < %PROGRAMFILES%\eMule\Incoming\*keygen*. > < HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> %ProgramFiles%\AVG\AVG8\Firefox [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2008/12/10 22:35:21 | 00,000,000 | ---D | M] HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8} -> %ProgramFiles%\AVG\AVG8\ToolbarFF [C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF] -> [2008/12/10 22:35:21 | 00,000,000 | ---D | M] HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.18\extensions -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.18\extensions\\Components -> %ProgramFiles%\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2008/11/14 17:32:07 | 00,000,000 | ---D | M] HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.18\extensions\\Plugins -> %ProgramFiles%\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2008/11/14 17:32:07 | 00,000,000 | ---D | M] HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox2.0.0.\Extensions -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 2.0.0.18\extensions -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Components -> %ProgramFiles%\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2008/11/20 08:40:31 | 00,000,000 | ---D | M] HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Plugins -> %ProgramFiles%\Mozilla Thunderbird\plugins [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS] -> [2008/02/22 23:08:52 | 00,000,000 | ---D | M] [Alternate Data Streams] @Alternate Data Stream - 88 bytes -> %UserProfile%\My Documents\bob_cell.xls:SummaryInformation @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\bob_cell.xls:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} < End of report > [/code]