Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Processing Message AND Google Redirect! [Solved]

Started by grohfactor , May 07 2009 02:50 PM

This topic is locked

#16
grohfactor

Posted 11 May 2009 - 03:13 PM

Member

Topic Starter
Member
24 posts

Heir,

Please, you, of all people, never need to apologize for anything you do here that helps us! It wasn't long at all... in fact if it helps, length of time is never an issue

Thank you again for all that you do...

As requested:

GooredLog:

GooredFix v1.92 by jpshortstuff
Log created at 17:09 on 11/05/2009 running Option #2 (Eric Groh)
Firefox version [Unable to determine]

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{F689EB5C-EC7B-4046-89B2-CC565C331730}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{F09143A3-444A-4FC3-AD06-EE550C3E66D6}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{E3ACF27A-D819-4777-A24E-938D2956370E}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{E05F25AF-CE56-4A04-BD4A-D05502CE5093}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{DF42EBB0-E778-4F92-A4E0-7159110D91D0}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{C851BF49-FEB5-45E3-9454-D6419C762F67}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{C361E529-A1A8-42A3-9EBA-142511492E72}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{B03E079F-D2B0-4724-87FF-627C9BF7C37A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{A65EE25D-1002-4291-848E-847347D93E59}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{A4BB4448-E5D1-4485-AC20-533A7F1E968B}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{A49BB67B-FE5E-4D1F-B8D1-1E9B4BB9D273}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{9EA5B66B-6C5B-4C2C-880C-82413B955665}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{9903496B-C0E4-428F-80BA-64F6F99F5A7A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{915E2611-A008-435B-8E57-6016A4B0C0E7}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{882E420B-D109-4A78-BFA2-7866A5C081E0}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{8664886D-B031-496B-A750-64DA4FFFA2FF}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{82CE0DED-CB76-4EA1-999C-25B154B99A61}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{82C30042-C896-4135-931C-EBDD5AAB088C}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{7B8CA6D2-D9F1-4B26-9CED-F5DBA003B823}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{744DD12F-67CB-4384-A9E7-79206468B059}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{70550096-CF19-48E8-BC30-AA7CBCF7E64A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{6FFC9017-DDA9-46AB-B293-2588DDEE9E5C}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{6736B158-AFFE-4A8B-B913-4065C8F4CAEC}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{5F71B4A0-6F3B-4AFA-80B6-484773E3F098}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{50864C6A-1F3F-4F42-92C7-C0AF3D311043}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{45715A67-430E-4B58-B964-10378E65514C}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{44046F12-1F85-4059-A0A2-E12128AB279E}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{42E391D9-967D-4C04-8B27-2E3899927FC7}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{3C541550-33DA-4F72-8C1B-7D3DBD3A46F1}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{388C4307-6B90-401C-BA15-25288B05618D}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{306E346D-346D-4C1D-A93E-DDA95EF74379}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{2FB53317-D20C-4D9D-AD03-4438D1956255}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{26104708-C5A8-4587-8144-635B1B93FD5E}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{1B1C9D94-DDA4-4B54-AB94-38C045B9F54B}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{172A95B0-461B-4DE6-9BB9-24B14A5CF360}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{0F1EB8A4-D805-47A5-B60E-37342568AB75}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{08D4E45B-A77E-4A34-8D08-1AE3CF6C6878}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{08C3E2B2-28C6-4319-8F30-AB3BF74AB4C9}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{034362E6-EEA5-4B10-8857-4886664B841A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{018D39D1-1D72-456A-AD75-95CCADA749D1}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

#17
grohfactor

Posted 11 May 2009 - 03:24 PM

Member

Topic Starter
Member
24 posts

OTListIt logfile created on: 5/11/2009 5:17:01 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Eric Groh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 556.34 Mb Available Physical Memory | 54.41% Memory free
2.31 Gb Paging File | 1.89 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 202.20 Gb Free Space | 90.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.51 Gb Total Space | 1.12 Gb Free Space | 13.18% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive S: | 465.76 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
Drive U: | 465.76 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS

Computer Name: DWS10
Current User Name: Eric Groh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\SiteAdvisor\6173\SAService.exe ()
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe (McAfee, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Eric Groh\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EngineServer [Auto | Running]) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McAfee HackerWatch Service [Auto | Running]) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
SRV - (McShield [On_Demand | Running]) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (myAgtSvc [Auto | Running]) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SiteAdvisor Service [Auto | Running]) -- C:\Program Files\SiteAdvisor\6173\SAService.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (CXFALCON [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\cxfalcon.sys (Conexant Systems, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipr12.dll (Hewlett-Packard)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MfeAVFK [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (MfeBOPK [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeRKDK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX3000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV - (WN5301 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wn5301.sys (Liteon Technology Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {034362E6-EEA5-4B10-8857-4886664B841A}:1.0
FF - prefs.js..extensions.enabledItems: {08C3E2B2-28C6-4319-8F30-AB3BF74AB4C9}:1.0
FF - prefs.js..extensions.enabledItems: {08D4E45B-A77E-4A34-8D08-1AE3CF6C6878}:1.0
FF - prefs.js..extensions.enabledItems: {0F1EB8A4-D805-47A5-B60E-37342568AB75}:1.0
FF - prefs.js..extensions.enabledItems: {26104708-C5A8-4587-8144-635B1B93FD5E}:1.0
FF - prefs.js..extensions.enabledItems: {2FB53317-D20C-4D9D-AD03-4438D1956255}:1.0
FF - prefs.js..extensions.enabledItems: {3C541550-33DA-4F72-8C1B-7D3DBD3A46F1}:1.0
FF - prefs.js..extensions.enabledItems: {42E391D9-967D-4C04-8B27-2E3899927FC7}:1.0
FF - prefs.js..extensions.enabledItems: {44046F12-1F85-4059-A0A2-E12128AB279E}:1.0
FF - prefs.js..extensions.enabledItems: {45715A67-430E-4B58-B964-10378E65514C}:1.0
FF - prefs.js..extensions.enabledItems: {50864C6A-1F3F-4F42-92C7-C0AF3D311043}:1.0
FF - prefs.js..extensions.enabledItems: {5F71B4A0-6F3B-4AFA-80B6-484773E3F098}:1.0
FF - prefs.js..extensions.enabledItems: {6736B158-AFFE-4A8B-B913-4065C8F4CAEC}:1.0
FF - prefs.js..extensions.enabledItems: {6FFC9017-DDA9-46AB-B293-2588DDEE9E5C}:1.0
FF - prefs.js..extensions.enabledItems: {70550096-CF19-48E8-BC30-AA7CBCF7E64A}:1.0
FF - prefs.js..extensions.enabledItems: {744DD12F-67CB-4384-A9E7-79206468B059}:1.0
FF - prefs.js..extensions.enabledItems: {82C30042-C896-4135-931C-EBDD5AAB088C}:1.0
FF - prefs.js..extensions.enabledItems: {82CE0DED-CB76-4EA1-999C-25B154B99A61}:1.0
FF - prefs.js..extensions.enabledItems: {882E420B-D109-4A78-BFA2-7866A5C081E0}:1.0
FF - prefs.js..extensions.enabledItems: {915E2611-A008-435B-8E57-6016A4B0C0E7}:1.0
FF - prefs.js..extensions.enabledItems: {9EA5B66B-6C5B-4C2C-880C-82413B955665}:1.0
FF - prefs.js..extensions.enabledItems: {A4BB4448-E5D1-4485-AC20-533A7F1E968B}:1.0
FF - prefs.js..extensions.enabledItems: {A65EE25D-1002-4291-848E-847347D93E59}:1.0
FF - prefs.js..extensions.enabledItems: {B03E079F-D2B0-4724-87FF-627C9BF7C37A}:1.0
FF - prefs.js..extensions.enabledItems: {C361E529-A1A8-42A3-9EBA-142511492E72}:1.0
FF - prefs.js..extensions.enabledItems: {C851BF49-FEB5-45E3-9454-D6419C762F67}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {DF42EBB0-E778-4F92-A4E0-7159110D91D0}:1.0
FF - prefs.js..extensions.enabledItems: {E05F25AF-CE56-4A04-BD4A-D05502CE5093}:1.0
FF - prefs.js..extensions.enabledItems: {E3ACF27A-D819-4777-A24E-938D2956370E}:1.0
FF - prefs.js..extensions.enabledItems: {F09143A3-444A-4FC3-AD06-EE550C3E66D6}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/05 14:47:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/22 13:09:23 | 00,000,000 | ---D | M]

[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Extensions
[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Firefox\Profiles\kv8wctwf.default\extensions
[2009/05/11 17:09:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/26 15:14:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2009/01/22 13:09:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/07 11:13:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background (Research In Motion Limited)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233004662750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://meetingplace...bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.7.0.752.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/23 12:18:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell - "" = AutoRun
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/11 17:15:44 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric Groh\Desktop\OTListIt2.exe
[2009/05/11 17:09:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\GooredFixBackups
[2009/05/11 17:08:37 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\GooredFix.exe
[2009/05/11 17:02:33 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Nancy Wildermuth Online Closer resume[1].doc
[2009/05/11 17:02:20 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\M_Taubman_Resume[1][1].doc
[2009/05/11 16:28:52 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/05/11 16:28:36 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\LopSD.exe
[2009/05/11 16:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\temp
[2009/05/11 15:56:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/11 15:56:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/11 15:56:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/11 15:56:21 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/11 15:56:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/11 15:56:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/11 15:56:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/11 15:56:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/11 15:56:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/11 15:42:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/11 15:42:19 | 03,020,851 | R--- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\ComboFix.exe
[2009/05/11 15:18:29 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/11 15:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/11 15:06:31 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/11 15:05:45 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\SDFix.exe
[2009/05/11 15:05:09 | 00,072,192 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\VDellOrco Resume[1][1].doc
[2009/05/11 15:04:52 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Moreland[1].doc
[2009/05/11 13:23:17 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/11 10:42:28 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Capizzi.doc
[2009/05/08 13:10:48 | 00,000,869 | ---- | C] () -- C:\win_betaengdat
[2009/05/08 13:06:45 | 00,000,000 | ---D | C] -- C:\scan
[2009/05/08 13:05:55 | 64,524,628 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\win_betaengdat.zip
[2009/05/08 12:41:16 | 00,022,453 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Infections.zip
[2009/05/08 12:37:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\Infections
[2009/05/08 12:34:21 | 03,623,736 | ---- | C] (Sysinternals) -- C:\Documents and Settings\Eric Groh\Desktop\procexp.exe
[2009/05/07 15:48:55 | 00,016,435 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree Mims.docx
[2009/05/07 15:44:11 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Jim Ristagno.doc
[2009/05/07 15:34:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\~$rker Brickley.docx
[2009/05/07 15:05:19 | 00,000,980 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/05/07 15:01:29 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 13:36:43 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/07 13:34:57 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 13:31:58 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/07 12:53:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/07 12:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\WinRAR
[2009/05/07 12:25:16 | 00,013,779 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Parker Brickley.docx
[2009/05/07 12:24:37 | 00,016,647 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\HENRY ARIAS.docx
[2009/05/07 12:05:04 | 00,016,933 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\James M.docx
[2009/05/07 12:03:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\~$yree R.docx
[2009/05/07 11:58:48 | 00,018,921 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Daniel.docx
[2009/05/07 11:58:36 | 00,016,452 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree R.docx
[2009/05/07 11:09:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Sun
[2009/05/07 11:04:58 | 00,000,202 | ---- | C] () -- C:\43214354.bat
[2009/05/06 17:48:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/06 17:48:17 | 00,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/06 16:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Malwarebytes
[2009/05/06 16:23:39 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/06 16:23:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/06 16:23:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/06 16:23:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/06 16:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/06 16:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Apps
[2009/05/06 16:08:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Windows Search
[2009/05/06 07:57:15 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/06 06:36:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/05 17:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\AdobeUM
[2009/05/05 14:53:21 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/05 14:52:02 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/05 13:37:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/05 13:37:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/05 13:36:53 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/05 13:36:53 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/05 13:36:53 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/05 13:36:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/05 13:36:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/05 13:36:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/05 13:36:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/05 13:36:51 | 00,000,000 | ---D | C] -- C:\2d0c860b4fbab27081df6c9e6435
[2009/05/05 13:30:15 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/05 13:30:15 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/05 13:30:15 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/05 13:30:15 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/05 13:30:15 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/05 13:30:14 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/05 13:30:14 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/05 13:30:14 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/05 13:30:14 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/05 13:30:13 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/05 13:30:12 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/05 13:30:12 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/05 13:29:49 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/05 13:29:49 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/05 13:29:49 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/05 13:21:14 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/05/05 13:20:34 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/05 13:20:23 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/05/05 13:20:19 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/05/05 13:20:15 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/05/05 13:19:54 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/05 11:59:28 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/05 11:56:22 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/05/05 11:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\U3
[2009/05/05 11:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\Great American
[2009/05/05 11:20:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\desktop resumes
[2009/05/05 11:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/05 10:56:24 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/05/05 10:56:24 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2009/05/05 10:56:24 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/05/05 10:56:16 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/05/05 10:56:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/05/05 10:56:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/05/05 10:56:12 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/05/05 10:56:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/05/05 10:56:11 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/05/05 10:56:11 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/05/05 10:56:11 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/05/05 10:56:11 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/05/05 10:56:11 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/05/05 10:56:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/05/05 10:56:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/05/05 10:56:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/05/05 10:56:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/05/05 10:56:11 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/05/05 10:56:11 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/05/05 10:56:10 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/05/05 10:56:10 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/05/05 10:56:10 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/05/05 10:56:10 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/05/05 10:56:10 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/05/05 10:56:10 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/05/05 10:56:10 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/05/05 10:56:10 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/05/05 10:56:08 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/05/05 10:56:08 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/05/05 10:56:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/05/05 10:56:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/05/05 10:56:08 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/05/05 10:56:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/05/05 10:56:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/05/05 10:56:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/05/05 10:56:07 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/05/05 10:56:07 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/05/05 10:56:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/05/05 10:56:06 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/05/05 10:56:06 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/05/05 10:56:06 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/05/05 10:56:05 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/05/05 10:56:05 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/05/05 10:56:05 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/05/05 10:56:05 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/05/05 10:56:05 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/05/05 10:56:04 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/05/05 10:56:03 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/05/05 10:56:02 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/05/05 10:56:02 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/05/05 10:56:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/05/05 10:55:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/05 10:55:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/05 10:55:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/05 10:55:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/05 10:53:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/05 10:51:10 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/05/05 10:51:10 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/05/05 10:51:10 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/05/05 10:51:09 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/05/05 10:51:09 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/05/05 10:51:09 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/05/05 10:51:09 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/05/05 10:51:09 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/05/05 10:51:09 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/05/05 10:51:08 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/05/05 10:51:08 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/05/05 10:51:08 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/05/05 10:51:06 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/05/05 10:51:06 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/05/05 10:51:06 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/05/05 10:51:06 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/05/05 10:51:06 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/05/05 10:51:05 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/05/05 10:51:05 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/05/05 10:51:05 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/05/05 10:51:05 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/05/05 10:51:05 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/05/05 10:51:05 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/05/05 10:46:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/04 15:29:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Macromedia
[2009/05/04 15:02:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Mozilla
[2009/05/04 14:57:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Research In Motion
[2009/05/04 14:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Adobe
[2009/05/04 14:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\SiteAdvisor
[2009/05/04 14:57:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Identities
[2009/05/04 14:57:21 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\desktop.ini
[2009/05/04 14:57:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Local Settings\desktop.ini
[2009/05/04 14:57:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Application Data\desktop.ini
[2009/05/04 14:57:21 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Eric Groh\Application Data\Microsoft
[2009/05/04 14:57:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Temporary Internet Files
[2009/05/04 14:57:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Eric Groh\Local Settings\History
[2009/05/04 14:57:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Application Data
[2009/05/04 14:44:24 | 00,000,000 | ---D | C] -- C:\Desktop Docs
[2009/04/29 17:35:43 | 00,000,000 | ---D | C] -- C:\sdat scan
[2008/06/17 14:47:18 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/06/17 14:47:17 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/06/17 14:47:17 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/06/17 14:47:16 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/06/17 14:47:12 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/17 14:46:54 | 00,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/06/17 13:41:13 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/06/16 18:31:19 | 00,015,498 | R--- | C] () -- C:\WINDOWS\VX3000.ini
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/21 14:23:25 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/23 15:51:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/09 14:46:30 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2006/01/30 11:00:00 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL
[2001/08/23 08:00:00 | 00,000,740 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/11 17:15:52 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Groh\Desktop\OTListIt2.exe
[2009/05/11 17:08:37 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\GooredFix.exe
[2009/05/11 17:02:34 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Nancy Wildermuth Online Closer resume[1].doc
[2009/05/11 17:02:20 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\M_Taubman_Resume[1][1].doc
[2009/05/11 16:28:38 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\LopSD.exe
[2009/05/11 16:20:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/11 16:20:23 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/11 16:20:15 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/05/11 16:19:13 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/05/11 16:18:52 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/11 16:18:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/11 16:18:36 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Eric Groh\Local Settings\desktop.ini
[2009/05/11 16:17:21 | 00,009,979 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/11 16:17:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 16:17:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 15:42:23 | 03,020,851 | R--- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\ComboFix.exe
[2009/05/11 15:18:29 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/11 15:05:54 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\SDFix.exe
[2009/05/11 15:05:09 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\VDellOrco Resume[1][1].doc
[2009/05/11 15:04:52 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Moreland[1].doc
[2009/05/11 13:35:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/11 10:42:28 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Capizzi.doc
[2009/05/08 15:54:01 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/08 13:23:02 | 00,022,453 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Infections.zip
[2009/05/08 13:11:21 | 00,000,869 | ---- | M] () -- C:\win_betaengdat
[2009/05/07 15:48:55 | 00,016,435 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree Mims.docx
[2009/05/07 15:44:12 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Jim Ristagno.doc
[2009/05/07 15:34:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\~$rker Brickley.docx
[2009/05/07 15:05:19 | 00,000,980 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/05/07 14:29:43 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 14:28:51 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 13:31:56 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/07 12:50:24 | 00,000,080 | -HS- | M] () -- U:\desktop.ini
[2009/05/07 12:41:45 | 00,000,202 | ---- | M] () -- C:\43214354.bat
[2009/05/07 12:25:16 | 00,013,779 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Parker Brickley.docx
[2009/05/07 12:24:37 | 00,016,647 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\HENRY ARIAS.docx
[2009/05/07 12:05:04 | 00,016,933 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\James M.docx
[2009/05/07 12:03:47 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\~$yree R.docx
[2009/05/07 11:58:48 | 00,018,921 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Daniel.docx
[2009/05/07 11:58:37 | 00,016,452 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree R.docx
[2009/05/06 19:42:57 | 64,524,628 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\win_betaengdat.zip
[2009/05/06 18:19:27 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/06 17:48:17 | 00,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/06 16:23:39 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 15:23:02 | 00,555,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 15:23:02 | 00,465,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/05 15:23:02 | 00,079,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/05 15:18:39 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 14:53:21 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/01 10:08:53 | 21,454,03904 | ---- | M] () -- C:\Eric's E-mail Backup 012309.pst
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/04/30 11:03:40 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\wedafini
[2009/04/28 17:31:39 | 00,115,224 | ---- | M] () -- C:\img2-001.raw
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
< End of report >

#18
grohfactor

Posted 11 May 2009 - 03:28 PM

Member

Topic Starter
Member
24 posts

Ok, so I just put the GooredLog and the OTList as well... I believe the question is now in regards to how the computer is performing...

I did some searches, and the google-redirect has stopped... thanks!

In regards to the processing message, I believe that stopped as well. It used to be that if I tried to open a new email, or any function, it would require I press cancel on the message 4 times... it appears that is no longer the case... THANK YOU HEIR!

#19
heir

Posted 11 May 2009 - 04:06 PM

Trusted Helper

Malware Removal
5,427 posts

So we're making some progress here

Let's proceed with a fix and some scans in case something more is lurking in there.

Step 1.
OTL-fix:

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell - "" = AutoRun
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"80:TCP"=-
"7171:TCP"=-
:Files
C:\DOCUME~1\Test\APPLIC~1\LimeWire
C:\Program Files\LimeWire
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL2 fixlog

Step 2.
Filescans:

Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\43214354.bat
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Do the same with this one:C:\WINDOWS\System32\wedafini

Step 3.
OTL-scan:

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scans box at the bottom left paste the following in

C:\2d0c860b4fbab27081df6c9e6435\*.* /s
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 4.
Things I would like to see in your reply:

The content of the fixlog from OTL2 in step 1.
The results from the filescans in step 2.
The content of OTListIt.txt in step 3.

#20
grohfactor

Posted 12 May 2009 - 08:45 AM

Member

Topic Starter
Member
24 posts

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\ not found.
File D:\LaunchU3.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\80:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7171:TCP not found.
========== FILES ==========
C:\DOCUME~1\Test\APPLIC~1\LimeWire\xml\data moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\xml moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\promotion moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\mozilla-profile\updates\0 moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\mozilla-profile\updates moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\mozilla-profile\extensions moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\mozilla-profile\Cache moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\mozilla-profile moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\certificate moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\res\html moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\res\fonts moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\res\dtd moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\res moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\plugins moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\modules moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\greprefs moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\dictionaries moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\defaults\pref moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\defaults moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\components moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner\chrome moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser\xulrunner moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\browser moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire\.AppSpecialShare moved successfully.
C:\DOCUME~1\Test\APPLIC~1\LimeWire moved successfully.
C:\Program Files\LimeWire moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Eric Groh\Local Settings\temp\ExchangePerflog_8484fa31f198b99a2f69e0ae.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Eric Groh\Local Settings\temp\~DFB03B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Eric Groh\Local Settings\temp\~DFB085.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Eric Groh\Local Settings\temp\~DFB0B4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Eric Groh\Local Settings\temp\~DFB0F3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_aPLBuNl7OsdsNMd scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_PvqvyEMcNl0h5mD scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_tcDWl4iK4a19rbx scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_680.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.6 log created on 05122009_104007

Files moved on Reboot...
C:\Documents and Settings\Eric Groh\Local Settings\temp\ExchangePerflog_8484fa31f198b99a2f69e0ae.dat moved successfully.
File C:\Documents and Settings\Eric Groh\Local Settings\temp\~DFB03B.tmp not found!
File C:\Documents and Settings\Eric Groh\Local Settings\temp\~DFB085.tmp not found!
File C:\Documents and Settings\Eric Groh\Local Settings\temp\~DFB0B4.tmp not found!
File C:\Documents and Settings\Eric Groh\Local Settings\temp\~DFB0F3.tmp not found!
File C:\WINDOWS\temp\mcafee_aPLBuNl7OsdsNMd not found!
File C:\WINDOWS\temp\mcafee_PvqvyEMcNl0h5mD not found!
File C:\WINDOWS\temp\mcafee_tcDWl4iK4a19rbx not found!
File C:\WINDOWS\temp\Perflib_Perfdata_680.dat not found!

Registry entries deleted on Reboot...

#21
grohfactor

Posted 12 May 2009 - 08:59 AM

Member

Topic Starter
Member
24 posts

VirSCAN.org Scanned Report :
Scanned time : 2009/05/12 10:44:28 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : 43214354.bat
File Size : 202 byte
File Type : ISO-8859 text
MD5 : d263c401708b8d426f22b3e4762513a6
SHA1 : 508cb80d9433812a076a6be579810f62e4169560
Online report : http://virscan.org/r...a09e5c3b87.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090512023154 2009-05-12 3.23 -
AhnLab V3 2009.05.12.02 2009.05.12 2009-05-12 0.73 -
AntiVir 8.2.0.166 7.1.3.190 2009-05-12 0.15 -
Antiy 2.0.18 20090512.2404501 2009-05-12 0.21 -
Arcavir 2009 200905121026 2009-05-12 0.03 -
Authentium 5.1.1 200905120856 2009-05-12 1.41 -
AVAST! 4.7.4 090511-0 2009-05-11 0.00 -
AVG 8.5.286 270.12.26/2110 2009-05-12 3.27 -
BitDefender 7.81008.2955091 7.25358 2009-05-12 2.75 -
CA (VET) 9.0.0.143 31.6.6500 2009-05-12 2.32 -
ClamAV 0.95 9353 2009-05-12 0.00 -
Comodo 3.8 1157 2009-05-08 0.84 -
CP Secure 1.1.0.715 2009.05.12 2009-05-12 9.07 -
Dr.Web 4.44.0.9170 2009.05.12 2009-05-12 4.58 -
F-Prot 4.4.4.56 20090512 2009-05-12 1.11 -
F-Secure 5.51.6100 2009.05.12.04 2009-05-12 0.06 -
Fortinet 2.81-3.117 10.380 2009-05-12 0.16 -
GData 19.5181/19.327 20090512 2009-05-12 4.11 -
ViRobot 20090511 2009.05.11 2009-05-11 0.54 -
Ikarus T3.1.01.49 2009.05.12.72705 2009-05-12 2.96 -
JiangMin 11.0.706 2009.05.12 2009-05-12 1.94 -
Kaspersky 5.5.10 2009.05.12 2009-05-12 0.03 -
KingSoft 2009.2.5.15 2009.5.12.7 2009-05-12 0.49 -
McAfee 5.3.00 5612 2009-05-11 4.52 -
Microsoft 1.4602 2009.05.12 2009-05-12 4.78 -
mks_vir 2.01 2009.05.12 2009-05-12 2.47 -
Norman 6.01.05 6.01.00 2009-05-12 4.00 -
Panda 9.05.01 2009.05.11 2009-05-11 1.71 -
Trend Micro 8.700-1004 6.124.03 2009-05-12 0.02 -
Quick Heal 10.00 2009.05.12 2009-05-12 1.18 -
Rising 20.0 21.29.14.00 2009-05-12 0.39 -
Sophos 2.86.0 4.41 2009-05-12 2.41 -
Sunbelt 5129 5129 2009-05-11 0.72 -
Symantec 1.3.0.24 20090511.007 2009-05-11 0.17 -
nProtect 20090512.01 3600246 2009-05-12 6.80 -
The Hacker 6.3.4.1 v00324 2009-05-09 0.58 -
VBA32 3.12.10.4 20090511.1706 2009-05-11 2.22 -
VirusBuster 4.5.11.10 10.105.23/1345928 2009-05-11 1.82 -

#22
grohfactor

Posted 12 May 2009 - 09:03 AM

Member

Topic Starter
Member
24 posts

VirSCAN.org Scanned Report :
Scanned time : 2009/05/12 10:55:11 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : wedafini
File Size : 11168 byte
File Type : data
MD5 : ae654333d27f9eee9a96910bca73f358
SHA1 : f25f804fd063867668155009a5184704437c4395
Online report : http://virscan.org/r...5e232d5aff.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090512023154 2009-05-12 2.15 -
AhnLab V3 2009.05.12.02 2009.05.12 2009-05-12 0.71 -
AntiVir 8.2.0.166 7.1.3.190 2009-05-12 0.19 -
Antiy 2.0.18 20090512.2404501 2009-05-12 0.12 -
Arcavir 2009 200905121026 2009-05-12 0.02 -
Authentium 5.1.1 200905120856 2009-05-12 1.15 -
AVAST! 4.7.4 090511-0 2009-05-11 0.00 -
AVG 8.5.286 270.12.26/2110 2009-05-12 3.38 -
BitDefender 7.81008.2955091 7.25358 2009-05-12 2.81 -
CA (VET) 9.0.0.143 31.6.6500 2009-05-12 7.79 -
ClamAV 0.95 9353 2009-05-12 0.06 -
Comodo 3.8 1157 2009-05-08 0.77 -
CP Secure 1.1.0.715 2009.05.12 2009-05-12 8.87 -
Dr.Web 4.44.0.9170 2009.05.12 2009-05-12 4.55 -
F-Prot 4.4.4.56 20090512 2009-05-12 1.12 -
F-Secure 5.51.6100 2009.05.12.04 2009-05-12 5.38 -
Fortinet 2.81-3.117 10.380 2009-05-12 0.16 -
GData 19.5181/19.327 20090512 2009-05-12 4.12 -
ViRobot 20090511 2009.05.11 2009-05-11 0.41 -
Ikarus T3.1.01.49 2009.05.12.72705 2009-05-12 2.92 -
JiangMin 11.0.706 2009.05.12 2009-05-12 1.92 -
Kaspersky 5.5.10 2009.05.12 2009-05-12 0.02 -
KingSoft 2009.2.5.15 2009.5.12.7 2009-05-12 0.47 -
McAfee 5.3.00 5612 2009-05-11 2.83 -
Microsoft 1.4602 2009.05.12 2009-05-12 4.55 -
mks_vir 2.01 2009.05.12 2009-05-12 2.53 -
Norman 6.01.05 6.01.00 2009-05-12 4.00 -
Panda 9.05.01 2009.05.11 2009-05-11 2.06 -
Trend Micro 8.700-1004 6.124.03 2009-05-12 0.02 -
Quick Heal 10.00 2009.05.12 2009-05-12 1.18 -
Rising 20.0 21.29.14.00 2009-05-12 0.37 -
Sophos 2.86.0 4.41 2009-05-12 2.29 -
Sunbelt 5129 5129 2009-05-11 0.71 -
Symantec 1.3.0.24 20090511.007 2009-05-11 0.26 -
nProtect 20090512.01 3600246 2009-05-12 4.99 -
The Hacker 6.3.4.1 v00324 2009-05-09 0.57 -
VBA32 3.12.10.4 20090511.1706 2009-05-11 1.86 -
VirusBuster 4.5.11.10 10.105.23/1345928 2009-05-11 1.67 -

#23
grohfactor

Posted 12 May 2009 - 09:10 AM

Member

Topic Starter
Member
24 posts

OTListIt logfile created on: 5/12/2009 11:05:23 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Eric Groh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 525.44 Mb Available Physical Memory | 51.39% Memory free
2.31 Gb Paging File | 1.87 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 202.20 Gb Free Space | 90.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.51 Gb Total Space | 1.12 Gb Free Space | 13.18% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive S: | 465.76 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
Drive U: | 465.76 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS

Computer Name: DWS10
Current User Name: Eric Groh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\SiteAdvisor\6173\SAService.exe ()
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Eric Groh\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EngineServer [Auto | Running]) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McAfee HackerWatch Service [Auto | Running]) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
SRV - (McShield [On_Demand | Running]) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (myAgtSvc [Auto | Running]) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SiteAdvisor Service [Auto | Running]) -- C:\Program Files\SiteAdvisor\6173\SAService.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CXFALCON [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\cxfalcon.sys (Conexant Systems, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipr12.dll (Hewlett-Packard)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MfeAVFK [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (MfeBOPK [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeRKDK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RimUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX3000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV - (WN5301 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wn5301.sys (Liteon Technology Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {034362E6-EEA5-4B10-8857-4886664B841A}:1.0
FF - prefs.js..extensions.enabledItems: {08C3E2B2-28C6-4319-8F30-AB3BF74AB4C9}:1.0
FF - prefs.js..extensions.enabledItems: {08D4E45B-A77E-4A34-8D08-1AE3CF6C6878}:1.0
FF - prefs.js..extensions.enabledItems: {0F1EB8A4-D805-47A5-B60E-37342568AB75}:1.0
FF - prefs.js..extensions.enabledItems: {26104708-C5A8-4587-8144-635B1B93FD5E}:1.0
FF - prefs.js..extensions.enabledItems: {2FB53317-D20C-4D9D-AD03-4438D1956255}:1.0
FF - prefs.js..extensions.enabledItems: {3C541550-33DA-4F72-8C1B-7D3DBD3A46F1}:1.0
FF - prefs.js..extensions.enabledItems: {42E391D9-967D-4C04-8B27-2E3899927FC7}:1.0
FF - prefs.js..extensions.enabledItems: {44046F12-1F85-4059-A0A2-E12128AB279E}:1.0
FF - prefs.js..extensions.enabledItems: {45715A67-430E-4B58-B964-10378E65514C}:1.0
FF - prefs.js..extensions.enabledItems: {50864C6A-1F3F-4F42-92C7-C0AF3D311043}:1.0
FF - prefs.js..extensions.enabledItems: {5F71B4A0-6F3B-4AFA-80B6-484773E3F098}:1.0
FF - prefs.js..extensions.enabledItems: {6736B158-AFFE-4A8B-B913-4065C8F4CAEC}:1.0
FF - prefs.js..extensions.enabledItems: {6FFC9017-DDA9-46AB-B293-2588DDEE9E5C}:1.0
FF - prefs.js..extensions.enabledItems: {70550096-CF19-48E8-BC30-AA7CBCF7E64A}:1.0
FF - prefs.js..extensions.enabledItems: {744DD12F-67CB-4384-A9E7-79206468B059}:1.0
FF - prefs.js..extensions.enabledItems: {82C30042-C896-4135-931C-EBDD5AAB088C}:1.0
FF - prefs.js..extensions.enabledItems: {82CE0DED-CB76-4EA1-999C-25B154B99A61}:1.0
FF - prefs.js..extensions.enabledItems: {882E420B-D109-4A78-BFA2-7866A5C081E0}:1.0
FF - prefs.js..extensions.enabledItems: {915E2611-A008-435B-8E57-6016A4B0C0E7}:1.0
FF - prefs.js..extensions.enabledItems: {9EA5B66B-6C5B-4C2C-880C-82413B955665}:1.0
FF - prefs.js..extensions.enabledItems: {A4BB4448-E5D1-4485-AC20-533A7F1E968B}:1.0
FF - prefs.js..extensions.enabledItems: {A65EE25D-1002-4291-848E-847347D93E59}:1.0
FF - prefs.js..extensions.enabledItems: {B03E079F-D2B0-4724-87FF-627C9BF7C37A}:1.0
FF - prefs.js..extensions.enabledItems: {C361E529-A1A8-42A3-9EBA-142511492E72}:1.0
FF - prefs.js..extensions.enabledItems: {C851BF49-FEB5-45E3-9454-D6419C762F67}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {DF42EBB0-E778-4F92-A4E0-7159110D91D0}:1.0
FF - prefs.js..extensions.enabledItems: {E05F25AF-CE56-4A04-BD4A-D05502CE5093}:1.0
FF - prefs.js..extensions.enabledItems: {E3ACF27A-D819-4777-A24E-938D2956370E}:1.0
FF - prefs.js..extensions.enabledItems: {F09143A3-444A-4FC3-AD06-EE550C3E66D6}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/05 14:47:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/22 13:09:23 | 00,000,000 | ---D | M]

[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Extensions
[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Firefox\Profiles\kv8wctwf.default\extensions
[2009/05/11 17:09:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/26 15:14:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2009/01/22 13:09:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/07 11:13:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background (Research In Motion Limited)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233004662750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://meetingplace...bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.7.0.752.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/23 12:18:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/12 10:40:07 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/11 17:38:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\Comp Issue
[2009/05/11 17:22:57 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\~$ncy Wildermuth Online Closer resume[1].doc
[2009/05/11 17:15:44 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric Groh\Desktop\OTListIt2.exe
[2009/05/11 17:02:33 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Nancy Wildermuth Online Closer resume[1].doc
[2009/05/11 17:02:20 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\M_Taubman_Resume[1][1].doc
[2009/05/11 16:28:52 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/05/11 16:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\temp
[2009/05/11 15:56:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/11 15:56:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/11 15:56:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/11 15:56:21 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/11 15:56:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/11 15:56:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/11 15:56:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/11 15:56:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/11 15:56:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/11 15:42:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/11 15:18:29 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/11 15:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/05/11 15:06:31 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/11 15:05:09 | 00,072,192 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\VDellOrco Resume[1][1].doc
[2009/05/11 15:04:52 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Moreland[1].doc
[2009/05/11 13:23:17 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/11 10:42:28 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Capizzi.doc
[2009/05/08 13:10:48 | 00,000,869 | ---- | C] () -- C:\win_betaengdat
[2009/05/08 13:06:45 | 00,000,000 | ---D | C] -- C:\scan
[2009/05/08 12:34:21 | 03,623,736 | ---- | C] (Sysinternals) -- C:\Documents and Settings\Eric Groh\Desktop\procexp.exe
[2009/05/07 15:48:55 | 00,016,435 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree Mims.docx
[2009/05/07 15:44:11 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Jim Ristagno.doc
[2009/05/07 15:34:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\~$rker Brickley.docx
[2009/05/07 15:05:19 | 00,000,980 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/05/07 15:01:29 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 13:36:43 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/07 13:34:57 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 13:31:58 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/07 12:53:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/07 12:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\WinRAR
[2009/05/07 12:25:16 | 00,013,779 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Parker Brickley.docx
[2009/05/07 12:24:37 | 00,016,647 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\HENRY ARIAS.docx
[2009/05/07 12:05:04 | 00,016,933 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\James M.docx
[2009/05/07 12:03:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\~$yree R.docx
[2009/05/07 11:58:48 | 00,018,921 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Daniel.docx
[2009/05/07 11:58:36 | 00,016,452 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree R.docx
[2009/05/07 11:09:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Sun
[2009/05/07 11:04:58 | 00,000,202 | ---- | C] () -- C:\43214354.bat
[2009/05/06 17:48:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/06 17:48:17 | 00,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/06 16:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Malwarebytes
[2009/05/06 16:23:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/06 16:23:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/06 16:23:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/06 16:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/06 16:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Apps
[2009/05/06 16:08:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Windows Search
[2009/05/06 07:57:15 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/06 06:36:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/05 17:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\AdobeUM
[2009/05/05 14:53:21 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/05 14:52:02 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/05 13:37:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/05 13:37:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/05 13:36:53 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/05 13:36:53 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/05 13:36:53 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/05 13:36:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/05 13:36:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/05 13:36:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/05 13:36:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/05 13:36:51 | 00,000,000 | ---D | C] -- C:\2d0c860b4fbab27081df6c9e6435
[2009/05/05 13:30:15 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/05 13:30:15 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/05 13:30:15 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/05 13:30:15 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/05 13:30:15 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/05 13:30:14 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/05 13:30:14 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/05 13:30:14 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/05 13:30:14 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/05 13:30:13 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/05 13:30:12 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/05 13:30:12 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/05 13:29:49 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/05 13:29:49 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/05 13:29:49 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/05 13:21:14 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/05/05 13:20:34 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/05 13:20:23 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/05/05 13:20:19 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/05/05 13:20:15 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/05/05 13:19:54 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/05 11:59:28 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/05 11:56:22 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/05/05 11:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\U3
[2009/05/05 11:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\Great American
[2009/05/05 11:20:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\desktop resumes
[2009/05/05 11:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/05 10:56:24 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/05/05 10:56:24 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2009/05/05 10:56:24 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/05/05 10:56:16 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/05/05 10:56:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/05/05 10:56:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/05/05 10:56:12 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/05/05 10:56:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/05/05 10:56:11 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/05/05 10:56:11 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/05/05 10:56:11 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/05/05 10:56:11 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/05/05 10:56:11 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/05/05 10:56:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/05/05 10:56:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/05/05 10:56:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/05/05 10:56:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/05/05 10:56:11 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/05/05 10:56:11 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/05/05 10:56:10 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/05/05 10:56:10 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/05/05 10:56:10 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/05/05 10:56:10 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/05/05 10:56:10 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/05/05 10:56:10 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/05/05 10:56:10 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/05/05 10:56:10 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/05/05 10:56:08 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/05/05 10:56:08 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/05/05 10:56:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/05/05 10:56:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/05/05 10:56:08 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/05/05 10:56:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/05/05 10:56:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/05/05 10:56:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/05/05 10:56:07 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/05/05 10:56:07 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/05/05 10:56:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/05/05 10:56:06 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/05/05 10:56:06 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/05/05 10:56:06 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/05/05 10:56:05 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/05/05 10:56:05 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/05/05 10:56:05 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/05/05 10:56:05 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/05/05 10:56:05 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/05/05 10:56:04 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/05/05 10:56:03 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/05/05 10:56:02 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/05/05 10:56:02 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/05/05 10:56:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/05/05 10:55:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/05 10:55:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/05 10:55:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/05 10:55:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/05 10:53:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/05 10:51:10 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/05/05 10:51:10 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/05/05 10:51:10 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/05/05 10:51:09 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/05/05 10:51:09 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/05/05 10:51:09 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/05/05 10:51:09 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/05/05 10:51:09 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/05/05 10:51:09 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/05/05 10:51:08 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/05/05 10:51:08 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/05/05 10:51:08 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/05/05 10:51:06 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/05/05 10:51:06 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/05/05 10:51:06 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/05/05 10:51:06 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/05/05 10:51:06 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/05/05 10:51:05 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/05/05 10:51:05 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/05/05 10:51:05 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/05/05 10:51:05 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/05/05 10:51:05 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/05/05 10:51:05 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/05/05 10:46:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/04 15:29:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Macromedia
[2009/05/04 15:02:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Mozilla
[2009/05/04 14:57:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Research In Motion
[2009/05/04 14:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Adobe
[2009/05/04 14:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\SiteAdvisor
[2009/05/04 14:57:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Identities
[2009/05/04 14:57:21 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\desktop.ini
[2009/05/04 14:57:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Local Settings\desktop.ini
[2009/05/04 14:57:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Application Data\desktop.ini
[2009/05/04 14:57:21 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Eric Groh\Application Data\Microsoft
[2009/05/04 14:57:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Temporary Internet Files
[2009/05/04 14:57:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Eric Groh\Local Settings\History
[2009/05/04 14:57:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Application Data
[2009/05/04 14:44:24 | 00,000,000 | ---D | C] -- C:\Desktop Docs
[2009/04/29 17:35:43 | 00,000,000 | ---D | C] -- C:\sdat scan
[2008/06/17 14:47:18 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/06/17 14:47:17 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/06/17 14:47:17 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/06/17 14:47:16 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/06/17 14:47:12 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/17 14:46:54 | 00,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/06/17 13:41:13 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/06/16 18:31:19 | 00,015,498 | R--- | C] () -- C:\WINDOWS\VX3000.ini
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/21 14:23:25 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/23 15:51:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/09 14:46:30 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2006/01/30 11:00:00 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL
[2001/08/23 08:00:00 | 00,000,740 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/12 10:54:39 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/05/12 10:45:36 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/12 10:43:16 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/05/12 10:42:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/12 10:42:47 | 00,009,979 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/12 10:42:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Eric Groh\Local Settings\desktop.ini
[2009/05/12 10:42:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/12 10:42:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 17:22:57 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\~$ncy Wildermuth Online Closer resume[1].doc
[2009/05/11 17:15:52 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Groh\Desktop\OTListIt2.exe
[2009/05/11 17:02:34 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Nancy Wildermuth Online Closer resume[1].doc
[2009/05/11 17:02:20 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\M_Taubman_Resume[1][1].doc
[2009/05/11 16:20:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/11 16:18:52 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/11 15:18:29 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/05/11 15:05:09 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\VDellOrco Resume[1][1].doc
[2009/05/11 15:04:52 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Moreland[1].doc
[2009/05/11 13:35:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/11 10:42:28 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Capizzi.doc
[2009/05/08 15:54:01 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/08 13:11:21 | 00,000,869 | ---- | M] () -- C:\win_betaengdat
[2009/05/07 15:48:55 | 00,016,435 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree Mims.docx
[2009/05/07 15:44:12 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Jim Ristagno.doc
[2009/05/07 15:34:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\~$rker Brickley.docx
[2009/05/07 15:05:19 | 00,000,980 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/05/07 14:29:43 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 14:28:51 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 13:31:56 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/07 12:50:24 | 00,000,080 | -HS- | M] () -- U:\desktop.ini
[2009/05/07 12:41:45 | 00,000,202 | ---- | M] () -- C:\43214354.bat
[2009/05/07 12:25:16 | 00,013,779 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Parker Brickley.docx
[2009/05/07 12:24:37 | 00,016,647 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\HENRY ARIAS.docx
[2009/05/07 12:05:04 | 00,016,933 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\James M.docx
[2009/05/07 12:03:47 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\~$yree R.docx
[2009/05/07 11:58:48 | 00,018,921 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Daniel.docx
[2009/05/07 11:58:37 | 00,016,452 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree R.docx
[2009/05/06 18:19:27 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/06 17:48:17 | 00,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/05 15:23:02 | 00,555,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 15:23:02 | 00,465,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/05 15:23:02 | 00,079,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/05 15:18:39 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 14:53:21 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/01 10:08:53 | 21,454,03904 | ---- | M] () -- C:\Eric's E-mail Backup 012309.pst
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/04/30 11:03:40 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\wedafini
[2009/04/28 17:31:39 | 00,115,224 | ---- | M] () -- C:\img2-001.raw
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

========== Custom Scans ==========

< C:\2d0c860b4fbab27081df6c9e6435\*.* /s >
[2008/07/06 08:06:10 | 00,147,456 | ---- | M] (Microsoft Corporation) -- C:\2d0c860b4fbab27081df6c9e6435\amd64\filterpipelineprintproc.dll
[2008/07/06 08:06:57 | 00,010,929 | ---- | M] () -- C:\2d0c860b4fbab27081df6c9e6435\amd64\msxpsdrv.cat
[2008/06/19 01:33:47 | 00,002,204 | ---- | M] () -- C:\2d0c860b4fbab27081df6c9e6435\amd64\msxpsdrv.inf
[2008/06/19 11:03:48 | 00,000,073 | ---- | M] () -- C:\2d0c860b4fbab27081df6c9e6435\amd64\msxpsinc.gpd
[2008/06/19 01:33:47 | 00,000,072 | ---- | M] () -- C:\2d0c860b4fbab27081df6c9e6435\amd64\msxpsinc.ppd
[2008/07/06 08:06:10 | 00,748,032 | ---- | M] (Microsoft Corporation) -- C:\2d0c860b4fbab27081df6c9e6435\amd64\mxdwdrv.dll
[2008/07/06 17:36:12 | 02,936,832 | ---- | M] (Microsoft Corporation) -- C:\2d0c860b4fbab27081df6c9e6435\amd64\xpssvcs.dll
[2008/07/06 08:06:10 | 00,089,088 | ---- | M] (Microsoft Corporation) -- C:\2d0c860b4fbab27081df6c9e6435\i386\filterpipelineprintproc.dll
[2008/07/06 08:06:57 | 00,010,929 | ---- | M] () -- C:\2d0c860b4fbab27081df6c9e6435\i386\msxpsdrv.cat
[2008/06/19 01:33:47 | 00,002,204 | ---- | M] () -- C:\2d0c860b4fbab27081df6c9e6435\i386\msxpsdrv.inf
[2008/06/19 11:03:48 | 00,000,073 | ---- | M] () -- C:\2d0c860b4fbab27081df6c9e6435\i386\msxpsinc.gpd
[2008/06/19 01:33:47 | 00,000,072 | ---- | M] () -- C:\2d0c860b4fbab27081df6c9e6435\i386\msxpsinc.ppd
[2008/07/06 08:06:10 | 00,765,440 | ---- | M] (Microsoft Corporation) -- C:\2d0c860b4fbab27081df6c9e6435\i386\mxdwdrv.dll
[2008/07/06 08:06:10 | 01,676,288 | ---- | M] (Microsoft Corporation) -- C:\2d0c860b4fbab27081df6c9e6435\i386\xpssvcs.dll
< End of report >

#24
heir

Posted 12 May 2009 - 10:24 AM

Trusted Helper

Malware Removal
5,427 posts

I would like you to run two good scanners as a final search for malware on your computer.

Step 1.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Upgrading Java:

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

The content of the report from MBAM from Step 2.
The content of the report from Kaspersky Online Scanner from Step 3.

#25
grohfactor

Posted 12 May 2009 - 11:40 AM

Member

Topic Starter
Member
24 posts

Malwarebytes' Anti-Malware 1.36
Database version: 2117
Windows 5.1.2600 Service Pack 3

5/12/2009 1:40:15 PM
mbam-log-2009-05-12 (13-40-15).txt

Scan type: Quick Scan
Objects scanned: 101309
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#26
heir

Posted 12 May 2009 - 12:07 PM

Trusted Helper

Malware Removal
5,427 posts

I'll be waiting for the Kaspersky report - I know it takes quite a while to finish

#27
grohfactor

Posted 12 May 2009 - 02:53 PM

Member

Topic Starter
Member
24 posts

No Kidding! Its been running for 2.5 hours and its only 50% done! I will let it run over night and post tomorrow AM.

Thanks Heir!

#28
grohfactor

Posted 12 May 2009 - 04:33 PM

Member

Topic Starter
Member
24 posts

Ok, just realized that the Kaspersky scan was scanning the whole computer, to include more than just my C: Drive, it was also scanning my shared drives... it would have taken forever... having said that, i restarted it and did just my C: drive, which is really only my computer... I will post that shortly... also, while I was waiting, McAfee informed me of the following PUP's:

prcviewer which was a process.exe (it has since been quarantined)
and
generic.dx!cd which was a pp.06[1].exe (that was deleted)

Here is the Kaspersky scan:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 12, 2009 19:45:17
Records in database: 2168804
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 58594
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:15:58

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthpipcvqmixtsywodhcpqymxpskkbvmewv.dll.vir Infected: Trojan.Win32.Tdss.aalc 1

The selected area was scanned.

#29
heir

Posted 12 May 2009 - 05:20 PM

Trusted Helper

Malware Removal
5,427 posts

Hey there, grohfactor!

OK! Well done, your log is clean again!

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.

Second:
Double-click OTListIt2.exe to start it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTListIt2 CleanUP.

Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Older versions of Adobe Acrobat Reader are vunerable to attack.

Please ensure you have the latest

If needed please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,

Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

Click Start.
Select Settings and then Control Panel.
Select Automatic Updates.
Click Automatic (recommended)
Choose a day and a time when you know the computer will be on and connected to the internet.
Click Apply then OK.

Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here

.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

Trillian or,
Miranda-IM

Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!