Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

Need Help Removing Adware.lop

  • This topic is locked This topic is locked

BC Canuck

BC Canuck

    New Member

  • Member
  • Pip
  • 9 posts
Norton Anti-virus says it wants to re-start my to complete the removal of adware.lop. I allowed the re-start and a while later Norton comes back with the same message. The only symptoms I've had in the last while was trouble re-booting where my pc would only get to the point in the process just before Windows is supposed to start up and not be able to go any further. However, the last few times I was able to reboot successfully. I'm not sure what's going on. I'm hoping someone here can help. Thank you.

Here is an OTL log:

OTL Extras logfile created on: 07/11/2010 6:05:48 PM - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\Denis\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 184.06 Gb Free Space | 61.75% Space Free | Partition Type: NTFS
Drive D: | 819.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DENIS-BAC9D10E6 | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========


.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Create_File_Listing_For_Printing] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "e:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" File not found
Directory [Winamp.Enqueue] -- "e:\Program Files\Winamp\winamp.exe" /ADD "%1" File not found
Directory [Winamp.Play] -- "e:\Program Files\Winamp\winamp.exe" "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

"Start" = 0

"Start" = 2

========== Firewall Settings ==========





"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Enabled:https

========== Authorized Applications List ==========

"C:\WINDOWS\system32\d3dx10_3532.exe" = C:\WINDOWS\system32\d3dx10_3532.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\ntvdmdwow.exe" = C:\WINDOWS\ntvdmdwow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\msportswow.exe" = C:\WINDOWS\msportswow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\WMVSDECDwow.exe" = C:\WINDOWS\WMVSDECDwow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\ir50_32wow.exe" = C:\WINDOWS\ir50_32wow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\servdepswow.exe" = C:\WINDOWS\servdepswow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\sqlwidwow.exe" = C:\WINDOWS\sqlwidwow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\mtxcluwow.exe" = C:\WINDOWS\mtxcluwow.exe:*:Enabled:Windows Update Service -- File not found

"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe" = C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Enabled:Need For Speed III for Win32 -- (Electronic Arts, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Denis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Denis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Denis\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Denis\Application Data\Facebook\facebook.exe: -- ()
"D:\NFS3.EXE" = D:\NFS3.EXE:*:Enabled:Need For Speed III for Win32 -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\WINDOWS\system32\d3dx10_3532.exe" = C:\WINDOWS\system32\d3dx10_3532.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\ntvdmdwow.exe" = C:\WINDOWS\ntvdmdwow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\msportswow.exe" = C:\WINDOWS\msportswow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\WMVSDECDwow.exe" = C:\WINDOWS\WMVSDECDwow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\ir50_32wow.exe" = C:\WINDOWS\ir50_32wow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\servdepswow.exe" = C:\WINDOWS\servdepswow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\sqlwidwow.exe" = C:\WINDOWS\sqlwidwow.exe:*:Enabled:Windows Update Service -- File not found
"C:\WINDOWS\mtxcluwow.exe" = C:\WINDOWS\mtxcluwow.exe:*:Enabled:Windows Update Service -- File not found
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}" = Scrapbook Factory Deluxe 3.0
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{41A7AA4A-8AD1-4B76-A0D8-A37C3D989243}" = StudioTax 2004
"{451C11D3-99E2-4E5E-8CB5-7C246431D9F7}" = DVDInfoPro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.03
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D1FA102-9B90-48B0-8DF8-735BBA5F4093}" = Driver Updater Pro
"{7F6ECB74-632B-4222-AF7F-3553D86E4B45}" = StudioTax 2005
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83EC42C0-8F6B-4272-80B8-04792109112C}" = Paymate Platinum Canadian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50885B4-2D9B-4DC7-961D-2661B3A037F0}" = Quicken 2006
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B37588BF-D761-4DC4-8CEF-5CCA1B439DB9}" = Nitro PDF Reader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B87ED12E-A95F-45AC-89E7-02CFD5BD2353}" = StudioTax 2008
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}" = Citrix XenApp Plugin for Hosted Apps
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBFC7A5C-92F0-413E-B77B-2B5B708A50B2}" = StudioTax 2006
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}" = SolidPDFCreator
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (AKM)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9984E39-42C3-4D43-91B2-1DC25E841B7E}" = MSDE Instance AKM
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adagio_Ledger 9" = Adagio_Ledger 9
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Allway Sync_is1" = Allway Sync version 7.1.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CuzYa Free Website Builder v.1.0" = CuzYa Free Website Builder v.1.0
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Driver Updater Pro" = Driver Updater Pro
"FrostWire" = FrostWire 4.21.1
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.09
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 5.5.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"Need For Speed III" = Need For Speed III
"Network MagicUninstall" = Network Magic
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Panda ActiveScan" = Panda ActiveScan
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SiS 650" = SiS 650
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Switch" = Switch Sound File Converter
"Taxman 2003_is1" = Taxman 2003 Version 1.1
"Ticker Editor_is1" = Ticker Editor 0.5
"Unlocker" = Unlocker 1.8.8
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2007
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wsAPICOM_is1" = wsAPICOM V1.0.7.3

========== HKEY_CURRENT_USER Uninstall List ==========

"Facebook Plug-In" = Facebook Plug-In
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/11/2010 1:41:02 AM | Computer Name = DENIS-BAC9D10E6 | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version, faulting module patch.exe,
version, fault address 0x000031e7.

Error - 02/11/2010 1:41:59 AM | Computer Name = DENIS-BAC9D10E6 | Source = Application Error | ID = 1000
Description = Faulting application 950B.tmp, version, faulting module 950B.tmp,
version, fault address 0x000030ff.

Error - 03/11/2010 5:14:14 AM | Computer Name = DENIS-BAC9D10E6 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04/11/2010 1:36:12 AM | Computer Name = DENIS-BAC9D10E6 | Source = Application Error | ID = 1000
Description = Faulting application patch.exe, version, faulting module patch.exe,
version, fault address 0x000031e7.

Error - 04/11/2010 11:14:43 AM | Computer Name = DENIS-BAC9D10E6 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 05/11/2010 5:13:44 AM | Computer Name = DENIS-BAC9D10E6 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 07/11/2010 9:12:32 PM | Computer Name = DENIS-BAC9D10E6 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version, hang module hungapp,
version, hang address 0x00000000.

Error - 07/11/2010 9:12:44 PM | Computer Name = DENIS-BAC9D10E6 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version, hang module hungapp,
version, hang address 0x00000000.

Error - 07/11/2010 9:12:47 PM | Computer Name = DENIS-BAC9D10E6 | Source = Application Hang | ID = 1001
Description = Fault bucket -2137877539.

Error - 07/11/2010 9:12:56 PM | Computer Name = DENIS-BAC9D10E6 | Source = Application Hang | ID = 1001
Description = Fault bucket -2137877539.

[ System Events ]
Error - 07/11/2010 3:05:52 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:

Error - 07/11/2010 3:05:52 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:

Error - 07/11/2010 3:05:52 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 07/11/2010 3:06:33 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:

Error - 07/11/2010 3:09:01 PM | Computer Name = DENIS-BAC9D10E6 | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 890415e0, parameter2 89016780, parameter3
8878a030, parameter4 00000001.

Error - 07/11/2010 3:35:46 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 07/11/2010 3:35:46 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:

Error - 07/11/2010 3:35:46 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:

Error - 07/11/2010 3:35:46 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 07/11/2010 3:35:53 PM | Computer Name = DENIS-BAC9D10E6 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:

< End of report >
  • 0




    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could I see the main OTL log please it should be on your desktop along with the extras you have posted
  • 0

BC Canuck

BC Canuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi there. Sorry, I didn't realize I created two different logs. Here is the main one.

OTL logfile created on: 07/11/2010 6:05:47 PM - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\Denis\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 184.06 Gb Free Space | 61.75% Space Free | Partition Type: NTFS
Drive D: | 819.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DENIS-BAC9D10E6 | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 18:04:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\My Documents\Downloads\OTL.exe
PRC - [2010/11/01 21:40:53 | 000,178,176 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\SysWin\lsass.exe
PRC - [2010/10/28 11:52:49 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 11:52:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/29 05:41:31 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 14:37:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/03 21:28:05 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\\ccsvchst.exe
PRC - [2010/02/04 08:15:48 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/28 08:12:53 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/24 10:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/10/24 01:46:10 | 000,189,760 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2009/10/14 15:43:06 | 003,217,368 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/05/18 19:55:17 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Denis\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2008/08/11 11:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/08/07 21:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/06/21 15:04:53 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/21 16:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 10:51:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe

========== Modules (SafeList) ==========

MOD - [2010/11/07 18:04:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/29 05:41:31 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/07 14:37:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/03 21:28:05 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exe -- (NAV)
SRV - [2010/02/04 08:15:48 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/24 01:46:10 | 000,189,760 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
SRV - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/05/21 16:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/03/07 10:51:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Denis\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys -- (BOCDRIVE)
DRV - [2010/10/19 12:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/29 05:41:03 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/28 19:04:37 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101107.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 19:04:37 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101107.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/31 14:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/10 05:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/05/26 19:18:57 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 19:18:57 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/05 20:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 21:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 19:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 18:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 18:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 16:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/19 10:54:01 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/02 05:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/29 16:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/20 03:08:26 | 005,795,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/29 03:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/11 11:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 11:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/08/05 04:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/18 09:04:22 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/08/18 03:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/06/20 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/06/05 10:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2007/03/07 10:51:52 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2007/01/10 04:00:00 | 000,244,736 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/01/03 23:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/01/27 03:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/08/09 22:17:58 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2002/12/01 23:33:08 | 000,250,368 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/11/26 22:46:28 | 000,730,700 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/11/26 05:40:16 | 000,008,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/10/30 19:58:42 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2001/08/17 06:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://websearch.ask...ocale=en_US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/05/25 14:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/06 10:43:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: e:\Program Files\Flock\flock\plugins
FF - HKLM\software\mozilla\Flock\Extensions\\Components: e:\Program Files\Flock\flock\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/05 23:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 11:52:52 | 000,000,000 | ---D | M]

[2010/08/07 22:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Extensions
[2010/08/07 22:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Extensions\[email protected]
[2010/11/06 22:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions
[2010/04/27 15:40:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/09 17:40:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/25 22:03:47 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/01/26 08:36:54 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/03/25 22:03:46 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/06/10 18:36:25 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/09/11 22:27:52 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/02/09 12:47:19 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/06/03 08:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]
[2010/06/25 15:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]
[2010/10/28 11:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]
[2010/11/07 11:08:58 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\searchplugins\askcom.xml
[2009/08/10 22:26:43 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\searchplugins\mywebsearch.xml
[2008/01/16 22:25:29 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\searchplugins\siteadvisor.xml
[2010/11/01 12:34:47 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\searchplugins\surf-canyon.xml
[2010/11/06 22:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 18:54:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/24 09:39:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 04:26:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 21:35:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/08/14 11:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/08/14 11:33:30 | 000,091,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/08/14 11:33:26 | 000,020,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/14 11:35:40 | 000,427,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/01/25 19:12:12 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/08/14 11:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/06/08 08:20:52 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/10/15 10:45:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: localhost
O2 - BHO: (20103b33) - {1DF956C1-34FB-76FC-0419-8E416008F1C5} - C:\WINDOWS\system32\audiodev32.dll (Inprise Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RTHDBPL] C:\WINDOWS\lsass.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKCU..\Run: [RegistryMechanic] c:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Denis\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\Denis\Application Data\SysWin\lsass.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cj.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: inac.gc.ca ([dap-pad] https in Trusted sites)
O15 - HKCU\..Trusted Domains: linkshare.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: linksynergy.com ([]https in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://wroc.nrcan.gc...sh/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1219447033296 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} http://data6.archive..._cab/MrSIDI.cab (MrSIDI Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.co...LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zon...oF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - E:\Program Files\ic2008pp.dll File not found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Denis\My Documents\My Pictures\Roxio Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Denis\My Documents\My Pictures\Roxio Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/19 09:39:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/23 11:14:11 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 11:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/11/07 11:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/11/04 11:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\NFS Carbon
[2010/11/04 11:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/02 18:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/11/02 18:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Need for Speed World
[2010/11/01 21:41:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\8E620E002B48B4F2A39CD12171E70A7E
[2010/11/01 21:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2010/11/01 21:41:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32
[2010/11/01 21:41:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1649478657
[2010/11/01 21:40:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Denis\Application Data\SysWin
[2010/11/01 07:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\SOFTRAK
[2010/10/30 23:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\FrostWire
[2010/10/30 23:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\FrostWire
[2010/10/30 23:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/10/30 21:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Nova Development
[2010/10/30 21:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nova Development
[2010/10/30 21:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\PictureToTV
[2010/10/30 21:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nova Development
[2010/10/28 11:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\PSU
[2010/10/28 11:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\AskToolbar
[2010/10/28 11:36:36 | 000,057,344 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll
[2010/10/28 11:36:36 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssusbpn.dll
[2010/10/28 11:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Samsung
[2010/10/28 11:35:29 | 000,151,552 | ---- | C] (SS) -- C:\WINDOWS\System32\cl31cci.exe
[2010/10/28 11:35:29 | 000,065,536 | ---- | C] (SS) -- C:\WINDOWS\System32\cl31cci.dll
[2010/10/28 11:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/26 21:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/26 21:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/26 21:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 21:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/25 23:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\Scrapbook Factory Install Disk Images
[2010/10/25 14:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Download Manager
[2010/10/16 17:24:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/15 10:27:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/15 10:21:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/15 10:21:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/15 10:21:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/15 10:21:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/15 10:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/15 10:21:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/15 10:20:26 | 000,000,000 | ---D | C] -- C:\Combo
[2010/10/14 23:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\BHOK IT Consulting
[2010/10/14 22:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Taxman
[2010/10/14 22:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Taxman
[2010/10/12 09:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2006/12/19 19:29:48 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Denis\My Documents\*.tmp files -> C:\Documents and Settings\Denis\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 17:59:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1788223648-725345543-1004UA.job
[2010/11/07 17:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/07 17:25:08 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Hijackthis.lnk
[2010/11/07 16:59:20 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/07 16:59:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/07 14:13:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/11/07 11:36:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/07 11:36:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/11/07 11:36:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/11/07 11:36:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/11/07 11:35:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/07 11:30:59 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/07 11:30:59 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/07 11:30:56 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/07 11:30:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/11/07 11:08:04 | 000,501,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 11:08:04 | 000,094,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 11:05:57 | 000,175,033 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/07 09:59:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1788223648-725345543-1004Core.job
[2010/11/05 20:04:12 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/05 19:43:51 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\538513434
[2010/11/05 12:09:24 | 000,175,616 | -HS- | M] () -- C:\WINDOWS\lsass.exe
[2010/11/05 01:35:17 | 000,003,565 | ---- | M] () -- C:\WINDOWS\System32\GnuHashes.ini
[2010/11/04 11:52:51 | 000,001,427 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\NFSC.lnk
[2010/11/03 21:36:11 | 000,178,176 | ---- | M] () -- C:\WINDOWS\System32\iphlpapi32.exe
[2010/11/01 21:42:35 | 000,000,315 | -HS- | M] () -- C:\WINDOWS\System32\3357494
[2010/11/01 21:41:32 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/11/01 21:41:01 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\718109713
[2010/11/01 21:35:56 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Shortcut to FrostWire.exe.lnk
[2010/11/01 11:52:37 | 000,124,615 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Leah M - ROE.pdf
[2010/11/01 11:11:00 | 000,001,113 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Nov 1-10.BLK
[2010/10/30 23:33:44 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.1.lnk
[2010/10/29 15:18:10 | 000,006,549 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APWININI.KAT
[2010/10/29 15:16:58 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APGLOB.KAT
[2010/10/29 10:23:50 | 000,035,584 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'R.KAT
[2010/10/29 10:23:20 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'2.KAT
[2010/10/29 10:23:20 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'1.KAT
[2010/10/29 10:23:20 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLROPT'I.KAT
[2010/10/29 10:23:16 | 002,548,032 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBTCD'R.KAT
[2010/10/29 10:23:16 | 000,239,616 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBTCD'1.KAT
[2010/10/29 10:23:16 | 000,195,328 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBTCH'R.KAT
[2010/10/29 10:23:16 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBTCH'1.KAT
[2010/10/29 10:23:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APALBTCH.KAT
[2010/10/29 10:23:02 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLGLOB.KAT
[2010/10/29 10:22:34 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLWININI.KAT
[2010/10/29 10:21:26 | 001,227,776 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCRED'I.KAT
[2010/10/29 10:21:26 | 000,778,752 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCREC'I.KAT
[2010/10/29 10:21:26 | 000,072,142 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'R.KAT
[2010/10/29 10:21:26 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'1.KAT
[2010/10/29 10:21:26 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'2.KAT
[2010/10/29 10:21:26 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBNKE'R.KAT
[2010/10/29 10:21:26 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBANK'D.KAT
[2010/10/29 10:21:18 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0459I.KAT
[2010/10/29 10:21:18 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0459D.KAT
[2010/10/29 10:21:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0459H.KAT
[2010/10/29 10:21:18 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APWOPT.KAT
[2010/10/29 10:20:48 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0458I.KAT
[2010/10/29 10:20:48 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0458D.KAT
[2010/10/29 10:20:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0458H.KAT
[2010/10/29 10:20:20 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0457I.KAT
[2010/10/29 10:20:20 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0457D.KAT
[2010/10/29 10:20:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0457H.KAT
[2010/10/29 10:19:22 | 006,458,812 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCREC'R.KAT
[2010/10/29 10:19:22 | 004,061,312 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCRED'R.KAT
[2010/10/29 10:19:18 | 003,697,800 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCAUD.KAT
[2010/10/29 10:19:16 | 009,845,760 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APGLDS'R.KAT
[2010/10/29 10:19:16 | 006,623,312 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'R.KAT
[2010/10/29 10:19:16 | 004,118,016 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APGLDS'I.KAT
[2010/10/29 10:19:16 | 002,764,312 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'R.KAT
[2010/10/29 10:19:16 | 002,034,176 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'2.KAT
[2010/10/29 10:19:16 | 001,467,904 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'1.KAT
[2010/10/29 10:19:16 | 001,334,784 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEN2'R.KAT
[2010/10/29 10:19:16 | 001,068,972 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'R.KAT
[2010/10/29 10:19:16 | 000,955,904 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'2.KAT
[2010/10/29 10:19:16 | 000,950,272 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'1.KAT
[2010/10/29 10:19:16 | 000,240,435 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APPOSTMC.KAT
[2010/10/29 10:19:04 | 000,001,280 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APMANCHQ.KAT
[2010/10/29 10:17:12 | 000,001,190 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APPOSTME.KAT
[2010/10/28 14:45:55 | 000,734,916 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Hi Norm.pdf
[2010/10/28 14:41:01 | 000,983,552 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Hi Norm.doc
[2010/10/27 14:52:56 | 000,014,528 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APALRT'R.KAT
[2010/10/26 22:51:59 | 000,059,236 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/25 15:00:29 | 011,393,536 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\XenAppHosted.msi
[2010/10/25 10:38:32 | 002,177,152 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'R.KAT
[2010/10/25 10:38:32 | 000,878,336 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'R.KAT
[2010/10/25 10:38:32 | 000,723,072 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'R.KAT
[2010/10/25 10:38:32 | 000,141,824 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'4.KAT
[2010/10/25 10:38:32 | 000,141,824 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'1.KAT
[2010/10/25 10:38:32 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'2.KAT
[2010/10/25 10:38:32 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'5.KAT
[2010/10/25 10:38:32 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'3.KAT
[2010/10/25 10:38:32 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'1.KAT
[2010/10/25 10:38:32 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'2.KAT
[2010/10/25 10:38:32 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'3.KAT
[2010/10/25 10:38:32 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'1.KAT
[2010/10/25 10:38:32 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'4.KAT
[2010/10/25 10:38:32 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'2.KAT
[2010/10/25 10:38:30 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLDATA.KAT
[2010/10/25 10:38:30 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLDATAI2.KAT
[2010/10/25 10:38:30 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLDATAI.KAT
[2010/10/25 10:37:14 | 000,017,664 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLDEPT'R.KAT
[2010/10/22 14:43:40 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\ADSPROF.KAT
[2010/10/22 08:56:00 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'4.KAT
[2010/10/22 08:56:00 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'5.KAT
[2010/10/22 08:56:00 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'2.KAT
[2010/10/22 08:56:00 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'3.KAT
[2010/10/22 08:56:00 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'1.KAT
[2010/10/22 08:56:00 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEN2'I.KAT
[2010/10/20 20:24:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Katzie Fit Logo.DMSP
[2010/10/20 12:33:32 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\JFResume2.doc
[2010/10/19 10:21:19 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\JohnFlorence.doc
[2010/10/15 18:40:53 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/10/15 10:45:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/15 10:45:37 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/15 10:27:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/15 02:05:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 22:53:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Denis.acl
[2010/10/11 22:37:00 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Denis\My Documents\*.tmp files -> C:\Documents and Settings\Denis\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/07 17:25:08 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Hijackthis.lnk
[2010/11/07 11:30:59 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/07 11:30:56 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/07 11:30:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/07 11:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/11/04 11:52:51 | 000,001,427 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\NFSC.lnk
[2010/11/03 21:36:11 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\iphlpapi32.exe
[2010/11/01 21:49:45 | 000,003,565 | ---- | C] () -- C:\WINDOWS\System32\GnuHashes.ini
[2010/11/01 21:42:35 | 000,000,315 | -HS- | C] () -- C:\WINDOWS\System32\3357494
[2010/11/01 21:42:34 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\538513434
[2010/11/01 21:42:00 | 000,175,616 | -HS- | C] () -- C:\WINDOWS\lsass.exe
[2010/11/01 21:41:32 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/11/01 21:40:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\718109713
[2010/11/01 21:35:56 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Shortcut to FrostWire.exe.lnk
[2010/11/01 11:52:33 | 000,124,615 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Leah M - ROE.pdf
[2010/11/01 11:11:00 | 000,001,113 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Nov 1-10.BLK
[2010/10/30 23:33:44 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.1.lnk
[2010/10/29 15:18:10 | 000,006,549 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APWININI.KAT
[2010/10/29 15:16:58 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APGLOB.KAT
[2010/10/29 10:23:50 | 000,035,584 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'R.KAT
[2010/10/29 10:23:20 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'2.KAT
[2010/10/29 10:23:20 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'1.KAT
[2010/10/29 10:23:20 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLROPT'I.KAT
[2010/10/29 10:23:16 | 002,548,032 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBTCD'R.KAT
[2010/10/29 10:23:16 | 000,239,616 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBTCD'1.KAT
[2010/10/29 10:23:16 | 000,195,328 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBTCH'R.KAT
[2010/10/29 10:23:16 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBTCH'1.KAT
[2010/10/29 10:23:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APALBTCH.KAT
[2010/10/29 10:23:02 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLGLOB.KAT
[2010/10/29 10:22:34 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLWININI.KAT
[2010/10/29 10:21:26 | 001,227,776 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCRED'I.KAT
[2010/10/29 10:21:26 | 000,778,752 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCREC'I.KAT
[2010/10/29 10:21:26 | 000,072,142 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'R.KAT
[2010/10/29 10:21:26 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'1.KAT
[2010/10/29 10:21:26 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'2.KAT
[2010/10/29 10:21:26 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBNKE'R.KAT
[2010/10/29 10:21:26 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBANK'D.KAT
[2010/10/29 10:21:18 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0459I.KAT
[2010/10/29 10:21:18 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0459D.KAT
[2010/10/29 10:21:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0459H.KAT
[2010/10/29 10:21:18 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APWOPT.KAT
[2010/10/29 10:20:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0458I.KAT
[2010/10/29 10:20:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0458D.KAT
[2010/10/29 10:20:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0458H.KAT
[2010/10/29 10:20:20 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0457I.KAT
[2010/10/29 10:20:20 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0457D.KAT
[2010/10/29 10:20:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0457H.KAT
[2010/10/29 10:19:22 | 006,458,812 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCREC'R.KAT
[2010/10/29 10:19:22 | 004,061,312 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCRED'R.KAT
[2010/10/29 10:19:18 | 003,697,800 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCAUD.KAT
[2010/10/29 10:19:16 | 009,845,760 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APGLDS'R.KAT
[2010/10/29 10:19:16 | 006,623,312 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'R.KAT
[2010/10/29 10:19:16 | 004,118,016 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APGLDS'I.KAT
[2010/10/29 10:19:16 | 002,764,312 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'R.KAT
[2010/10/29 10:19:16 | 002,034,176 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'2.KAT
[2010/10/29 10:19:16 | 001,467,904 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'1.KAT
[2010/10/29 10:19:16 | 001,334,784 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEN2'R.KAT
[2010/10/29 10:19:16 | 001,068,972 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'R.KAT
[2010/10/29 10:19:16 | 000,955,904 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'2.KAT
[2010/10/29 10:19:16 | 000,950,272 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'1.KAT
[2010/10/29 10:19:16 | 000,240,435 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APPOSTMC.KAT
[2010/10/29 10:19:04 | 000,001,280 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APMANCHQ.KAT
[2010/10/29 10:17:12 | 000,001,190 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APPOSTME.KAT
[2010/10/28 14:45:49 | 000,734,916 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Hi Norm.pdf
[2010/10/28 14:41:01 | 000,983,552 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Hi Norm.doc
[2010/10/28 11:36:38 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010/10/28 11:35:52 | 000,011,502 | ---- | C] () -- C:\WINDOWS\Dr. Printer Icon.ico
[2010/10/28 11:35:28 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2010/10/28 11:35:28 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.smt
[2010/10/27 14:52:56 | 000,014,528 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APALRT'R.KAT
[2010/10/26 22:51:59 | 000,059,236 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/25 14:59:17 | 011,393,536 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\XenAppHosted.msi
[2010/10/25 10:38:32 | 002,177,152 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'R.KAT
[2010/10/25 10:38:32 | 000,878,336 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'R.KAT
[2010/10/25 10:38:32 | 000,723,072 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'R.KAT
[2010/10/25 10:38:32 | 000,141,824 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'4.KAT
[2010/10/25 10:38:32 | 000,141,824 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'1.KAT
[2010/10/25 10:38:32 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'2.KAT
[2010/10/25 10:38:32 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'5.KAT
[2010/10/25 10:38:32 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'3.KAT
[2010/10/25 10:38:32 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'1.KAT
[2010/10/25 10:38:32 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'2.KAT
[2010/10/25 10:38:32 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'3.KAT
[2010/10/25 10:38:32 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'1.KAT
[2010/10/25 10:38:32 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'4.KAT
[2010/10/25 10:38:32 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'2.KAT
[2010/10/25 10:38:30 | 000,585,728 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLDATA.KAT
[2010/10/25 10:38:30 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLDATAI2.KAT
[2010/10/25 10:38:30 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLDATAI.KAT
[2010/10/25 10:37:14 | 000,017,664 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLDEPT'R.KAT
[2010/10/22 14:43:40 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\ADSPROF.KAT
[2010/10/22 08:56:00 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'4.KAT
[2010/10/22 08:56:00 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'5.KAT
[2010/10/22 08:56:00 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'2.KAT
[2010/10/22 08:56:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'3.KAT
[2010/10/22 08:56:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'1.KAT
[2010/10/22 08:56:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEN2'I.KAT
[2010/10/20 20:24:44 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Katzie Fit Logo.DMSP
[2010/10/20 12:31:34 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\JFResume2.doc
[2010/10/19 10:11:18 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\JohnFlorence.doc
[2010/10/15 10:45:38 | 000,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/15 10:27:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/15 10:27:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/15 10:21:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/15 10:21:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/15 10:21:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/15 10:21:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/15 10:21:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/14 22:53:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Denis.acl
[2010/10/01 20:43:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/05 17:52:28 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/09/05 17:52:28 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/09/05 14:45:07 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Denis\Local Settings\Application Data\keyfile3.drm
[2010/08/19 22:46:50 | 000,315,692 | ---- | C] () -- C:\Documents and Settings\Denis\Local Settings\Application Data\rx_image.Cache
[2010/05/05 11:14:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/07 22:14:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/01/19 10:19:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2010/01/19 10:17:37 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2010/01/19 10:17:33 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2010/01/19 10:17:33 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2010/01/19 10:17:33 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2010/01/19 10:04:10 | 000,026,626 | ---- | C] () -- C:\WINDOWS\System32\tapiinh.dll
[2010/01/19 10:04:10 | 000,025,603 | ---- | C] () -- C:\WINDOWS\System32\un2ibdb.dll
[2010/01/19 10:03:25 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/01/19 09:57:25 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2009/07/30 17:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/29 23:11:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Denis\Local Settings\Application Data\fusioncache.dat
[2009/01/03 15:33:53 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2008/11/17 20:42:34 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/01/20 12:20:02 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/01/17 23:50:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/11/03 20:44:51 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\mediashare.xml
[2007/10/26 20:00:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/10/25 10:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/29 20:19:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/04/29 20:19:12 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007/04/29 20:18:53 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/29 20:17:55 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2007/04/29 20:16:58 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/04/29 20:07:39 | 000,076,164 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/04/13 22:02:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/10 11:53:06 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2007/04/05 14:56:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/04/01 19:21:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/29 19:30:43 | 000,000,292 | ---- | C] () -- C:\WINDOWS\spell.ini
[2007/01/26 17:54:29 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\bvapi.dll
[2007/01/06 21:06:59 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameH.txt
[2007/01/05 01:12:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/12/28 11:03:13 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2006/12/20 09:08:49 | 000,000,510 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/12/01 21:55:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006/12/01 20:13:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/12/01 20:11:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ais.ini
[2006/12/01 20:00:46 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/12/01 19:59:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/01 19:24:14 | 000,000,162 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670.ini
[2006/11/30 17:41:25 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/11/30 17:41:22 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\knsxhel.dll
[2006/11/30 17:41:22 | 000,028,674 | ---- | C] () -- C:\WINDOWS\System32\ckstdit.dll
[2006/11/30 17:41:22 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\unbdp32.dll
[2006/11/30 17:41:22 | 000,020,482 | ---- | C] () -- C:\WINDOWS\System32\2isttas.dll
[2006/11/30 16:58:57 | 000,032,740 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2006/11/30 16:58:57 | 000,015,029 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2006/11/30 16:58:57 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2006/11/30 16:58:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2006/11/30 16:52:40 | 000,140,800 | ---- | C] () -- C:\Documents and Settings\Denis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/30 16:48:48 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2006/11/30 05:51:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/11 20:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 20:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/02 14:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006/02/09 13:46:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/24 21:21:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/05/04 10:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/04/19 20:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/19 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeInBackup
[2007/04/10 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/12/22 20:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/08/03 16:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/11 19:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/01/16 21:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/10/29 19:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/09/05 17:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2007/04/29 20:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/04/29 20:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/03/26 20:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2010/11/07 17:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/29 23:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VPWLicenseFileFoler
[2007/11/01 22:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/26 21:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/03 11:03:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4439F0FD-AFAF-434D-86E2-DEB14A9C58AC}
[2010/01/28 08:11:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/10/28 11:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\AskToolbar
[2007/11/22 19:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Backup MyPC Deluxe
[2010/10/29 08:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Canon
[2010/09/05 17:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Downloaded Installations
[2006/12/18 23:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\EPSON
[2010/10/18 10:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Facebook
[2007/09/18 18:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Flock
[2010/11/04 11:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\FrostWire
[2007/04/20 18:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Good Keywords v2
[2008/01/20 00:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Grisoft
[2010/01/02 20:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\ICAClient
[2010/10/28 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\KeePass
[2006/12/01 19:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Leadertech
[2010/10/30 23:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\LimeWire
[2009/08/03 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\NCH Swift Sound
[2007/04/29 20:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\NewSoft
[2010/11/01 11:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Nitro PDF
[2006/12/01 11:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Opera
[2006/12/01 11:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Outlook
[2010/11/01 11:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\PrimoPDF
[2007/04/24 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Registry Booster
[2009/11/26 18:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Registry Mechanic
[2009/05/18 19:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\SanDisk
[2007/04/29 20:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\ScanSoft
[2010/11/01 11:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\SolidDocuments
[2007/11/02 17:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\SystemRequirementsLab
[2010/11/01 21:40:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Denis\Application Data\SysWin
[2007/11/07 20:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\URSoft
[2010/05/03 15:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Windows Desktop Search
[2010/05/03 20:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Windows Search
[2008/01/21 23:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\WinPatrol
[2010/11/07 11:36:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/11/07 14:13:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/11/07 11:36:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/11/07 11:36:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/11/07 11:36:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/11/07 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow4.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow3.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow3.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow2.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow1.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow1.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow0.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow0.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Sep 15.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\My Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\MailAttachment1.jpeg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\MailAttachment.jpeg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\M635DBIL-ENG.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Katzie Fit Logo.DMSP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Honnah's Parchel.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Dee Savino.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\2805018250102179175S500x500Q85.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\1979 honda.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\Desktop\OTHER ICONS:Roxio EMC Stream
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D240B1B9

< End of report >
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets start clearing them away

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    PRC - [2010/11/01 21:40:53 | 000,178,176 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\SysWin\lsass.exe
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...r={searchTerms}
    [2009/08/10 22:26:43 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\searchplugins\mywebsearch.xml
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4 - HKLM..\Run: [RTHDBPL] C:\WINDOWS\lsass.exe ()
    O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
    O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    [2010/11/01 21:41:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32
    [2010/11/01 21:41:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1649478657
    [2010/11/01 21:40:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Denis\Application Data\SysWin
    [2010/11/07 11:30:59 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010/11/07 11:30:59 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010/11/07 11:30:56 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010/11/07 11:30:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2010/11/05 19:43:51 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\538513434
    [2010/11/05 12:09:24 | 000,175,616 | -HS- | M] () -- C:\WINDOWS\lsass.exe
    [2010/11/03 21:36:11 | 000,178,176 | ---- | M] () -- C:\WINDOWS\System32\iphlpapi32.exe
    [2010/11/01 21:42:35 | 000,000,315 | -HS- | M] () -- C:\WINDOWS\System32\3357494
    [2010/11/01 21:41:32 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
    [2010/11/01 21:41:01 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\718109713
    [2010/11/03 21:36:11 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\iphlpapi32.exe
    [2010/11/01 21:49:45 | 000,003,565 | ---- | C] () -- C:\WINDOWS\System32\GnuHashes.ini
    [2010/11/01 21:42:35 | 000,000,315 | -HS- | C] () -- C:\WINDOWS\System32\3357494
    [2010/11/01 21:42:34 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\538513434
    [2010/11/01 21:42:00 | 000,175,616 | -HS- | C] () -- C:\WINDOWS\lsass.exe
    [2010/11/01 21:41:32 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
    [2010/11/01 21:40:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\718109713
    [2010/10/28 11:36:38 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
    [2010/11/01 21:40:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Denis\Application Data\SysWin

    ipconfig /flushdns /c


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Delete your current copy of combofix

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

BC Canuck

BC Canuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I'm not sure if any of these observations are of any consequence but, after I entered the fix you prepared and clicked the Run Fix button a message box appeared that said: "The system is shutting down. Please save all work in progress. The system will shut down in 45 seconds. The system shutdown is initiated by NT Authority\System." As it turned out the Fix had enough time to finish just as the system shut down. The message asking if it was ok to restart appeared just as the time ran out on the initial message and the system shut down on its own. Also, upon attempting to reboot, the bootup process stopped just at the point before starting Windows and would go no further. It finally booted successfully after I made 3 or 4 attempts at booting by hitting the start button and starting the process over again. I wonder if this recurring problem of booting into Windows has anything to do with the malware problem I'm having.

Here is the OTL log after the Quick Scan:

OTL logfile created on: 08/11/2010 12:23:10 PM - Run 2
OTL by OldTimer - Version Folder = C:\Documents and Settings\Denis\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 184.34 Gb Free Space | 61.84% Space Free | Partition Type: NTFS

Computer Name: DENIS-BAC9D10E6 | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 18:04:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\My Documents\Downloads\OTL.exe
PRC - [2010/10/28 11:52:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/29 05:41:31 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 14:37:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/03 21:28:05 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\\ccsvchst.exe
PRC - [2010/02/04 08:15:48 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/28 08:12:53 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/24 01:46:10 | 000,189,760 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2009/10/14 15:43:06 | 003,217,368 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/05/18 19:55:17 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Denis\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2008/08/11 11:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/08/07 21:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/06/21 15:04:53 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/21 16:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 10:51:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe

========== Modules (SafeList) ==========

MOD - [2010/11/07 18:04:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/29 05:41:31 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/07 14:37:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/03 21:28:05 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exe -- (NAV)
SRV - [2010/02/04 08:15:48 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/24 01:46:10 | 000,189,760 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
SRV - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/05/21 16:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/03/07 10:51:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Denis\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys -- (BOCDRIVE)
DRV - [2010/10/19 12:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/29 05:41:03 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/28 19:04:37 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101108.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 19:04:37 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101108.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/31 14:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/10 05:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/05/26 19:18:57 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 19:18:57 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/05 20:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 21:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 19:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 18:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 18:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 16:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/19 10:54:01 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/02 05:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/29 16:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/20 03:08:26 | 005,795,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/29 03:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/11 11:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 11:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/08/05 04:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/18 09:04:22 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/08/18 03:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/06/20 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/06/05 10:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2007/03/07 10:51:52 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2007/01/10 04:00:00 | 000,244,736 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/01/03 23:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/01/27 03:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/08/09 22:17:58 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2002/12/01 23:33:08 | 000,250,368 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/11/26 22:46:28 | 000,730,700 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/11/26 05:40:16 | 000,008,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/10/30 19:58:42 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2001/08/17 06:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://websearch.ask...ocale=en_US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/05/25 14:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/06 10:43:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: e:\Program Files\Flock\flock\plugins
FF - HKLM\software\mozilla\Flock\Extensions\\Components: e:\Program Files\Flock\flock\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/05 23:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 11:52:52 | 000,000,000 | ---D | M]

[2010/08/07 22:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Extensions
[2010/08/07 22:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Extensions\[email protected]
[2010/11/07 22:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions
[2010/04/27 15:40:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/09 17:40:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/25 22:03:47 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/01/26 08:36:54 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/03/25 22:03:46 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/06/10 18:36:25 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/09/11 22:27:52 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/02/09 12:47:19 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/06/03 08:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]
[2010/06/25 15:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]
[2010/10/28 11:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]
[2010/11/08 12:22:29 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\searchplugins\askcom.xml
[2008/01/16 22:25:29 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\searchplugins\siteadvisor.xml
[2010/11/01 12:34:47 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\searchplugins\surf-canyon.xml
[2010/11/07 22:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 18:54:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/24 09:39:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 04:26:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 21:35:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/08/14 11:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/08/14 11:33:30 | 000,091,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/08/14 11:33:26 | 000,020,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/14 11:35:40 | 000,427,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/01/25 19:12:12 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/08/14 11:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/06/08 08:20:52 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/11/08 12:00:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (20103b33) - {1DF956C1-34FB-76FC-0419-8E416008F1C5} - C:\WINDOWS\system32\audiodev32.dll (Inprise Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [RegistryMechanic] c:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Denis\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\Denis\Application Data\SysWin\lsass.exe File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cj.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: inac.gc.ca ([dap-pad] https in Trusted sites)
O15 - HKCU\..Trusted Domains: linkshare.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: linksynergy.com ([]https in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://wroc.nrcan.gc...sh/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1219447033296 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} http://data6.archive..._cab/MrSIDI.cab (MrSIDI Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.co...LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zon...oF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - E:\Program Files\ic2008pp.dll File not found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Denis\My Documents\My Pictures\Roxio Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Denis\My Documents\My Pictures\Roxio Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/19 09:39:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 12:00:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/07 11:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/11/07 11:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/11/04 11:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\NFS Carbon
[2010/11/04 11:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/02 18:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/11/02 18:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Need for Speed World
[2010/11/01 21:41:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\8E620E002B48B4F2A39CD12171E70A7E
[2010/11/01 21:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2010/11/01 07:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\SOFTRAK
[2010/10/30 23:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\FrostWire
[2010/10/30 23:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\FrostWire
[2010/10/30 23:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/10/30 21:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Nova Development
[2010/10/30 21:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nova Development
[2010/10/30 21:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\PictureToTV
[2010/10/30 21:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nova Development
[2010/10/28 11:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\PSU
[2010/10/28 11:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\AskToolbar
[2010/10/28 11:36:36 | 000,057,344 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll
[2010/10/28 11:36:36 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssusbpn.dll
[2010/10/28 11:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Samsung
[2010/10/28 11:35:29 | 000,151,552 | ---- | C] (SS) -- C:\WINDOWS\System32\cl31cci.exe
[2010/10/28 11:35:29 | 000,065,536 | ---- | C] (SS) -- C:\WINDOWS\System32\cl31cci.dll
[2010/10/28 11:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/26 21:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/26 21:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/26 21:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 21:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/25 23:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\Scrapbook Factory Install Disk Images
[2010/10/25 14:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Download Manager
[2010/10/16 17:24:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/15 10:27:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/15 10:21:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/15 10:21:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/15 10:21:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/15 10:21:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/15 10:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/15 10:21:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/15 10:20:26 | 000,000,000 | ---D | C] -- C:\Combo
[2010/10/14 23:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\BHOK IT Consulting
[2010/10/14 22:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Taxman
[2010/10/14 22:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Taxman
[2010/10/12 09:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2006/12/19 19:29:48 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[3 C:\Documents and Settings\Denis\My Documents\*.tmp files -> C:\Documents and Settings\Denis\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/11/08 12:17:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 12:17:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 12:17:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/08 12:17:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/08 12:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/08 12:00:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/08 11:59:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1788223648-725345543-1004UA.job
[2010/11/08 11:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 09:59:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1788223648-725345543-1004Core.job
[2010/11/07 17:25:08 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Hijackthis.lnk
[2010/11/07 11:08:04 | 000,501,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 11:08:04 | 000,094,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 11:05:57 | 000,175,033 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/05 20:04:12 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/04 11:52:51 | 000,001,427 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\NFSC.lnk
[2010/11/01 21:35:56 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Shortcut to FrostWire.exe.lnk
[2010/11/01 11:52:37 | 000,124,615 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Leah M - ROE.pdf
[2010/11/01 11:11:00 | 000,001,113 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Nov 1-10.BLK
[2010/10/30 23:33:44 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.1.lnk
[2010/10/29 15:18:10 | 000,006,549 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APWININI.KAT
[2010/10/29 15:16:58 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APGLOB.KAT
[2010/10/29 10:23:50 | 000,035,584 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'R.KAT
[2010/10/29 10:23:20 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'2.KAT
[2010/10/29 10:23:20 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'1.KAT
[2010/10/29 10:23:20 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLROPT'I.KAT
[2010/10/29 10:23:16 | 002,548,032 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBTCD'R.KAT
[2010/10/29 10:23:16 | 000,239,616 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBTCD'1.KAT
[2010/10/29 10:23:16 | 000,195,328 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBTCH'R.KAT
[2010/10/29 10:23:16 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLBTCH'1.KAT
[2010/10/29 10:23:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APALBTCH.KAT
[2010/10/29 10:23:02 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLGLOB.KAT
[2010/10/29 10:22:34 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLWININI.KAT
[2010/10/29 10:21:26 | 001,227,776 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCRED'I.KAT
[2010/10/29 10:21:26 | 000,778,752 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCREC'I.KAT
[2010/10/29 10:21:26 | 000,072,142 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'R.KAT
[2010/10/29 10:21:26 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'1.KAT
[2010/10/29 10:21:26 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'2.KAT
[2010/10/29 10:21:26 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBNKE'R.KAT
[2010/10/29 10:21:26 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APBANK'D.KAT
[2010/10/29 10:21:18 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0459I.KAT
[2010/10/29 10:21:18 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0459D.KAT
[2010/10/29 10:21:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0459H.KAT
[2010/10/29 10:21:18 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APWOPT.KAT
[2010/10/29 10:20:48 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0458I.KAT
[2010/10/29 10:20:48 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0458D.KAT
[2010/10/29 10:20:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0458H.KAT
[2010/10/29 10:20:20 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0457I.KAT
[2010/10/29 10:20:20 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0457D.KAT
[2010/10/29 10:20:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APC0457H.KAT
[2010/10/29 10:19:22 | 006,458,812 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCREC'R.KAT
[2010/10/29 10:19:22 | 004,061,312 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCRED'R.KAT
[2010/10/29 10:19:18 | 003,697,800 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APCAUD.KAT
[2010/10/29 10:19:16 | 009,845,760 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APGLDS'R.KAT
[2010/10/29 10:19:16 | 006,623,312 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'R.KAT
[2010/10/29 10:19:16 | 004,118,016 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APGLDS'I.KAT
[2010/10/29 10:19:16 | 002,764,312 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'R.KAT
[2010/10/29 10:19:16 | 002,034,176 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'2.KAT
[2010/10/29 10:19:16 | 001,467,904 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'1.KAT
[2010/10/29 10:19:16 | 001,334,784 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEN2'R.KAT
[2010/10/29 10:19:16 | 001,068,972 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'R.KAT
[2010/10/29 10:19:16 | 000,955,904 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'2.KAT
[2010/10/29 10:19:16 | 000,950,272 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'1.KAT
[2010/10/29 10:19:16 | 000,240,435 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APPOSTMC.KAT
[2010/10/29 10:19:04 | 000,001,280 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APMANCHQ.KAT
[2010/10/29 10:17:12 | 000,001,190 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APPOSTME.KAT
[2010/10/28 14:45:55 | 000,734,916 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Hi Norm.pdf
[2010/10/28 14:41:01 | 000,983,552 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Hi Norm.doc
[2010/10/27 14:52:56 | 000,014,528 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APALRT'R.KAT
[2010/10/26 22:51:59 | 000,059,236 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/25 15:00:29 | 011,393,536 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\XenAppHosted.msi
[2010/10/25 10:38:32 | 002,177,152 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'R.KAT
[2010/10/25 10:38:32 | 000,878,336 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'R.KAT
[2010/10/25 10:38:32 | 000,723,072 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'R.KAT
[2010/10/25 10:38:32 | 000,141,824 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'4.KAT
[2010/10/25 10:38:32 | 000,141,824 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'1.KAT
[2010/10/25 10:38:32 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'2.KAT
[2010/10/25 10:38:32 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'5.KAT
[2010/10/25 10:38:32 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'3.KAT
[2010/10/25 10:38:32 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'1.KAT
[2010/10/25 10:38:32 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'2.KAT
[2010/10/25 10:38:32 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'3.KAT
[2010/10/25 10:38:32 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'1.KAT
[2010/10/25 10:38:32 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'4.KAT
[2010/10/25 10:38:32 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'2.KAT
[2010/10/25 10:38:30 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLDATA.KAT
[2010/10/25 10:38:30 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLDATAI2.KAT
[2010/10/25 10:38:30 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLDATAI.KAT
[2010/10/25 10:37:14 | 000,017,664 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\GLDEPT'R.KAT
[2010/10/22 14:43:40 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\ADSPROF.KAT
[2010/10/22 08:56:00 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'4.KAT
[2010/10/22 08:56:00 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'5.KAT
[2010/10/22 08:56:00 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'2.KAT
[2010/10/22 08:56:00 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'3.KAT
[2010/10/22 08:56:00 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEND'1.KAT
[2010/10/22 08:56:00 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\APVEN2'I.KAT
[2010/10/20 20:24:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\Katzie Fit Logo.DMSP
[2010/10/20 12:33:32 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\JFResume2.doc
[2010/10/19 10:21:19 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Denis\My Documents\JohnFlorence.doc
[2010/10/15 18:40:53 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/10/15 10:45:37 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/15 10:27:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/15 02:05:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 22:53:27 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Denis.acl
[2010/10/11 22:37:00 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[3 C:\Documents and Settings\Denis\My Documents\*.tmp files -> C:\Documents and Settings\Denis\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/08 12:17:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/07 17:25:08 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Hijackthis.lnk
[2010/11/04 11:52:51 | 000,001,427 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\NFSC.lnk
[2010/11/01 21:35:56 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Shortcut to FrostWire.exe.lnk
[2010/11/01 11:52:33 | 000,124,615 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Leah M - ROE.pdf
[2010/11/01 11:11:00 | 000,001,113 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Nov 1-10.BLK
[2010/10/30 23:33:44 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.1.lnk
[2010/10/29 15:18:10 | 000,006,549 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APWININI.KAT
[2010/10/29 15:16:58 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APGLOB.KAT
[2010/10/29 10:23:50 | 000,035,584 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'R.KAT
[2010/10/29 10:23:20 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'2.KAT
[2010/10/29 10:23:20 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBCTL'1.KAT
[2010/10/29 10:23:20 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLROPT'I.KAT
[2010/10/29 10:23:16 | 002,548,032 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBTCD'R.KAT
[2010/10/29 10:23:16 | 000,239,616 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBTCD'1.KAT
[2010/10/29 10:23:16 | 000,195,328 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBTCH'R.KAT
[2010/10/29 10:23:16 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLBTCH'1.KAT
[2010/10/29 10:23:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APALBTCH.KAT
[2010/10/29 10:23:02 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLGLOB.KAT
[2010/10/29 10:22:34 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLWININI.KAT
[2010/10/29 10:21:26 | 001,227,776 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCRED'I.KAT
[2010/10/29 10:21:26 | 000,778,752 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCREC'I.KAT
[2010/10/29 10:21:26 | 000,072,142 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'R.KAT
[2010/10/29 10:21:26 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'1.KAT
[2010/10/29 10:21:26 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBCTL'2.KAT
[2010/10/29 10:21:26 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBNKE'R.KAT
[2010/10/29 10:21:26 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APBANK'D.KAT
[2010/10/29 10:21:18 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0459I.KAT
[2010/10/29 10:21:18 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0459D.KAT
[2010/10/29 10:21:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0459H.KAT
[2010/10/29 10:21:18 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APWOPT.KAT
[2010/10/29 10:20:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0458I.KAT
[2010/10/29 10:20:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0458D.KAT
[2010/10/29 10:20:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0458H.KAT
[2010/10/29 10:20:20 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0457I.KAT
[2010/10/29 10:20:20 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0457D.KAT
[2010/10/29 10:20:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APC0457H.KAT
[2010/10/29 10:19:22 | 006,458,812 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCREC'R.KAT
[2010/10/29 10:19:22 | 004,061,312 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCRED'R.KAT
[2010/10/29 10:19:18 | 003,697,800 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APCAUD.KAT
[2010/10/29 10:19:16 | 009,845,760 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APGLDS'R.KAT
[2010/10/29 10:19:16 | 006,623,312 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'R.KAT
[2010/10/29 10:19:16 | 004,118,016 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APGLDS'I.KAT
[2010/10/29 10:19:16 | 002,764,312 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'R.KAT
[2010/10/29 10:19:16 | 002,034,176 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'2.KAT
[2010/10/29 10:19:16 | 001,467,904 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APTRNS'1.KAT
[2010/10/29 10:19:16 | 001,334,784 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEN2'R.KAT
[2010/10/29 10:19:16 | 001,068,972 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'R.KAT
[2010/10/29 10:19:16 | 000,955,904 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'2.KAT
[2010/10/29 10:19:16 | 000,950,272 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APMTCH'1.KAT
[2010/10/29 10:19:16 | 000,240,435 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APPOSTMC.KAT
[2010/10/29 10:19:04 | 000,001,280 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APMANCHQ.KAT
[2010/10/29 10:17:12 | 000,001,190 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APPOSTME.KAT
[2010/10/28 14:45:49 | 000,734,916 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Hi Norm.pdf
[2010/10/28 14:41:01 | 000,983,552 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Hi Norm.doc
[2010/10/28 11:35:52 | 000,011,502 | ---- | C] () -- C:\WINDOWS\Dr. Printer Icon.ico
[2010/10/28 11:35:28 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2010/10/28 11:35:28 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.smt
[2010/10/27 14:52:56 | 000,014,528 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APALRT'R.KAT
[2010/10/26 22:51:59 | 000,059,236 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/25 14:59:17 | 011,393,536 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\XenAppHosted.msi
[2010/10/25 10:38:32 | 002,177,152 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'R.KAT
[2010/10/25 10:38:32 | 000,878,336 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'R.KAT
[2010/10/25 10:38:32 | 000,723,072 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'R.KAT
[2010/10/25 10:38:32 | 000,141,824 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'4.KAT
[2010/10/25 10:38:32 | 000,141,824 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'1.KAT
[2010/10/25 10:38:32 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'2.KAT
[2010/10/25 10:38:32 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'5.KAT
[2010/10/25 10:38:32 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNUMB'3.KAT
[2010/10/25 10:38:32 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'1.KAT
[2010/10/25 10:38:32 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLNBUD'2.KAT
[2010/10/25 10:38:32 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'3.KAT
[2010/10/25 10:38:32 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'1.KAT
[2010/10/25 10:38:32 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'4.KAT
[2010/10/25 10:38:32 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLMAST'2.KAT
[2010/10/25 10:38:30 | 000,585,728 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLDATA.KAT
[2010/10/25 10:38:30 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLDATAI2.KAT
[2010/10/25 10:38:30 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLDATAI.KAT
[2010/10/25 10:37:14 | 000,017,664 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\GLDEPT'R.KAT
[2010/10/22 14:43:40 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\ADSPROF.KAT
[2010/10/22 08:56:00 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'4.KAT
[2010/10/22 08:56:00 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'5.KAT
[2010/10/22 08:56:00 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'2.KAT
[2010/10/22 08:56:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'3.KAT
[2010/10/22 08:56:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEND'1.KAT
[2010/10/22 08:56:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\APVEN2'I.KAT
[2010/10/20 20:24:44 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\Katzie Fit Logo.DMSP
[2010/10/20 12:31:34 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\JFResume2.doc
[2010/10/19 10:11:18 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Denis\My Documents\JohnFlorence.doc
[2010/10/15 10:45:38 | 000,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/15 10:27:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/15 10:27:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/15 10:21:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/15 10:21:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/15 10:21:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/15 10:21:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/15 10:21:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/14 22:53:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Denis.acl
[2010/10/01 20:43:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/05 17:52:28 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010/09/05 17:52:28 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/09/05 14:45:07 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Denis\Local Settings\Application Data\keyfile3.drm
[2010/08/19 22:46:50 | 000,315,692 | ---- | C] () -- C:\Documents and Settings\Denis\Local Settings\Application Data\rx_image.Cache
[2010/05/05 11:14:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/07 22:14:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/01/19 10:19:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2010/01/19 10:17:37 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2010/01/19 10:17:33 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2010/01/19 10:17:33 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2010/01/19 10:17:33 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2010/01/19 10:04:10 | 000,026,626 | ---- | C] () -- C:\WINDOWS\System32\tapiinh.dll
[2010/01/19 10:04:10 | 000,025,603 | ---- | C] () -- C:\WINDOWS\System32\un2ibdb.dll
[2010/01/19 10:03:25 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/01/19 09:57:25 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2009/07/30 17:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/29 23:11:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Denis\Local Settings\Application Data\fusioncache.dat
[2009/01/03 15:33:53 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2008/11/17 20:42:34 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/01/20 12:20:02 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/01/17 23:50:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/11/03 20:44:51 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\mediashare.xml
[2007/10/26 20:00:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/10/25 10:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/29 20:19:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/04/29 20:19:12 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007/04/29 20:18:53 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/29 20:17:55 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2007/04/29 20:16:58 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/04/29 20:07:39 | 000,076,164 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/04/13 22:02:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/10 11:53:06 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2007/04/05 14:56:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/04/01 19:21:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/29 19:30:43 | 000,000,292 | ---- | C] () -- C:\WINDOWS\spell.ini
[2007/01/26 17:54:29 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\bvapi.dll
[2007/01/06 21:06:59 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameH.txt
[2007/01/05 01:12:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/12/28 11:03:13 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2006/12/20 09:08:49 | 000,000,510 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/12/01 21:55:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006/12/01 20:13:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/12/01 20:11:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ais.ini
[2006/12/01 20:00:46 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/12/01 19:59:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/01 19:24:14 | 000,000,162 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670.ini
[2006/11/30 17:41:25 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/11/30 17:41:22 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\knsxhel.dll
[2006/11/30 17:41:22 | 000,028,674 | ---- | C] () -- C:\WINDOWS\System32\ckstdit.dll
[2006/11/30 17:41:22 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\unbdp32.dll
[2006/11/30 17:41:22 | 000,020,482 | ---- | C] () -- C:\WINDOWS\System32\2isttas.dll
[2006/11/30 16:58:57 | 000,032,740 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2006/11/30 16:58:57 | 000,015,029 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2006/11/30 16:58:57 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2006/11/30 16:58:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2006/11/30 16:52:40 | 000,140,800 | ---- | C] () -- C:\Documents and Settings\Denis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/30 16:48:48 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2006/11/30 05:51:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/11 20:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 20:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/02 14:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006/02/09 13:46:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/24 21:21:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/05/04 10:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/04/19 20:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/19 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeInBackup
[2007/04/10 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/12/22 20:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/08/03 16:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/11 19:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/01/16 21:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/10/29 19:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/09/05 17:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2007/04/29 20:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/04/29 20:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/03/26 20:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2010/11/08 12:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/29 23:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VPWLicenseFileFoler
[2007/11/01 22:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/26 21:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/03 11:03:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4439F0FD-AFAF-434D-86E2-DEB14A9C58AC}
[2010/01/28 08:11:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/10/28 11:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\AskToolbar
[2007/11/22 19:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Backup MyPC Deluxe
[2010/10/29 08:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Canon
[2010/09/05 17:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Downloaded Installations
[2006/12/18 23:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\EPSON
[2010/10/18 10:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Facebook
[2007/09/18 18:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Flock
[2010/11/04 11:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\FrostWire
[2007/04/20 18:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Good Keywords v2
[2008/01/20 00:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Grisoft
[2010/01/02 20:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\ICAClient
[2010/10/28 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\KeePass
[2006/12/01 19:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Leadertech
[2010/10/30 23:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\LimeWire
[2009/08/03 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\NCH Swift Sound
[2007/04/29 20:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\NewSoft
[2010/11/01 11:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Nitro PDF
[2006/12/01 11:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Opera
[2006/12/01 11:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Outlook
[2010/11/01 11:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\PrimoPDF
[2007/04/24 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Registry Booster
[2009/11/26 18:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Registry Mechanic
[2009/05/18 19:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\SanDisk
[2007/04/29 20:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\ScanSoft
[2010/11/01 11:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\SolidDocuments
[2007/11/02 17:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\SystemRequirementsLab
[2007/11/07 20:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\URSoft
[2010/05/03 15:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Windows Desktop Search
[2010/05/03 20:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\Windows Search
[2008/01/21 23:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denis\Application Data\WinPatrol
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/11/08 12:20:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/11/08 12:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow4.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow3.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow3.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow2.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow1.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow1.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow0.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow0.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Slideshow.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Sep 15.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\My Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\MailAttachment1.jpeg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\MailAttachment.jpeg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\M635DBIL-ENG.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Katzie Fit Logo.DMSP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Honnah's Parchel.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\Dee Savino.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\2805018250102179175S500x500Q85.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\My Documents\1979 honda.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Denis\Desktop\OTHER ICONS:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D240B1B9

< End of report >

I'll post the combofix log separately.
  • 0

BC Canuck

BC Canuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the Combofix log:

Here is the Combofix log:

ComboFix 10-11-07.A2 - Denis 08/11/2010 12:39:09.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1057 [GMT -8:00]
Running from: c:\documents and settings\Denis\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))

2010-11-08 20:17 . 2010-11-08 20:17 0 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-08 20:00 . 2010-11-08 20:00 -------- d-----w- C:\_OTL
2010-11-07 19:31 . 2010-11-07 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-11-07 19:30 . 2010-11-07 19:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-11-04 19:42 . 2010-11-04 19:42 -------- d-----w- c:\program files\7-Zip
2010-11-04 05:35 . 2007-01-10 12:00 244736 ----a-w- c:\windows\system32\drivers\c2scsi.sys
2010-11-03 02:14 . 2010-11-03 02:14 -------- d-----w- c:\windows\Logs
2010-11-03 02:13 . 2010-11-03 02:13 -------- d-----w- c:\program files\Need for Speed World
2010-11-02 05:41 . 2010-11-06 03:10 -------- d-sh--w- c:\windows\system32\8E620E002B48B4F2A39CD12171E70A7E
2010-11-02 05:40 . 2010-11-02 05:41 249856 ----a-w- c:\windows\system32\audiodev32.dll
2010-10-31 07:33 . 2010-11-04 19:24 -------- d-----w- c:\documents and settings\Denis\Application Data\FrostWire
2010-10-31 07:33 . 2010-10-31 07:34 -------- d-----w- c:\program files\FrostWire
2010-10-31 05:49 . 2010-10-31 05:50 -------- d-----w- c:\documents and settings\Denis\Local Settings\Application Data\Nova Development
2010-10-31 05:41 . 2010-10-31 05:41 -------- d-----w- c:\program files\Common Files\Nova Development
2010-10-31 05:40 . 2010-10-31 05:40 -------- d-----w- c:\program files\PictureToTV
2010-10-31 05:37 . 2010-10-31 05:37 -------- d-----w- c:\program files\Nova Development
2010-10-28 19:46 . 2010-10-28 19:46 -------- d-----w- c:\documents and settings\Denis\Local Settings\Application Data\PSU
2010-10-28 19:38 . 2010-10-28 19:38 -------- d-----w- c:\documents and settings\Denis\Application Data\AskToolbar
2010-10-28 19:36 . 2008-03-17 01:10 57344 ----a-w- c:\windows\system32\ssdevm.dll
2010-10-28 19:36 . 2007-08-13 06:26 49152 ----a-w- c:\windows\system32\ssusbpn.dll
2010-10-28 19:36 . 2007-08-13 06:26 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-28 19:36 . 2007-08-13 06:26 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-10-28 19:36 . 2010-10-28 19:36 -------- d-----w- c:\windows\Samsung
2010-10-28 19:35 . 2007-08-13 09:40 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\cl31cpc.dll
2010-10-28 19:35 . 2007-08-13 09:39 151552 ----a-w- c:\windows\system32\cl31cci.exe
2010-10-28 19:35 . 2007-08-13 09:39 65536 ----a-w- c:\windows\system32\cl31cci.dll
2010-10-28 19:35 . 2007-08-13 09:39 22723 ----a-w- c:\windows\system32\cl31cl3.dll
2010-10-28 19:26 . 2010-10-28 19:26 -------- d-----w- c:\program files\Samsung
2010-10-27 05:56 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-27 05:56 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-27 05:55 . 2010-10-27 05:55 -------- d-----w- c:\program files\iPod
2010-10-27 05:55 . 2010-10-27 05:56 -------- d-----w- c:\program files\iTunes
2010-10-27 05:55 . 2010-10-27 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-27 05:54 . 2010-10-27 05:54 -------- d-----w- c:\program files\Bonjour
2010-10-25 22:59 . 2010-10-25 23:00 -------- d-----w- c:\documents and settings\Denis\Application Data\Download Manager
2010-10-15 18:20 . 2010-10-15 18:20 -------- d-----w- C:\Combo
2010-10-15 07:17 . 2010-10-15 08:23 -------- d-----w- c:\program files\BHOK IT Consulting
2010-10-15 06:50 . 2010-10-15 06:50 -------- d-----w- c:\program files\Common Files\Taxman
2010-10-15 06:50 . 2010-10-15 06:50 -------- d-----w- c:\program files\Taxman
2010-10-11 06:03 . 2010-10-11 06:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2010-09-29 13:41 . 2010-04-20 04:18 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-29 13:41 . 2010-04-20 04:18 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-29 13:41 . 2010-04-20 04:18 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-29 13:41 . 2010-04-20 04:18 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-18 19:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-04-24 17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2007-05-04 05:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 02:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2003-08-27 22:19 . 2006-12-20 03:29 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
2009-08-14 19:33 . 2009-08-14 19:33 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-08-14 19:33 . 2009-08-14 19:33 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-08-14 19:33 . 2009-08-14 19:33 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-08-14 19:33 . 2009-08-14 19:33 20824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-08-14 19:34 . 2009-08-14 19:34 206160 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-08-14 19:33 . 2009-08-14 19:33 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-08-14 19:33 . 2009-08-14 19:33 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 16:41 . 2008-05-21 16:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 16:41 . 2008-05-21 16:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 16:41 . 2008-05-21 16:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2009-08-14 18:50 . 2009-08-14 18:50 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-08-14 19:33 . 2009-08-14 19:33 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

((((((((((((((((((((((((((((( SnapShot@2010-10-15_18.46.04 )))))))))))))))))))))))))))))))))))))))))
+ 2010-11-08 20:18 . 2010-11-08 20:18 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2010-11-08 20:17 . 2010-11-08 20:17 16384 c:\windows\Temp\Perflib_Perfdata_2cc.dat
+ 2010-11-03 02:19 . 2010-06-02 11:55 74072 c:\windows\system32\XAPOFX1_5.dll
+ 2010-11-03 02:19 . 2010-02-04 17:01 74072 c:\windows\system32\XAPOFX1_4.dll
+ 2010-11-03 02:19 . 2009-09-05 00:44 69464 c:\windows\system32\XAPOFX1_3.dll
+ 2010-11-03 02:19 . 2008-10-27 17:04 70992 c:\windows\system32\XAPOFX1_2.dll
+ 2010-11-03 02:19 . 2008-07-31 17:41 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2010-11-03 02:19 . 2008-05-30 21:17 65032 c:\windows\system32\XAPOFX1_0.dll
+ 2010-11-03 02:19 . 2010-02-04 17:01 22360 c:\windows\system32\X3DAudio1_7.dll
+ 2010-11-03 02:19 . 2009-03-16 21:18 22360 c:\windows\system32\X3DAudio1_6.dll
+ 2010-11-03 02:19 . 2008-10-27 17:04 23376 c:\windows\system32\X3DAudio1_5.dll
+ 2010-11-03 02:19 . 2008-05-30 21:17 25608 c:\windows\system32\X3DAudio1_4.dll
+ 2010-11-03 02:19 . 2008-03-05 23:00 25608 c:\windows\system32\X3DAudio1_3.dll
+ 2004-08-20 19:57 . 2004-08-20 19:57 57344 c:\windows\system32\WNASPINT.DLL
+ 2010-10-28 19:35 . 2008-01-15 05:53 77765 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31ctk.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77113 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31csw.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83164 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31csp.dat
+ 2010-10-28 19:35 . 2008-02-19 01:15 80656 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cru.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83160 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cpt.dat
+ 2010-10-28 19:35 . 2007-08-13 09:40 15318 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cpp.dll
+ 2010-10-28 19:35 . 2008-01-15 05:53 79817 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cpo.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77102 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cnr.dat
+ 2010-10-28 19:35 . 2007-08-13 09:40 69632 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31clf.dll
+ 2010-10-28 19:35 . 2008-03-17 04:06 71658 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31ckr.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 82235 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cit.dat
+ 2010-10-28 19:35 . 2007-10-10 00:57 32768 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cio.dll
+ 2010-10-28 19:35 . 2008-01-15 05:53 81003 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31chu.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 71430 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31chb.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83875 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cgr.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 87345 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cfn.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 78950 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cfi.dat
+ 2010-10-28 19:35 . 2007-08-13 09:39 53248 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cex.exe
+ 2010-10-28 19:35 . 2008-01-15 05:53 75047 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cen.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 84300 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cel.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 81186 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cdt.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 78052 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cdn.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77909 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31ccz.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 64478 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cct.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 64657 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31ccp.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 82080 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cbp.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 73515 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cab.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77765 c:\windows\system32\spool\drivers\w32x86\cl31ctk.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77113 c:\windows\system32\spool\drivers\w32x86\cl31csw.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83164 c:\windows\system32\spool\drivers\w32x86\cl31csp.dat
+ 2010-10-28 19:35 . 2008-02-19 01:15 80656 c:\windows\system32\spool\drivers\w32x86\cl31cru.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83160 c:\windows\system32\spool\drivers\w32x86\cl31cpt.dat
+ 2010-10-28 19:35 . 2007-08-13 09:40 15318 c:\windows\system32\spool\drivers\w32x86\cl31cpp.dll
+ 2010-10-28 19:35 . 2008-01-15 05:53 79817 c:\windows\system32\spool\drivers\w32x86\cl31cpo.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77102 c:\windows\system32\spool\drivers\w32x86\cl31cnr.dat
+ 2010-10-28 19:35 . 2007-08-13 09:40 69632 c:\windows\system32\spool\drivers\w32x86\cl31clf.dll
+ 2010-10-28 19:35 . 2008-03-17 04:06 71658 c:\windows\system32\spool\drivers\w32x86\cl31ckr.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 82235 c:\windows\system32\spool\drivers\w32x86\cl31cit.dat
+ 2010-10-28 19:35 . 2007-10-10 00:57 32768 c:\windows\system32\spool\drivers\w32x86\cl31cio.dll
+ 2010-10-28 19:35 . 2008-01-15 05:53 81003 c:\windows\system32\spool\drivers\w32x86\cl31chu.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 71430 c:\windows\system32\spool\drivers\w32x86\cl31chb.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83875 c:\windows\system32\spool\drivers\w32x86\cl31cgr.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 87345 c:\windows\system32\spool\drivers\w32x86\cl31cfn.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 78950 c:\windows\system32\spool\drivers\w32x86\cl31cfi.dat
+ 2010-10-28 19:35 . 2007-08-13 09:39 53248 c:\windows\system32\spool\drivers\w32x86\cl31cex.exe
+ 2010-10-28 19:35 . 2008-01-15 05:53 75047 c:\windows\system32\spool\drivers\w32x86\cl31cen.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 84300 c:\windows\system32\spool\drivers\w32x86\cl31cel.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 81186 c:\windows\system32\spool\drivers\w32x86\cl31cdt.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 78052 c:\windows\system32\spool\drivers\w32x86\cl31cdn.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77909 c:\windows\system32\spool\drivers\w32x86\cl31ccz.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 64478 c:\windows\system32\spool\drivers\w32x86\cl31cct.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 64657 c:\windows\system32\spool\drivers\w32x86\cl31ccp.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 82080 c:\windows\system32\spool\drivers\w32x86\cl31cbp.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 73515 c:\windows\system32\spool\drivers\w32x86\cl31cab.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77765 c:\windows\system32\spool\drivers\w32x86\3\cl31ctk.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77113 c:\windows\system32\spool\drivers\w32x86\3\cl31csw.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83164 c:\windows\system32\spool\drivers\w32x86\3\cl31csp.dat
+ 2010-10-28 19:35 . 2008-02-19 01:15 80656 c:\windows\system32\spool\drivers\w32x86\3\cl31cru.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83160 c:\windows\system32\spool\drivers\w32x86\3\cl31cpt.dat
+ 2010-10-28 19:35 . 2007-08-13 09:40 15318 c:\windows\system32\spool\drivers\w32x86\3\cl31cpp.dll
+ 2010-10-28 19:35 . 2008-01-15 05:53 79817 c:\windows\system32\spool\drivers\w32x86\3\cl31cpo.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77102 c:\windows\system32\spool\drivers\w32x86\3\cl31cnr.dat
+ 2010-10-28 19:35 . 2007-08-13 09:40 69632 c:\windows\system32\spool\drivers\w32x86\3\cl31clf.dll
+ 2010-10-28 19:35 . 2008-03-17 04:06 71658 c:\windows\system32\spool\drivers\w32x86\3\cl31ckr.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 82235 c:\windows\system32\spool\drivers\w32x86\3\cl31cit.dat
+ 2010-10-28 19:35 . 2007-10-10 00:57 32768 c:\windows\system32\spool\drivers\w32x86\3\cl31cio.dll
+ 2010-10-28 19:35 . 2008-01-15 05:53 81003 c:\windows\system32\spool\drivers\w32x86\3\cl31chu.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 71430 c:\windows\system32\spool\drivers\w32x86\3\cl31chb.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 83875 c:\windows\system32\spool\drivers\w32x86\3\cl31cgr.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 87345 c:\windows\system32\spool\drivers\w32x86\3\cl31cfn.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 78950 c:\windows\system32\spool\drivers\w32x86\3\cl31cfi.dat
+ 2010-10-28 19:35 . 2007-08-13 09:39 53248 c:\windows\system32\spool\drivers\w32x86\3\cl31cex.exe
+ 2010-10-28 19:35 . 2008-01-15 05:53 75047 c:\windows\system32\spool\drivers\w32x86\3\cl31cen.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 84300 c:\windows\system32\spool\drivers\w32x86\3\cl31cel.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 81186 c:\windows\system32\spool\drivers\w32x86\3\cl31cdt.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 78052 c:\windows\system32\spool\drivers\w32x86\3\cl31cdn.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 77909 c:\windows\system32\spool\drivers\w32x86\3\cl31ccz.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 64478 c:\windows\system32\spool\drivers\w32x86\3\cl31cct.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 64657 c:\windows\system32\spool\drivers\w32x86\3\cl31ccp.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 82080 c:\windows\system32\spool\drivers\w32x86\3\cl31cbp.dat
+ 2010-10-28 19:35 . 2008-01-15 05:53 73515 c:\windows\system32\spool\drivers\w32x86\3\cl31cab.dat
+ 2010-11-07 19:30 . 2008-05-03 03:16 81920 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvwddi.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 86016 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvmctray.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 41984 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvcod.dll
+ 2010-11-07 19:30 . 2006-08-14 03:31 32768 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Auxiliary.dll
+ 2004-08-04 12:00 . 2010-11-07 19:08 94440 c:\windows\system32\perfc009.dat
+ 2010-07-10 13:38 . 2010-07-10 13:38 61440 c:\windows\system32\OpenCL.dll
- 2006-08-12 04:43 . 2008-05-03 03:16 81920 c:\windows\system32\nvwddi.dll
+ 2010-07-10 00:24 . 2010-07-10 00:24 81920 c:\windows\system32\nvwddi.dll
- 2003-04-19 00:29 . 2003-04-19 00:29 82432 c:\windows\system32\msxml4r.dll
+ 2003-04-19 00:29 . 2007-08-13 06:26 82432 c:\windows\system32\msxml4r.dll
+ 2010-10-27 06:51 . 2010-10-27 06:51 59236 c:\windows\system32\mlfcache.dat
+ 2010-07-28 01:44 . 2010-07-28 01:44 75040 c:\windows\system32\jdns_sd.dll
+ 2010-10-27 05:55 . 2010-04-20 03:47 41984 c:\windows\system32\DRVSTORE\usbaapl_5BE1FFC476B2D9925B428CF102B47444B9A16508\usbaapl.sys
+ 2010-10-27 05:55 . 2010-04-20 03:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-10-27 05:56 . 2009-05-18 20:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-07-28 01:44 . 2010-07-28 01:44 91424 c:\windows\system32\dnssd.dll
- 2006-11-30 23:18 . 2010-10-15 09:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-11-30 23:18 . 2010-11-08 20:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-10-16 00:01 . 2010-11-08 20:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-11-30 23:18 . 2010-10-15 09:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-10-28 19:36 . 2008-08-08 05:03 32768 c:\windows\Samsung\PanelMgr\SPaddon.exe
+ 2010-10-16 10:36 . 2010-10-16 10:36 21504 c:\windows\Installer\2491572.msi
+ 2010-10-27 05:55 . 2010-10-27 05:55 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2010-10-25 23:12 . 2010-10-25 23:12 73728 c:\windows\Installer\{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}\pncico.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe
+ 2010-10-25 23:12 . 2010-10-25 23:12 73728 c:\windows\Installer\{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
+ 2010-10-25 23:12 . 2010-10-25 23:12 73728 c:\windows\Installer\{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
+ 2010-10-25 23:12 . 2010-10-25 23:12 73728 c:\windows\Installer\{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}\ARPICON.exe
+ 2010-10-31 05:47 . 2010-10-31 05:47 61440 c:\windows\Installer\{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}\GCFDeluxe_08F9879C0AA34B0AAACE3498BBCAE175.exe
+ 2010-10-31 05:47 . 2010-10-31 05:47 61440 c:\windows\Installer\{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}\DesktopIcon_08F9879C0AA34B0AAACE3498BBCAE175.exe
+ 2010-10-31 05:47 . 2010-10-31 05:47 61440 c:\windows\Installer\{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}\ARPPRODUCTICON.exe
+ 2010-10-31 05:47 . 2010-10-31 05:47 2238 c:\windows\Installer\{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}\Shortcut_Start.9FE3E38C_5A39_407A_B7BD_EC1BCD01E92A.exe
+ 2010-11-03 02:19 . 2010-06-02 11:55 527192 c:\windows\system32\XAudio2_7.dll
+ 2010-11-03 02:19 . 2010-02-04 17:01 528216 c:\windows\system32\XAudio2_6.dll
+ 2010-11-03 02:19 . 2009-09-05 00:44 515416 c:\windows\system32\XAudio2_5.dll
+ 2010-11-03 02:19 . 2009-03-16 21:18 517448 c:\windows\system32\XAudio2_4.dll
+ 2010-11-03 02:19 . 2008-10-27 17:04 514384 c:\windows\system32\XAudio2_3.dll
+ 2010-11-03 02:19 . 2008-07-31 17:40 509448 c:\windows\system32\XAudio2_2.dll
+ 2010-11-03 02:19 . 2008-05-30 21:19 507400 c:\windows\system32\XAudio2_1.dll
+ 2010-11-03 02:19 . 2008-03-05 23:03 479752 c:\windows\system32\XAudio2_0.dll
+ 2010-11-03 02:19 . 2010-06-02 11:55 239960 c:\windows\system32\xactengine3_7.dll
+ 2010-11-03 02:19 . 2010-02-04 17:01 238936 c:\windows\system32\xactengine3_6.dll
+ 2010-11-03 02:19 . 2009-09-05 00:44 238936 c:\windows\system32\xactengine3_5.dll
+ 2010-11-03 02:19 . 2009-03-16 21:18 235352 c:\windows\system32\xactengine3_4.dll
+ 2010-11-03 02:19 . 2008-10-27 17:04 235856 c:\windows\system32\xactengine3_3.dll
+ 2010-11-03 02:19 . 2008-07-31 17:41 238088 c:\windows\system32\xactengine3_2.dll
+ 2010-11-03 02:19 . 2008-05-30 21:18 238088 c:\windows\system32\xactengine3_1.dll
+ 2010-11-03 02:19 . 2008-03-05 23:03 238088 c:\windows\system32\xactengine3_0.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 835584 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cu2.dll
+ 2010-10-28 19:35 . 2008-12-02 12:12 929792 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cu.dll
+ 2010-10-28 19:35 . 2009-01-21 05:56 536576 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31csf.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 532480 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31csc.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 217088 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31co.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 196608 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cn.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 311296 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cm.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 404992 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cdu.dll
+ 2010-10-28 19:35 . 2007-08-13 09:39 204800 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31ccm.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 835584 c:\windows\system32\spool\drivers\w32x86\cl31cu2.dll
+ 2010-10-28 19:35 . 2008-12-02 12:12 929792 c:\windows\system32\spool\drivers\w32x86\cl31cu.dll
+ 2010-10-28 19:35 . 2009-01-21 05:56 536576 c:\windows\system32\spool\drivers\w32x86\cl31csf.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 532480 c:\windows\system32\spool\drivers\w32x86\cl31csc.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 217088 c:\windows\system32\spool\drivers\w32x86\cl31co.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 196608 c:\windows\system32\spool\drivers\w32x86\cl31cn.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 311296 c:\windows\system32\spool\drivers\w32x86\cl31cm.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 404992 c:\windows\system32\spool\drivers\w32x86\cl31cdu.dll
+ 2010-10-28 19:35 . 2007-08-13 09:39 204800 c:\windows\system32\spool\drivers\w32x86\cl31ccm.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 835584 c:\windows\system32\spool\drivers\w32x86\3\cl31cu2.dll
+ 2010-10-28 19:35 . 2008-12-02 12:12 929792 c:\windows\system32\spool\drivers\w32x86\3\cl31cu.dll
+ 2010-10-28 19:35 . 2009-01-21 05:56 536576 c:\windows\system32\spool\drivers\w32x86\3\cl31csf.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 532480 c:\windows\system32\spool\drivers\w32x86\3\cl31csc.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 217088 c:\windows\system32\spool\drivers\w32x86\3\cl31co.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 196608 c:\windows\system32\spool\drivers\w32x86\3\cl31cn.dll
+ 2010-10-28 19:35 . 2007-08-13 09:40 311296 c:\windows\system32\spool\drivers\w32x86\3\cl31cm.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 404992 c:\windows\system32\spool\drivers\w32x86\3\cl31cdu.dll
+ 2010-10-28 19:35 . 2007-08-13 09:39 204800 c:\windows\system32\spool\drivers\w32x86\3\cl31ccm.dll
+ 2010-11-07 19:30 . 2008-01-18 00:51 208896 c:\windows\system32\ReinstallBackups\0018\DriverFiles\WinSys2.exe
+ 2010-11-07 19:30 . 2006-07-12 21:00 131072 c:\windows\system32\ReinstallBackups\0018\DriverFiles\smdll.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 159812 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvsvc32.exe
+ 2010-11-07 19:30 . 2008-05-03 03:16 286720 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvnt4cpl.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 458752 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvmccssr.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 188416 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvmccss.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 229376 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvmccs.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 425984 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvapi.dll
+ 2010-11-07 19:30 . 2005-04-07 19:46 614400 c:\windows\system32\ReinstallBackups\0018\DriverFiles\msvcr80.dll
+ 2010-11-07 19:30 . 2007-05-28 15:13 130048 c:\windows\system32\ReinstallBackups\0018\DriverFiles\MadCHook.dll
+ 2010-11-07 19:30 . 2008-06-20 07:31 262144 c:\windows\system32\ReinstallBackups\0018\DriverFiles\HookShield.dll
+ 2010-11-07 19:30 . 2008-06-20 07:29 258048 c:\windows\system32\ReinstallBackups\0018\DriverFiles\HookMAp.dll
+ 2004-08-04 12:00 . 2010-11-07 19:08 501844 c:\windows\system32\perfh009.dat
+ 2007-10-29 23:52 . 2010-07-10 13:38 604776 c:\windows\system32\NVUNINST.EXE
+ 2007-10-29 23:54 . 2010-07-10 13:38 604776 c:\windows\system32\nvudisp.exe
+ 2010-07-10 00:24 . 2010-07-10 00:24 155752 c:\windows\system32\nvsvc32.exe
+ 2010-07-10 00:24 . 2010-07-10 00:24 110696 c:\windows\system32\nvmctray.dll
+ 2010-07-10 00:24 . 2010-07-10 00:24 277608 c:\windows\system32\nvmccs.dll
+ 2010-07-10 00:24 . 2010-07-10 00:24 145000 c:\windows\system32\nvcolor.exe
+ 2006-08-12 04:42 . 2010-07-10 13:38 236136 c:\windows\system32\nvcodins.dll
+ 2006-08-12 04:42 . 2010-07-10 13:38 236136 c:\windows\system32\nvcod.dll
+ 2010-11-06 04:08 . 2010-11-06 04:08 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
- 2010-08-24 12:26 . 2010-07-17 12:00 153376 c:\windows\system32\javaws.exe
+ 2010-11-02 05:35 . 2010-09-15 11:50 153376 c:\windows\system32\javaws.exe
+ 2010-11-02 05:35 . 2010-09-15 11:50 145184 c:\windows\system32\javaw.exe
- 2010-08-24 12:26 . 2010-07-17 12:00 145184 c:\windows\system32\javaw.exe
+ 2010-11-02 05:35 . 2010-09-15 11:50 145184 c:\windows\system32\java.exe
- 2010-08-24 12:26 . 2010-07-17 12:00 145184 c:\windows\system32\java.exe
+ 2006-11-30 13:50 . 2010-11-06 04:04 331480 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-27 05:56 . 2008-04-17 19:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-07-28 01:44 . 2010-07-28 01:44 197920 c:\windows\system32\dnssdX.dll
+ 2010-07-28 01:44 . 2010-07-28 01:44 107808 c:\windows\system32\dns-sd.exe
+ 2010-11-03 02:19 . 2010-05-26 18:41 248672 c:\windows\system32\d3dx11_43.dll
+ 2010-11-03 02:19 . 2009-09-05 00:29 235344 c:\windows\system32\d3dx11_42.dll
+ 2010-11-03 02:19 . 2010-05-26 18:41 470880 c:\windows\system32\d3dx10_43.dll
+ 2010-11-03 02:19 . 2009-09-05 00:29 453456 c:\windows\system32\d3dx10_42.dll
+ 2010-11-03 02:19 . 2009-03-09 22:27 453456 c:\windows\system32\d3dx10_41.dll
+ 2010-11-03 02:19 . 2008-10-10 11:52 452440 c:\windows\system32\d3dx10_40.dll
+ 2010-11-03 02:19 . 2008-07-10 18:01 467984 c:\windows\system32\d3dx10_39.dll
+ 2010-11-03 02:19 . 2008-05-30 21:11 467984 c:\windows\system32\d3dx10_38.dll
+ 2010-11-03 02:19 . 2008-02-06 06:07 462864 c:\windows\system32\d3dx10_37.dll
+ 2010-11-02 05:42 . 2010-11-02 05:42 203776 c:\windows\system32\8E620E002B48B4F2A39CD12171E70A7E\unrar.exe
+ 2010-10-28 19:36 . 2008-08-08 05:03 524288 c:\windows\Samsung\PanelMgr\SSMMgr.exe
+ 2010-10-28 19:36 . 2007-08-13 08:31 327168 c:\windows\Samsung\PanelMgr\caller64.exe
+ 2010-10-22 21:59 . 2010-10-22 21:59 335360 c:\windows\Installer\23a0fc0d.msi
- 2010-08-08 06:03 . 2010-08-08 06:03 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-08-08 06:03 . 2010-10-28 06:01 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-10-27 05:57 . 2010-10-27 05:57 380928 c:\windows\Installer\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}\iTunesIco.exe
+ 2010-10-28 19:35 . 2009-01-17 07:26 1032192 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31cum.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 1010688 c:\windows\system32\spool\drivers\w32x86\samsungclp_310_seriee7ab\cl31c.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 1032192 c:\windows\system32\spool\drivers\w32x86\cl31cum.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 1010688 c:\windows\system32\spool\drivers\w32x86\cl31c.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 1032192 c:\windows\system32\spool\drivers\w32x86\3\cl31cum.dll
+ 2010-10-28 19:35 . 2009-01-17 07:26 1010688 c:\windows\system32\spool\drivers\w32x86\3\cl31c.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 2670592 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvwssr.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 2629632 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvwss.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 4136960 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvvitvsr.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 3776512 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvvitvs.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 8769536 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvoglnt.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 2854912 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvmoblsr.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 1257472 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvmobls.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 3424256 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvgamesr.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 3391488 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvgames.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 5783552 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvdispsr.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 6582272 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvdisps.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 1241088 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvcuda.dll
+ 2010-11-07 19:30 . 2008-05-03 03:16 6554496 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nv4_mini.sys
+ 2010-11-07 19:30 . 2008-05-03 03:16 6108160 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nv4_disp.dll
+ 2010-11-07 19:30 . 2008-06-20 06:58 1765376 c:\windows\system32\ReinstallBackups\0018\DriverFiles\msicpl.dll
+ 2010-11-07 19:30 . 2005-12-05 10:09 2323664 c:\windows\system32\ReinstallBackups\0018\DriverFiles\d3dx9_28.dll
+ 2010-11-07 19:30 . 2005-07-22 11:59 2319568 c:\windows\system32\ReinstallBackups\0018\DriverFiles\d3dx9_27.dll
+ 2010-07-10 13:38 . 2010-07-10 13:38 2195030 c:\windows\system32\nvdata.bin
+ 2010-07-10 13:38 . 2010-07-10 13:38 2914408 c:\windows\system32\nvcuvid.dll
+ 2010-07-10 13:38 . 2010-07-10 13:38 2506344 c:\windows\system32\nvcuvenc.dll
+ 2008-05-03 03:16 . 2010-07-10 13:38 4595712 c:\windows\system32\nvcuda.dll
+ 2006-08-12 04:43 . 2010-07-10 13:38 1388544 c:\windows\system32\nvapi.dll
+ 2006-08-12 04:42 . 2010-07-10 13:38 6343040 c:\windows\system32\nv4_disp.dll
+ 2010-01-27 01:07 . 2010-11-06 04:08 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-10-27 05:55 . 2010-04-20 03:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_5BE1FFC476B2D9925B428CF102B47444B9A16508\usbaaplrc.dll
+ 2010-10-27 05:55 . 2010-04-20 03:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-11-03 02:19 . 2010-05-26 18:41 1998168 c:\windows\system32\D3DX9_43.dll
+ 2010-11-03 02:19 . 2009-09-05 00:29 1892184 c:\windows\system32\D3DX9_42.dll
+ 2010-11-03 02:19 . 2009-03-09 22:27 4178264 c:\windows\system32\D3DX9_41.dll
+ 2010-11-03 02:19 . 2008-10-10 11:52 4379984 c:\windows\system32\D3DX9_40.dll
+ 2010-11-03 02:19 . 2008-07-10 18:00 3851784 c:\windows\system32\D3DX9_39.dll
+ 2010-11-03 02:19 . 2008-05-30 21:11 3850760 c:\windows\system32\D3DX9_38.dll
+ 2010-11-03 02:19 . 2008-03-05 22:56 3786760 c:\windows\system32\D3DX9_37.dll
+ 2010-11-03 02:19 . 2010-05-26 18:41 1868128 c:\windows\system32\d3dcsx_43.dll
+ 2010-11-03 02:19 . 2009-09-05 00:29 5501792 c:\windows\system32\d3dcsx_42.dll
+ 2010-11-03 02:19 . 2010-05-26 18:41 2106216 c:\windows\system32\D3DCompiler_43.dll
+ 2010-11-03 02:19 . 2009-09-05 00:29 1974616 c:\windows\system32\D3DCompiler_42.dll
+ 2010-11-03 02:19 . 2009-03-09 22:27 1846632 c:\windows\system32\D3DCompiler_41.dll
+ 2010-11-03 02:19 . 2008-10-10 11:52 2036576 c:\windows\system32\D3DCompiler_40.dll
+ 2010-11-03 02:19 . 2008-07-10 18:00 1493528 c:\windows\system32\D3DCompiler_39.dll
+ 2010-11-03 02:19 . 2008-05-30 21:11 1491992 c:\windows\system32\D3DCompiler_38.dll
+ 2010-11-03 02:19 . 2008-03-05 22:56 1420824 c:\windows\system32\D3DCompiler_37.dll
+ 2010-10-28 06:01 . 2010-10-28 06:01 2068992 c:\windows\Installer\3f197219.msi
+ 2010-10-27 05:57 . 2010-10-27 05:57 6333440 c:\windows\Installer\39ec7bb1.msi
+ 2010-10-27 05:55 . 2010-10-27 05:55 1554944 c:\windows\Installer\39ec7baa.msi
+ 2010-10-27 05:55 . 2010-10-27 05:55 3084800 c:\windows\Installer\39ec7b7c.msi
+ 2010-10-27 05:54 . 2010-10-27 05:54 1984000 c:\windows\Installer\39ec7b77.msi
+ 2010-10-25 23:12 . 2010-10-25 23:12 3733504 c:\windows\Installer\332f937b.msi
+ 2010-11-07 19:30 . 2008-05-03 03:16 13529088 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvcpl.dll
+ 2006-08-12 04:42 . 2010-07-10 13:38 13549568 c:\windows\system32\nvoglnt.dll
+ 2010-07-10 00:24 . 2010-07-10 00:24 13923432 c:\windows\system32\nvcpl.dll
+ 2010-07-10 13:38 . 2010-07-10 13:38 10260480 c:\windows\system32\nvcompiler.dll
+ 2006-08-12 04:42 . 2010-07-10 13:38 10604128 c:\windows\system32\drivers\nv4_mini.sys
+ 2006-08-12 04:42 . 2010-07-10 13:38 10604128 c:\windows\system32\dllcache\nv4_mini.sys
+ 2010-10-31 05:47 . 2010-10-31 05:47 17410560 c:\windows\Installer\4e75ee41.msi
+ 2010-10-25 22:50 . 2010-09-10 19:53 10013696 c:\windows\Downloaded Installations\{ECA84414-1792-4054-836C-05BAE2E78DA4}\XenAppStreaming.msi
-- Snapshot reset to current date --
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DF956C1-34FB-76FC-0419-8E416008F1C5}]
2010-11-02 05:41 249856 ----a-w- c:\windows\system32\audiodev32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 23:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]


"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]
"SansaDispatch"="c:\documents and settings\Denis\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-19 79872]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 68856]
"Google Update"="c:\documents and settings\Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-08 136176]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-10 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-10 13923432]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-29 13:41 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MSDE Instance AKM.lnk]
backup=c:\windows\pss\MSDE Instance AKM.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Denis^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-08-14 11:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2007-03-07 18:51 24576 ----a-w- c:\documents and settings\Denis\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
2006-09-28 16:31 659456 -c--a-w- c:\program files\Philips\Philips Device Manager\bin\DeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-24 23:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-21 23:04 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2007-10-26 16:06 292152 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Denis\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\documents and settings\Denis\Application Data\Facebook\facebook.exe"= c:\documents and settings\Denis\Application Data\Facebook\facebook.exe:
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"67:UDP"= 67:UDP:DHCP Discovery Service
"443:TCP"= 443:TCP:https

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/01/2010 8:13 AM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1108000.005\symds.sys [21/09/2010 12:52 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1108000.005\symefa.sys [21/09/2010 12:52 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [01/11/2010 4:15 PM 692272]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [03/11/2010 9:35 PM 244736]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1108000.005\cchpx86.sys [21/09/2010 12:52 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1108000.005\ironx86.sys [21/09/2010 12:52 PM 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 5:19 AM 1181328]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [29/09/2010 6:02 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 11:41 AM 12856]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [17/11/2008 8:42 PM 72672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/12/2008 8:55 AM 88176]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\\ccsvchst.exe [21/09/2010 12:51 PM 126392]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [07/06/2010 2:37 PM 196912]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [08/11/2009 11:50 AM 632792]
R2 SPDFCreatorReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [24/10/2009 1:46 AM 189760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [05/06/2010 6:51 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSXpx86.sys [19/10/2010 12:36 PM 341880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 9:16 AM 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [24/08/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [24/08/2007 3:52 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [24/08/2007 3:52 PM 166384]
S2 SessionLauncher;SessionLauncher; [x]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/01/2010 10:04 AM 1684736]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 MSSQL$AKM;MSSQL$AKM;c:\program files\MICROSOFT SQL SERVER\MSSQL$AKM\Binn\sqlservr.exe -sAKM --> c:\program files\MICROSOFT SQL SERVER\MSSQL$AKM\Binn\sqlservr.exe -sAKM [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [24/08/2007 3:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [24/08/2007 3:52 PM 1083888]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [20/01/2008 12:35 PM 44928]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SQLAgent$AKM;SQLAgent$AKM;c:\program files\MICROSOFT SQL SERVER\MSSQL$AKM\Binn\sqlagent.EXE -i AKM --> c:\program files\MICROSOFT SQL SERVER\MSSQL$AKM\Binn\sqlagent.EXE -i AKM [?]
Contents of the 'Scheduled Tasks' folder

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 17:16]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 17:16]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1788223648-725345543-1004Core.job
- c:\documents and settings\Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:49]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1788223648-725345543-1004UA.job
- c:\documents and settings\Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:49]

2010-11-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 23:12]
------- Supplementary Scan -------
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearchMigratedDefaultUrl =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: cj.com
Trusted Zone: inac.gc.ca\dap-pad
Trusted Zone: linkshare.com
Trusted Zone: linksynergy.com
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://data6.archives.ca/mrsidi_cab/MrSIDI.cab
FF - ProfilePath - c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16054&locale=en_US&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]\chrome\content\AudioService.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Denis\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Denis\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Denis\Local Settings\Application Data\Google\Update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\Denis\Application Data\SysWin\lsass.exe
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Facebook Plug-In - c:\documents and settings\Denis\Application Data\Facebook\uninstall.exe


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-08 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

RTHDBPL = c:\documents and settings\Denis\Application Data\SysWin\lsass.exe??????????????????????????????????$???????????????????????????
SansaDispatch = c:\documents and settings\Denis\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe??d?y?>?????<?/?(???x???>???t%26??e?-?o?(???x???e%3dtext%252fplain%26creation-date%3d2009-

scanning hidden files ...

scan completed successfully
hidden files: 0


"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\\diMaster.dll\" /prefetch:1"
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)

- - - - - - - > 'explorer.exe'(1956)
Completion time: 2010-11-08 12:45:47
ComboFix-quarantined-files.txt 2010-11-08 20:45
ComboFix2.txt 2010-10-15 18:50

Pre-Run: 197,885,820,928 bytes free
Post-Run: 197,867,393,024 bytes free

- - End Of File - - 4BBA5CB451EDB942B0451367AF93AB5F
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One final run I feel - on completion of this can you let me know what problems you are experiencing

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:


c:\documents and settings\Denis\Application Data\SysWin


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt .


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

BC Canuck

BC Canuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 10-11-07.A2 - Denis 08/11/2010 13:57:50.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1165 [GMT -8:00]
Running from: c:\documents and settings\Denis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Denis\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))

2010-11-08 20:17 . 2010-11-08 20:17 0 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-08 20:00 . 2010-11-08 20:00 -------- d-----w- C:\_OTL
2010-11-07 19:31 . 2010-11-07 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-11-07 19:30 . 2010-11-07 19:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-11-04 19:42 . 2010-11-04 19:42 -------- d-----w- c:\program files\7-Zip
2010-11-04 05:35 . 2007-01-10 12:00 244736 ----a-w- c:\windows\system32\drivers\c2scsi.sys
2010-11-03 02:14 . 2010-11-03 02:14 -------- d-----w- c:\windows\Logs
2010-11-03 02:13 . 2010-11-03 02:13 -------- d-----w- c:\program files\Need for Speed World
2010-11-02 05:41 . 2010-11-06 03:10 -------- d-sh--w- c:\windows\system32\8E620E002B48B4F2A39CD12171E70A7E
2010-11-02 05:40 . 2010-11-02 05:41 249856 ----a-w- c:\windows\system32\audiodev32.dll
2010-10-31 07:33 . 2010-11-04 19:24 -------- d-----w- c:\documents and settings\Denis\Application Data\FrostWire
2010-10-31 07:33 . 2010-10-31 07:34 -------- d-----w- c:\program files\FrostWire
2010-10-31 05:49 . 2010-10-31 05:50 -------- d-----w- c:\documents and settings\Denis\Local Settings\Application Data\Nova Development
2010-10-31 05:41 . 2010-10-31 05:41 -------- d-----w- c:\program files\Common Files\Nova Development
2010-10-31 05:40 . 2010-10-31 05:40 -------- d-----w- c:\program files\PictureToTV
2010-10-31 05:37 . 2010-10-31 05:37 -------- d-----w- c:\program files\Nova Development
2010-10-28 19:46 . 2010-10-28 19:46 -------- d-----w- c:\documents and settings\Denis\Local Settings\Application Data\PSU
2010-10-28 19:38 . 2010-10-28 19:38 -------- d-----w- c:\documents and settings\Denis\Application Data\AskToolbar
2010-10-28 19:36 . 2008-03-17 01:10 57344 ----a-w- c:\windows\system32\ssdevm.dll
2010-10-28 19:36 . 2007-08-13 06:26 49152 ----a-w- c:\windows\system32\ssusbpn.dll
2010-10-28 19:36 . 2007-08-13 06:26 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-28 19:36 . 2007-08-13 06:26 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-10-28 19:36 . 2010-10-28 19:36 -------- d-----w- c:\windows\Samsung
2010-10-28 19:35 . 2007-08-13 09:40 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\cl31cpc.dll
2010-10-28 19:35 . 2007-08-13 09:39 151552 ----a-w- c:\windows\system32\cl31cci.exe
2010-10-28 19:35 . 2007-08-13 09:39 65536 ----a-w- c:\windows\system32\cl31cci.dll
2010-10-28 19:35 . 2007-08-13 09:39 22723 ----a-w- c:\windows\system32\cl31cl3.dll
2010-10-28 19:26 . 2010-10-28 19:26 -------- d-----w- c:\program files\Samsung
2010-10-27 05:56 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-27 05:56 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-27 05:55 . 2010-10-27 05:55 -------- d-----w- c:\program files\iPod
2010-10-27 05:55 . 2010-10-27 05:56 -------- d-----w- c:\program files\iTunes
2010-10-27 05:55 . 2010-10-27 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-27 05:54 . 2010-10-27 05:54 -------- d-----w- c:\program files\Bonjour
2010-10-25 22:59 . 2010-10-25 23:00 -------- d-----w- c:\documents and settings\Denis\Application Data\Download Manager
2010-10-15 18:20 . 2010-10-15 18:20 -------- d-----w- C:\Combo
2010-10-15 07:17 . 2010-10-15 08:23 -------- d-----w- c:\program files\BHOK IT Consulting
2010-10-15 06:50 . 2010-10-15 06:50 -------- d-----w- c:\program files\Common Files\Taxman
2010-10-15 06:50 . 2010-10-15 06:50 -------- d-----w- c:\program files\Taxman
2010-10-11 06:03 . 2010-10-11 06:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2010-09-29 13:41 . 2010-04-20 04:18 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-29 13:41 . 2010-04-20 04:18 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-29 13:41 . 2010-04-20 04:18 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-29 13:41 . 2010-04-20 04:18 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-18 19:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-04-24 17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2007-05-04 05:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 02:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2003-08-27 22:19 . 2006-12-20 03:29 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
2009-08-14 19:33 . 2009-08-14 19:33 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-08-14 19:33 . 2009-08-14 19:33 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-08-14 19:33 . 2009-08-14 19:33 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-08-14 19:33 . 2009-08-14 19:33 20824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-08-14 19:34 . 2009-08-14 19:34 206160 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-08-14 19:33 . 2009-08-14 19:33 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-08-14 19:33 . 2009-08-14 19:33 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 16:41 . 2008-05-21 16:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 16:41 . 2008-05-21 16:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 16:41 . 2008-05-21 16:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2009-08-14 18:50 . 2009-08-14 18:50 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-08-14 19:33 . 2009-08-14 19:33 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

((((((((((((((((((((((((((((( SnapShot_2010-11-08_20.44.02 )))))))))))))))))))))))))))))))))))))))))
+ 2010-11-08 22:04 . 2010-11-08 22:04 16384 c:\windows\Temp\Perflib_Perfdata_88.dat
+ 2010-11-08 22:06 . 2010-11-08 22:06 16384 c:\windows\Temp\Perflib_Perfdata_408.dat
+ 2006-11-30 23:18 . 2010-11-08 22:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-11-30 23:18 . 2010-11-08 20:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-11-08 22:02 . 2010-11-08 22:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-10-16 00:01 . 2010-11-08 20:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DF956C1-34FB-76FC-0419-8E416008F1C5}]
2010-11-02 05:41 249856 ----a-w- c:\windows\system32\audiodev32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 23:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]


"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]
"SansaDispatch"="c:\documents and settings\Denis\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-19 79872]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 68856]
"Google Update"="c:\documents and settings\Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-08 136176]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-10 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-10 13923432]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-29 13:41 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MSDE Instance AKM.lnk]
backup=c:\windows\pss\MSDE Instance AKM.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Denis^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-08-14 11:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2007-03-07 18:51 24576 ----a-w- c:\documents and settings\Denis\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
2006-09-28 16:31 659456 -c--a-w- c:\program files\Philips\Philips Device Manager\bin\DeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-24 23:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-21 23:04 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2007-10-26 16:06 292152 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Denis\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\documents and settings\Denis\Application Data\Facebook\facebook.exe"= c:\documents and settings\Denis\Application Data\Facebook\facebook.exe:
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/01/2010 8:13 AM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1108000.005\symds.sys [21/09/2010 12:52 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1108000.005\symefa.sys [21/09/2010 12:52 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [01/11/2010 4:15 PM 692272]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [03/11/2010 9:35 PM 244736]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1108000.005\cchpx86.sys [21/09/2010 12:52 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1108000.005\ironx86.sys [21/09/2010 12:52 PM 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 5:19 AM 1181328]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [29/09/2010 6:02 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 11:41 AM 12856]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [17/11/2008 8:42 PM 72672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/12/2008 8:55 AM 88176]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\\ccsvchst.exe [21/09/2010 12:51 PM 126392]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [07/06/2010 2:37 PM 196912]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [08/11/2009 11:50 AM 632792]
R2 SPDFCreatorReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [24/10/2009 1:46 AM 189760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [05/06/2010 6:51 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSXpx86.sys [19/10/2010 12:36 PM 341880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 9:16 AM 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [24/08/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [24/08/2007 3:52 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [24/08/2007 3:52 PM 166384]
S2 SessionLauncher;SessionLauncher; [x]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/01/2010 10:04 AM 1684736]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 MSSQL$AKM;MSSQL$AKM;c:\program files\MICROSOFT SQL SERVER\MSSQL$AKM\Binn\sqlservr.exe -sAKM --> c:\program files\MICROSOFT SQL SERVER\MSSQL$AKM\Binn\sqlservr.exe -sAKM [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [24/08/2007 3:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [24/08/2007 3:52 PM 1083888]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [20/01/2008 12:35 PM 44928]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SQLAgent$AKM;SQLAgent$AKM;c:\program files\MICROSOFT SQL SERVER\MSSQL$AKM\Binn\sqlagent.EXE -i AKM --> c:\program files\MICROSOFT SQL SERVER\MSSQL$AKM\Binn\sqlagent.EXE -i AKM [?]
Contents of the 'Scheduled Tasks' folder

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 16:13]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 17:16]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 17:16]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1788223648-725345543-1004Core.job
- c:\documents and settings\Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:49]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1788223648-725345543-1004UA.job
- c:\documents and settings\Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 01:49]

2010-11-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 23:12]
------- Supplementary Scan -------
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearchMigratedDefaultUrl =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: cj.com
Trusted Zone: inac.gc.ca\dap-pad
Trusted Zone: linkshare.com
Trusted Zone: linksynergy.com
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://data6.archives.ca/mrsidi_cab/MrSIDI.cab
FF - ProfilePath - c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16054&locale=en_US&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]\chrome\content\AudioService.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\kt2idi27.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Denis\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Denis\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Denis\Local Settings\Application Data\Google\Update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-08 14:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

SansaDispatch = c:\documents and settings\Denis\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe??d?y?>?????<?/?(???x???>???t%26??e?-?o?(???x???e%3dtext%252fplain%26creation-date%3d2009-

scanning hidden files ...

scan completed successfully
hidden files: 0


"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\\diMaster.dll\" /prefetch:1"
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)

- - - - - - - > 'explorer.exe'(3552)
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
------------------------ Other Running Processes ------------------------
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\iPod\bin\iPodService.exe
Completion time: 2010-11-08 14:18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-08 22:18
ComboFix2.txt 2010-11-08 20:45
ComboFix3.txt 2010-10-15 18:50

Pre-Run: 197,842,427,904 bytes free
Post-Run: 197,832,728,576 bytes free

- - End Of File - - 506627313CF4422C856BF74E1641ED54
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good now - lets see what orphans MBAM gets :D

How is it running ?
  • 0

BC Canuck

BC Canuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes' Anti-Malware 1.46

Database version: 5076

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/11/2010 2:32:35 PM
mbam-log-2010-11-08 (14-32-35).txt

Scan type: Quick scan
Objects scanned: 182015
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1df956c1-34fb-76fc-0419-8e416008f1c5} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1df956c1-34fb-76fc-0419-8e416008f1c5} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1df956c1-34fb-76fc-0419-8e416008f1c5} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1df956c1-34fb-76fc-0419-8e416008f1c5} (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\audiodev32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000632333731058C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000632333731058O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000632333731058P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000632333731058S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Remaining problems ?
  • 0

BC Canuck

BC Canuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The computer booted successfully and easily both times in the last round of fixes. So hopefully that did it. Thank you so much for all your help.
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

  • Under the Custom Scans/Fixes box at the bottom, paste in the following


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

BC Canuck

BC Canuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I appreciate the quick and expert advice. I've completed all the cleanup and I'm prepared with the spring clean stuff too.

My computer seems to be running tip-top now. That is awesome, and so are you! Thank you so much again for all your help.
  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP