Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

removing malware from win xp dell optiplex [Closed]


  • This topic is locked This topic is locked

#1
sallyw

sallyw

    Member

  • Member
  • PipPip
  • 58 posts
Hi,

I cleaned 1 computer with excellent coaching from geekstogo (essexboy) and am addressing 2nd in the same office. both systems running sophos and way too many "cleaners".

In this case i could load windows but most items are not displayed on the desktop. the start menu is empty and "all programs" list is empty.

Steps so far:

1. Ran RogueKiller from USB to enable
2. copying malwarebytes to desktop and running
quick scan yielded 7 objects detected & I removed
adware.agent and 6 instances of PUM.Hijace.StartMenu in the registry
3. rebooted and attempted to enter setup f2 so i can enable boot from cd. I found an old keyboard with usb (seems the trojan/malware disabled f2 and f12)
4. ran OTL, FRST and ListPart and copied reports here

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2012 (ATTENTION: FRST version is 14 days old)
Ran by SYSTEM at 13-11-2012 10:39:04
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2641784 2012-08-21] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [618496 2007-12-23] ()
HKLM\...\Run: [BlackArmorBackupMonitor.exe] C:\Program Files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe [4352960 2009-07-23] (Seagate)
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\BlackArmorBackup\TimounterMonitor.exe [963784 2009-07-23] (Seagate)
HKLM\...\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [376272 2009-07-23] (Seagate)
HKLM\...\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on [49152 2006-06-15] (HP)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-05-31] (LogMeIn, Inc.)
HKLM\...\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [439536 2010-09-21] (Sophos Plc)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [PC Cleaners] "C:\Program Files\PC Cleaners\PCCleaners.exe" /minimize [46919440 2011-10-13] (PC Cleaners Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
HKLM\...\Run: [HmNyHNAWbW.exe] C:\Documents and Settings\All Users\Application Data\HmNyHNAWbW.exe [x]
HKU\Administrator\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Administrator\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2011-09-13] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-21] (Google Inc.)
HKU\Administrator\...\Run: [wYhvWUlyJei2jm] C:\Documents and Settings\All Users\Application Data\wYhvWUlyJei2jm.exe [x]
Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
2 AlotService; C:\Documents and Settings\Administrator\Application Data\alotservice\alotservice.exe [201576 2012-04-12] (Vertro Inc.)
2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176193 2005-12-12] (American Power Conversion Corporation)
2 atnthost; "C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe" [16776 2010-08-30] (WebEx Communications, Inc.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [460144 2010-12-15] ()
2 FlipShareServer; "C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2010-12-15] ()
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 NitroDriverReadSpool2; "C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe" [196896 2011-12-20] (Nitro PDF Software)
2 QBVSS; "C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe" [1248256 2011-10-20] (Intuit Inc.)
3 QuickBooksDB21; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [679936 2010-04-27] (Intuit, Inc.)
2 SAVAdminService; "C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [163056 2010-10-08] (Sophos Plc)
2 SAVService; "C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe" [97520 2010-06-04] (Sophos Plc)
2 SgtSch2Svc; "C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe" [617968 2009-07-23] (Seagate)
2 Sophos AutoUpdate Service; "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" [232472 2012-04-11] (Sophos Plc)
2 swi_service; "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" [1543704 2012-02-21] (Sophos Plc)
2 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()
2 WinDefend; "C:\Program Files\Windows Defender\MsMpEng.exe" [13592 2006-11-03] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [701440 2004-08-04] (ATI Technologies Inc.)
3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [132608 2005-03-17] (Broadcom Corporation)
3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation)
3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [9344 2006-06-12] (Hewlett Packard)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
1 SAVOnAccessControl; C:\Windows\System32\DRIVERS\savonaccesscontrol.sys [153344 2010-10-08] (Sophos Plc)
1 SAVOnAccessFilter; C:\Windows\System32\DRIVERS\savonaccessfilter.sys [24064 2010-10-08] (Sophos Plc)
3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)
0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2010-10-15] (Acronis)
4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [14976 2008-05-23] (Sophos Plc)
0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [971552 2010-10-15] (Acronis)
3 TrueSight; \??\C:\WINDOWS\system32\drivers\TrueSight.sys [14336 2012-11-13] ()
3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
3 aeaudio; C:\Windows\System32\drivers\aeaudio.sys [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
4 hpt3xx; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 LMIRfsClientNP; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-11-13 10:38 - 2012-11-13 10:38 - 00000000 ____D C:\FRST
2012-11-13 09:30 - 2012-11-13 09:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2012-11-13 09:29 - 2012-11-13 09:29 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-13 09:29 - 2012-11-13 09:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-13 09:29 - 2012-11-13 09:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-11-13 09:29 - 2012-09-29 19:54 - 00022856 ___AH (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-13 09:25 - 2012-11-13 09:25 - 00004125 ____A C:\Documents and Settings\Administrator\Desktop\RKreport[1]_S_11132012_02d0925.txt
2012-11-13 09:24 - 2012-11-13 09:25 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
2012-11-13 09:24 - 2012-11-13 09:24 - 00014336 ___AH C:\Windows\System32\Drivers\TrueSight.sys
2012-11-13 09:21 - 2012-11-13 08:17 - 00673280 ___AH C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
2012-11-13 09:20 - 2012-11-13 08:24 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-13 09:18 - 2012-11-13 09:18 - 00000835 ___AH C:\Documents and Settings\Administrator\Desktop\File_Restore.lnk
2012-11-12 15:28 - 2012-11-12 15:33 - 00000168 ___AH C:\Documents and Settings\All Users\Application Data\-wYhvWUlyJei2jmr
2012-11-12 15:28 - 2012-11-12 15:33 - 00000152 ___AH C:\Documents and Settings\All Users\Application Data\-wYhvWUlyJei2jm
2012-11-12 15:27 - 2012-11-12 15:33 - 00000368 ___AH C:\Documents and Settings\All Users\Application Data\wYhvWUlyJei2jm
2012-11-12 01:21 - 2012-11-11 01:21 - 00444784 __RAH C:\Windows\System32\Drivers\etc\hosts.20121112-012151.backup
2012-11-11 01:21 - 2012-11-10 02:00 - 00444784 __RAH C:\Windows\System32\Drivers\etc\hosts.20121111-012108.backup
2012-11-10 02:00 - 2012-11-09 02:00 - 00444784 __RAH C:\Windows\System32\Drivers\etc\hosts.20121110-020037.backup
2012-11-09 02:00 - 2012-11-08 02:00 - 00444784 __RAH C:\Windows\System32\Drivers\etc\hosts.20121109-020056.backup
2012-11-08 02:00 - 2012-11-07 02:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121108-020037.backup
2012-11-07 02:00 - 2012-11-06 02:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121107-020037.backup
2012-11-06 02:00 - 2012-11-05 01:22 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121106-020057.backup
2012-11-05 01:22 - 2012-11-04 00:21 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121105-012201.backup
2012-11-04 00:21 - 2012-11-03 01:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121104-012119.backup
2012-11-03 01:00 - 2012-11-02 01:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121103-020037.backup
2012-11-02 01:00 - 2012-11-01 00:22 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121102-020057.backup
2012-11-01 00:22 - 2012-10-31 01:00 - 00444658 __RAH C:\Windows\System32\Drivers\etc\hosts.20121101-012224.backup
2012-10-31 09:42 - 2012-10-31 09:42 - 00000266 ___AH C:\Documents and Settings\Administrator\Desktop\http--www.burlington.org-community_development-docs-Revised_Bylaw10_17_12.pdf.url
2012-10-31 01:00 - 2012-10-26 01:00 - 00444658 __RAH C:\Windows\System32\Drivers\etc\hosts.20121031-020037.backup
2012-10-26 01:00 - 2012-10-25 01:00 - 00444658 __RAH C:\Windows\System32\Drivers\etc\hosts.20121026-020037.backup
2012-10-25 01:00 - 2012-10-24 01:00 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121025-020038.backup
2012-10-24 01:00 - 2012-10-23 01:00 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121024-020037.backup
2012-10-23 01:00 - 2012-10-22 00:22 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121023-020037.backup
2012-10-22 00:22 - 2012-10-21 00:22 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121022-012229.backup
2012-10-21 00:22 - 2012-10-20 01:00 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121021-012201.backup
2012-10-20 01:00 - 2012-10-19 00:20 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121020-020037.backup
2012-10-19 12:14 - 2012-10-19 12:14 - 00000719 ___AH C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2012-10-19 12:12 - 2012-10-19 12:13 - 22657136 ___AH C:\Documents and Settings\Administrator\Desktop\vlc-2.0.2-win32.exe
2012-10-19 00:20 - 2012-10-18 00:23 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121019-012044.backup
2012-10-18 00:23 - 2012-10-17 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121018-012315.backup
2012-10-17 00:20 - 2012-10-15 00:21 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121017-012052.backup
2012-10-15 00:21 - 2012-10-14 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121015-012115.backup
2012-10-14 00:20 - 2012-10-13 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121014-012028.backup

==================== 3 Months Modified Files ==================

2012-11-13 10:29 - 2011-12-14 03:01 - 00000232 ___AH C:\Windows\setupact.log
2012-11-13 10:29 - 2011-12-02 13:17 - 00218609 ___AH C:\Windows\setupapi.log
2012-11-13 10:29 - 2006-07-13 17:36 - 01089537 ___AH C:\Windows\WindowsUpdate.log
2012-11-13 10:28 - 2005-04-11 13:23 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-13 10:25 - 2005-04-11 13:23 - 00032540 ___AH C:\Windows\SchedLgU.Txt
2012-11-13 10:25 - 2005-04-11 13:15 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-13 10:25 - 2005-04-11 09:08 - 00000050 __AHC C:\Windows\wiaservc.log
2012-11-13 10:24 - 2005-04-11 13:23 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-13 10:23 - 2011-07-26 11:03 - 00000396 ___AH C:\Windows\Tasks\FileCure Startup.job
2012-11-13 10:19 - 2011-05-02 13:18 - 00000896 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-13 10:19 - 2005-04-11 13:23 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-11-13 10:18 - 2005-04-11 13:23 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2012-11-13 10:14 - 2010-10-15 14:33 - 00000330 ___AH C:\Windows\Tasks\MP Scheduled Scan.job
2012-11-13 10:13 - 2002-06-25 14:34 - 00002206 ___AH C:\Windows\System32\wpa.dbl
2012-11-13 09:55 - 2012-06-21 12:40 - 00001010 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358315832-351749593-787360149-500UA.job
2012-11-13 09:29 - 2012-11-13 09:29 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-13 09:25 - 2012-11-13 09:25 - 00004125 ____A C:\Documents and Settings\Administrator\Desktop\RKreport[1]_S_11132012_02d0925.txt
2012-11-13 09:24 - 2012-11-13 09:24 - 00014336 ___AH C:\Windows\System32\Drivers\TrueSight.sys
2012-11-13 09:22 - 2010-09-21 12:58 - 00000438 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{82430B39-5619-42F3-87FB-FC9C20140316}.job
2012-11-13 09:18 - 2012-11-13 09:18 - 00000835 ___AH C:\Documents and Settings\Administrator\Desktop\File_Restore.lnk
2012-11-13 08:24 - 2012-11-13 09:20 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-13 08:17 - 2012-11-13 09:21 - 00673280 ___AH C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
2012-11-12 15:46 - 2005-04-11 09:08 - 00000320 __AHC C:\Windows\wiadebug.log
2012-11-12 15:33 - 2012-11-12 15:28 - 00000168 ___AH C:\Documents and Settings\All Users\Application Data\-wYhvWUlyJei2jmr
2012-11-12 15:33 - 2012-11-12 15:28 - 00000152 ___AH C:\Documents and Settings\All Users\Application Data\-wYhvWUlyJei2jm
2012-11-12 15:33 - 2012-11-12 15:27 - 00000368 ___AH C:\Documents and Settings\All Users\Application Data\wYhvWUlyJei2jm
2012-11-12 15:29 - 2012-05-16 15:05 - 00322538 ___AH C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2012-11-12 15:27 - 2005-04-11 09:06 - 00637100 __AHC C:\Windows\System32\PerfStringBackup.INI
2012-11-12 15:21 - 2010-10-12 16:07 - 00131072 ___AH C:\Windows\System32\config\OAlerts.evt
2012-11-12 15:11 - 2011-05-02 13:18 - 00000900 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-12 14:54 - 2010-10-12 16:07 - 00002501 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Word 2010.lnk
2012-11-12 10:54 - 2010-10-12 16:07 - 00002507 ____A C:\Documents and Settings\Administrator\Desktop\Microsoft Outlook 2010.lnk
2012-11-12 10:31 - 2011-07-26 11:03 - 00000434 ___AH C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-11-12 10:31 - 2011-07-26 11:03 - 00000380 ___AH C:\Windows\Tasks\FileCure Default.job
2012-11-12 01:21 - 2010-10-15 15:14 - 00000344 ___AH C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2012-11-12 00:30 - 2010-10-15 15:14 - 00000330 ___AH C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
2012-11-11 23:03 - 2010-10-15 13:34 - 00000518 ___AH C:\Windows\Tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job
2012-11-11 18:00 - 2011-07-26 11:03 - 00000460 ___AH C:\Windows\Tasks\ParetoLogic Registration3.job
2012-11-11 15:55 - 2012-06-21 12:40 - 00000958 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358315832-351749593-787360149-500Core.job
2012-11-11 01:21 - 2012-11-12 01:21 - 00444784 __RAH C:\Windows\System32\Drivers\etc\hosts.20121112-012151.backup
2012-11-10 02:00 - 2012-11-11 01:21 - 00444784 __RAH C:\Windows\System32\Drivers\etc\hosts.20121111-012108.backup
2012-11-09 02:00 - 2012-11-10 02:00 - 00444784 __RAH C:\Windows\System32\Drivers\etc\hosts.20121110-020037.backup
2012-11-08 13:59 - 2012-06-21 12:40 - 00002344 ____A C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2012-11-08 02:00 - 2012-11-09 02:00 - 00444784 __RAH C:\Windows\System32\Drivers\etc\hosts.20121109-020056.backup
2012-11-07 02:00 - 2012-11-08 02:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121108-020037.backup
2012-11-06 13:17 - 2012-06-25 12:24 - 00000869 ___AH C:\Documents and Settings\Administrator\Desktop\Small Business Marketing from Constant Contact.url
2012-11-06 10:01 - 2010-10-12 16:07 - 00002459 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Excel 2010.lnk
2012-11-06 02:00 - 2012-11-07 02:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121107-020037.backup
2012-11-05 01:22 - 2012-11-06 02:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121106-020057.backup
2012-11-04 00:21 - 2012-11-05 01:22 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121105-012201.backup
2012-11-03 01:00 - 2012-11-04 00:21 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121104-012119.backup
2012-11-02 01:00 - 2012-11-03 01:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121103-020037.backup
2012-11-01 00:22 - 2012-11-02 01:00 - 00444718 __RAH C:\Windows\System32\Drivers\etc\hosts.20121102-020057.backup
2012-10-31 09:42 - 2012-10-31 09:42 - 00000266 ___AH C:\Documents and Settings\Administrator\Desktop\http--www.burlington.org-community_development-docs-Revised_Bylaw10_17_12.pdf.url
2012-10-31 01:00 - 2012-11-01 00:22 - 00444658 __RAH C:\Windows\System32\Drivers\etc\hosts.20121101-012224.backup
2012-10-30 10:48 - 2011-10-14 09:22 - 00001183 ___AH C:\Windows\System32\HPPDEVX.DLL.log
2012-10-26 01:00 - 2012-10-31 01:00 - 00444658 __RAH C:\Windows\System32\Drivers\etc\hosts.20121031-020037.backup
2012-10-25 01:00 - 2012-10-26 01:00 - 00444658 __RAH C:\Windows\System32\Drivers\etc\hosts.20121026-020037.backup
2012-10-24 01:00 - 2012-10-25 01:00 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121025-020038.backup
2012-10-23 01:00 - 2012-10-24 01:00 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121024-020037.backup
2012-10-22 00:22 - 2012-10-23 01:00 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121023-020037.backup
2012-10-21 00:22 - 2012-10-22 00:22 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121022-012229.backup
2012-10-20 01:00 - 2012-10-21 00:22 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121021-012201.backup
2012-10-19 12:14 - 2012-10-19 12:14 - 00000719 ___AH C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2012-10-19 12:13 - 2012-10-19 12:12 - 22657136 ___AH C:\Documents and Settings\Administrator\Desktop\vlc-2.0.2-win32.exe
2012-10-19 00:20 - 2012-10-20 01:00 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121020-020037.backup
2012-10-18 00:23 - 2012-10-19 00:20 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121019-012044.backup
2012-10-17 00:20 - 2012-10-18 00:23 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121018-012315.backup
2012-10-15 00:21 - 2012-10-17 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121017-012052.backup
2012-10-14 00:20 - 2012-10-15 00:21 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121015-012115.backup
2012-10-13 00:20 - 2012-10-14 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121014-012028.backup
2012-10-12 00:21 - 2012-10-13 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121013-012037.backup
2012-10-11 17:13 - 2010-10-12 16:07 - 00002507 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Publisher 2010.lnk
2012-10-11 02:23 - 2012-10-01 16:20 - 01247744 ___AH C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-10-11 02:23 - 2012-06-05 02:16 - 01050956 ___AH C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2358315832-351749593-787360149-500-0.dat
2012-10-11 02:08 - 2012-10-10 04:41 - 00017884 ___AH C:\Windows\KB2724197.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00309388 ___AH C:\Windows\iis6.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00290601 ___AH C:\Windows\FaxSetup.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00138932 ___AH C:\Windows\ocgen.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00132587 ___AH C:\Windows\tsoc.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00095358 ___AH C:\Windows\comsetup.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00087098 ___AH C:\Windows\msmqinst.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00057859 ___AH C:\Windows\ntdtcsetup.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00050901 ___AH C:\Windows\netfxocm.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00019975 ___AH C:\Windows\MedCtrOC.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00016074 ___AH C:\Windows\ocmsn.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00014617 ___AH C:\Windows\tabletoc.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00014523 ___AH C:\Windows\msgsocm.log
2012-10-11 02:08 - 2011-12-14 03:01 - 00001393 ___AH C:\Windows\imsins.log
2012-10-11 02:02 - 2012-10-11 02:02 - 00005302 ___AH C:\Windows\KB2756822.log
2012-10-11 02:02 - 2011-12-14 03:04 - 00011244 ___AH C:\Windows\System32\TZLog.log
2012-10-11 02:02 - 2011-12-14 03:01 - 00001393 ___AH C:\Windows\imsins.BAK
2012-10-11 02:02 - 2006-07-13 18:40 - 62968832 ___AH (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-11 02:01 - 2012-10-10 04:41 - 00014064 ___AH C:\Windows\KB2749655.log
2012-10-11 02:01 - 2012-10-10 04:40 - 00013949 ___AH C:\Windows\KB2661254-v2.log
2012-10-11 02:01 - 2011-12-14 03:08 - 00023370 ___AH C:\Windows\updspapi.log
2012-10-11 01:00 - 2012-10-12 00:21 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121012-012142.backup
2012-10-10 16:14 - 2012-10-10 16:14 - 00022322 ___AH C:\Documents and Settings\Administrator\Desktop\Annual Meeting Attendees as of 5PM on 10-10-12.xlsx
2012-10-10 01:00 - 2012-10-11 01:00 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121011-020037.backup
2012-10-09 00:22 - 2012-10-10 01:00 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121010-020037.backup
2012-10-08 00:22 - 2012-10-09 00:22 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121009-012226.backup
2012-10-07 00:21 - 2012-10-08 00:22 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121008-012245.backup
2012-10-06 00:22 - 2012-10-07 00:21 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121007-012158.backup
2012-10-05 01:00 - 2012-10-06 00:22 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121006-012218.backup
2012-10-04 12:45 - 2012-10-04 12:36 - 00000365 ___AH C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-10-04 12:45 - 2011-09-22 12:11 - 00206458 ___AH C:\Windows\hpoins49.dat
2012-10-04 00:20 - 2012-10-05 01:00 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121005-020037.backup
2012-10-03 00:20 - 2012-10-04 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121004-012041.backup
2012-10-02 00:20 - 2012-10-03 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121003-012039.backup
2012-10-01 00:20 - 2012-10-02 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121002-012023.backup
2012-09-30 00:20 - 2012-10-01 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20121001-012047.backup
2012-09-29 19:54 - 2012-11-13 09:29 - 00022856 ___AH (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-29 00:20 - 2012-09-30 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120930-012042.backup
2012-09-28 00:20 - 2012-09-29 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120929-012026.backup
2012-09-27 12:26 - 2012-09-27 12:26 - 00001784 ___AH C:\Documents and Settings\All Users\Desktop\Nitro Pro 7.lnk
2012-09-27 12:14 - 2006-07-13 17:38 - 00089536 ___AH C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-27 12:13 - 2005-04-11 09:04 - 00344216 ___AH C:\Windows\System32\FNTCACHE.DAT
2012-09-27 00:21 - 2012-09-28 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120928-012039.backup
2012-09-26 00:21 - 2012-09-27 00:21 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120927-012103.backup
2012-09-25 00:20 - 2012-09-26 00:21 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120926-012104.backup
2012-09-24 00:18 - 2012-09-25 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120925-012039.backup
2012-09-23 00:19 - 2012-09-24 00:18 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120924-011844.backup
2012-09-22 02:01 - 2012-09-22 02:00 - 00031939 ___AH C:\Windows\KB2744842-IE8.log
2012-09-22 00:21 - 2012-09-23 00:19 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120923-011958.backup
2012-09-21 00:20 - 2012-09-22 00:21 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120922-012146.backup
2012-09-20 00:22 - 2012-09-21 00:20 - 00444362 __RAH C:\Windows\System32\Drivers\etc\hosts.20120921-012020.backup
2012-09-19 14:56 - 2012-09-19 14:56 - 00013815 ___AH C:\Documents and Settings\Administrator\Desktop\Large companies - September 2012 - 50 - 99 employees Revised 9-19-12.xlsx
2012-09-19 01:00 - 2012-09-20 00:21 - 00444252 __RAH C:\Windows\System32\Drivers\etc\hosts.20120920-012159.backup
2012-09-18 07:51 - 2010-10-12 16:07 - 00002469 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft PowerPoint 2010.lnk
2012-09-18 00:21 - 2012-09-19 01:00 - 00444252 __RAH C:\Windows\System32\Drivers\etc\hosts.20120919-020037.backup
2012-09-17 00:21 - 2012-09-18 00:21 - 00444252 __RAH C:\Windows\System32\Drivers\etc\hosts.20120918-012139.backup
2012-09-16 00:22 - 2012-09-17 00:21 - 00444252 __RAH C:\Windows\System32\Drivers\etc\hosts.20120917-012109.backup
2012-09-15 00:21 - 2012-09-16 00:22 - 00444252 __RAH C:\Windows\System32\Drivers\etc\hosts.20120916-012205.backup
2012-09-14 00:22 - 2012-09-15 00:21 - 00444252 __RAH C:\Windows\System32\Drivers\etc\hosts.20120915-012104.backup
2012-09-13 01:00 - 2012-09-14 00:22 - 00444252 __RAH C:\Windows\System32\Drivers\etc\hosts.20120914-012206.backup
2012-09-12 02:05 - 2012-09-12 02:04 - 00006760 ___AH C:\Windows\KB2736233.log
2012-09-12 01:00 - 2012-09-13 01:00 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120913-020038.backup
2012-09-11 07:34 - 2007-01-29 03:58 - 00046080 ___AH (Microsoft Corporation) C:\Windows\System32\tzchange.exe
2012-09-11 01:00 - 2012-09-12 01:00 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120912-020037.backup
2012-09-10 00:20 - 2012-09-11 01:00 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120911-020048.backup
2012-09-09 01:00 - 2012-09-10 00:20 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120910-012015.backup
2012-09-08 00:22 - 2012-09-09 01:00 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120909-020039.backup
2012-09-07 01:00 - 2012-09-08 00:22 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120908-012203.backup
2012-09-06 00:21 - 2012-09-07 01:00 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120907-020037.backup
2012-09-05 01:00 - 2012-09-06 00:21 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120906-012154.backup
2012-09-04 00:21 - 2012-09-05 01:00 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120905-020038.backup
2012-09-03 00:22 - 2012-09-04 00:21 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120904-012130.backup
2012-09-02 00:22 - 2012-09-03 00:21 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120903-012159.backup
2012-09-01 00:21 - 2012-09-02 00:22 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120902-012201.backup
2012-08-31 00:21 - 2012-09-01 00:21 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120901-012156.backup
2012-08-30 00:22 - 2012-08-31 00:21 - 00444182 __RAH C:\Windows\System32\Drivers\etc\hosts.20120831-012151.backup
2012-08-29 01:00 - 2012-08-30 00:22 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120830-012216.backup
2012-08-28 19:44 - 2007-06-27 09:34 - 11111424 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2012-08-28 19:44 - 2006-11-08 00:03 - 11111424 ___AH (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-28 10:14 - 2012-06-12 15:58 - 00521728 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2012-08-28 10:14 - 2010-09-21 12:38 - 00743424 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2012-08-28 10:14 - 2010-09-21 12:38 - 00247808 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2012-08-28 10:14 - 2010-09-21 12:38 - 00012800 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2012-08-28 10:14 - 2007-06-27 09:34 - 02000384 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2012-08-28 10:14 - 2007-06-27 09:34 - 00630272 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2012-08-28 10:14 - 2007-06-27 09:34 - 00055296 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2012-08-28 10:14 - 2006-11-08 00:03 - 00630272 ___AH (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-28 10:14 - 2006-11-08 00:03 - 00055296 ___AH (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-28 10:14 - 2006-11-07 06:27 - 00387584 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2012-08-28 10:14 - 2006-10-17 15:05 - 01469440 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2012-08-28 10:14 - 2006-10-17 15:05 - 00105984 __AHC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2012-08-28 10:14 - 2006-10-17 15:04 - 00206848 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2012-08-28 10:14 - 2006-10-17 14:57 - 02000384 ___AH (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-28 10:14 - 2006-05-19 10:08 - 06008832 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2012-08-28 10:14 - 2006-05-10 00:23 - 01212416 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2012-08-28 10:14 - 2006-05-10 00:23 - 00916992 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2012-08-28 10:14 - 2006-05-10 00:23 - 00611840 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2012-08-28 10:14 - 2006-05-10 00:23 - 00067072 __AHC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2012-08-28 10:14 - 2006-05-10 00:22 - 00184320 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2012-08-28 10:14 - 2006-05-10 00:22 - 00025600 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2012-08-28 10:14 - 2005-04-11 14:27 - 06008832 ___AH (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-28 10:14 - 2005-04-11 14:27 - 01469440 ____H (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-28 10:14 - 2005-04-11 14:27 - 00611840 ____H (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-28 10:14 - 2005-04-11 14:27 - 00387584 ____H (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-28 10:14 - 2005-04-11 14:27 - 00184320 ___AH (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-28 10:14 - 2005-04-11 14:27 - 00067072 ___AH (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-28 10:14 - 2005-04-11 14:27 - 00043520 __AHC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2012-08-28 10:14 - 2005-04-11 14:27 - 00043520 ___AH (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-28 10:14 - 2005-04-11 14:26 - 01212416 ___AH (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-28 10:14 - 2005-04-11 14:26 - 00916992 ___AH (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-28 10:14 - 2005-04-11 14:26 - 00105984 ___AH (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-28 10:14 - 2002-06-25 14:20 - 00206848 ____H (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-28 10:14 - 2002-06-25 14:09 - 00025600 ___AH (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-28 10:12 - 2012-08-28 10:12 - 00696520 ___AH (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-28 10:12 - 2011-09-15 09:00 - 00073416 ___AH (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-28 07:07 - 2006-11-07 06:26 - 00174080 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2012-08-28 07:07 - 2006-07-13 17:24 - 00385024 ___AH (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-28 07:07 - 2005-04-11 14:27 - 00174080 ____H (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-28 00:20 - 2012-08-29 01:00 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120829-020037.backup
2012-08-27 00:20 - 2012-08-28 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120828-012029.backup
2012-08-26 00:20 - 2012-08-27 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120827-012040.backup
2012-08-25 00:20 - 2012-08-26 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120826-012023.backup
2012-08-24 08:53 - 2009-12-24 01:59 - 00177664 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\wintrust.dll
2012-08-24 08:53 - 2002-06-25 14:33 - 00177664 ___AH (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 00:20 - 2012-08-25 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120825-012036.backup
2012-08-23 00:20 - 2012-08-24 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120824-012019.backup
2012-08-22 00:20 - 2012-08-23 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120823-012018.backup
2012-08-21 08:33 - 2008-10-24 08:16 - 02148864 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2012-08-21 08:33 - 2002-06-25 14:19 - 02148864 ___AH (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-21 08:29 - 2008-10-24 08:16 - 02192896 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2012-08-21 07:58 - 2008-10-24 08:16 - 02069632 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2012-08-21 07:58 - 2008-10-24 08:16 - 02027520 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2012-08-21 07:58 - 2002-06-25 14:19 - 02027520 ___AH (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-21 00:20 - 2012-08-22 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120822-012019.backup
2012-08-20 00:20 - 2012-08-21 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120821-012032.backup
2012-08-19 00:20 - 2012-08-20 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120820-012041.backup
2012-08-18 00:21 - 2012-08-19 00:20 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120819-012057.backup
2012-08-17 00:22 - 2012-08-18 00:21 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120818-012116.backup
2012-08-16 10:45 - 2012-08-16 10:45 - 00008192 __ASH C:\Documents and Settings\Administrator\Desktop\Thumbs.db
2012-08-16 02:11 - 2012-08-16 02:11 - 00015427 ___AH C:\Windows\KB2731847.log
2012-08-16 02:11 - 2012-08-15 15:21 - 00021569 ___AH C:\Windows\KB2712808.log
2012-08-16 02:07 - 2012-08-15 15:21 - 00021723 ___AH C:\Windows\KB2705219.log
2012-08-16 02:06 - 2012-08-16 02:06 - 00014033 ___AH C:\Windows\KB2723135.log
2012-08-16 02:02 - 2012-08-16 02:01 - 00030726 ___AH C:\Windows\KB2722913-IE8.log
2012-08-16 01:00 - 2012-08-17 00:22 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20120817-012237.backup

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-11-12 03:36 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP881

RP: -> 2012-11-11 03:03 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP880

RP: -> 2012-11-10 02:38 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP879

RP: -> 2012-11-09 01:58 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP878

RP: -> 2012-11-08 17:07 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP877

RP: -> 2012-11-07 16:08 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP876

RP: -> 2012-11-07 02:39 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP875

RP: -> 2012-11-06 01:57 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP874

RP: -> 2012-11-05 04:15 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP873

RP: -> 2012-11-04 02:27 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP872

RP: -> 2012-11-03 01:15 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP871

RP: -> 2012-11-02 00:57 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP870

RP: -> 2012-11-01 15:13 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP869

RP: -> 2012-10-31 11:21 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP868

RP: -> 2012-10-30 09:44 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP867

RP: -> 2012-10-26 12:36 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP866

RP: -> 2012-10-26 07:48 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP865

RP: -> 2012-10-25 07:29 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP864

RP: -> 2012-10-24 07:26 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP863

RP: -> 2012-10-23 06:27 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP862

RP: -> 2012-10-22 06:05 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP861

RP: -> 2012-10-21 04:29 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP860

RP: -> 2012-10-20 01:46 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP859

RP: -> 2012-10-19 00:51 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP858

RP: -> 2012-10-18 19:17 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP857

RP: -> 2012-10-17 17:42 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP856

RP: -> 2012-10-17 04:41 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP855

RP: -> 2012-10-16 03:41 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP854

RP: -> 2012-10-15 02:35 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP853

RP: -> 2012-10-14 02:29 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP852

RP: -> 2012-10-13 01:41 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP851

RP: -> 2012-10-12 00:50 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP850

RP: -> 2012-10-11 02:00 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP849

RP: -> 2012-10-10 02:13 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP848


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2038.07 MB
Available physical RAM: 1751.53 MB
Total Pagefile: 1868.77 MB
Available Pagefile: 1796.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:74.5 GB) (Free:38.32 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (TOUGHDRIVE) (Removable) (Total:1.87 GB) (Free:1.7 GB) FAT
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

The disk management services could not complete the operation.

=========================================================
==================== End Of Log ============================

ListPart

ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 13-11-2012 at 10:41:40
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 2038.07 MB
Available physical RAM: 1810.17 MB
Total Pagefile: 1868.77 MB
Available Pagefile: 1798.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:74.5 GB) (Free:38.32 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (TOUGHDRIVE) (Removable) (Total:1.87 GB) (Free:1.7 GB) FAT
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 32 KB
Partition 2 Unknown 9 MB 74 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 74 GB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Partition 9 MB Healthy
======================================================================================================

****** End Of Log ******

Thanks!

Sally W
  • 0

Advertisements


#2
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
just attaching files

Attached Files


  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi dere :wave:

OK you do have a bad partition, we will clear that first using list parts and then remove the malware run keys using FRST
I see that you have run RogueKiller did you run the shortcut fix ?


OK restarting as previous download the following fix.txt to the same USB as list parts

Run Listparts and select Fix


Once that has completed
Download fixlist.txt to the same USB as FRST

Run FRST and press Fix

Once done reboot to normal windows and run RogueKiller once more

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#4
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
roguekiller reports
#1 was the report from the time i first ran program. it was hidden :)

Attached Files


  • 0

#5
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I decided to uninstall PC Cleaners while waiting for the next step. That was apparently a mistake because now I boot, Windows XP loads and then stops with a blue screen and a mouse pointer.

I ran in safemode and discovered that no restore point has been created today. I would have thought a restore point was created during one of the processes. but perhaps not.

thx,
Sally
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Sal what I would suggest is that you restore to the latest restore point, this will restore the malware but not the MBR partition
So once you have restored go to safe mode and run RogueKiller three times.. Scan..Delete .. Fix shortcuts

Or from safe mode run MSConfig and select clean boot. This will stop the driver causing the blue screen from loading. We can then run OTL and remove the miscreant

Step 1: Start the System Configuration Utility

1.Click Start, click Run, type msconfig, and then click OK.
2.The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options

1.In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2.Click to clear the Process SYSTEM.INI File check box.
3.Click to clear the Process WIN.INI File check box.
4.Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
5.Click the Services tab.
6.Click to select the Hide All Microsoft Services check box.
7.Click Disable All, and then click OK.
8.When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

1.If you are prompted, log on to Windows.
2.When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

Notes?

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Tick do not show this again .


THEN

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#7
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
uploading files from otl run
Sally

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2012/04/12 15:32:08 | 000,201,576 | ---- | M] (Vertro Inc.) [Disabled | Stopped] -- C:\Documents and Settings\Administrator\Application Data\alotservice\alotservice.exe -- (AlotService)
SRV - [2010/08/30 02:35:20 | 000,016,776 | -H-- | M] () [Disabled | Stopped] -- C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe -- (atnthost)
IE - HKU\S-1-5-21-2358315832-351749593-787360149-500\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=25FFE1B001CD27B668DE8598&install_time=2012-05-01T16:19:17Z&src_id=30046&camp_id=3324&tb_version=1.2.0002.2(B)
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.5.0
[2012/09/24 09:12:10 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q7bullxk.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKU\S-1-5-21-2358315832-351749593-787360149-500\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
[2012/11/12 15:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\File Restore
[2012/11/12 15:27:33 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/11/12 15:27:33 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk

:Files
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
still not booting. will apply the fix. am assuming that i need to still be in selective start mode.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please, so even in selective start it fails to boot

Was it the PCTools firewall that was removed
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter

This may be the cause, most are network related so a bad uninstall of the firewall may have caused that

Mayhap a restore is called for here and we will just re-kill the malware
  • 0

#12
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
it's loading with selective. i'm attaching the otl.txt file.

Attached Files

  • Attached File  OTL.Txt   83.43KB   169 downloads

  • 0

#13
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
it also looks as if the ALOT program has been removed.
  • 0

#14
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
just rebooted with normal boot. no blue screen. normal programs appearing. ALOT is no longer listed among the services
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So full functionality with a selective start

Could you now re-enable half of the disabled services and see if it still boots... We need to determine which service is preventing the boot. Unfortunately this will be a trial and error process
If the first half enabled allow a boot then re-enable half of the remainder
Once the service that is blocking the start is determined then we can work from there

Apart from the boot problem are there any other apparent issues ?

If the A lot bar is required, although it does take up internet speed and bandwidth then I will return that for you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP