WARNING! YOUR'RE IN DANGER!

View previous topic View next topic Go down

WARNING! YOUR'RE IN DANGER!

Post by hillb2 on Sun 06 Mar 2011, 2:28 am

I have this wallpaper virus and it will not let me open any files or open anything - can't download OTL.
UPDATE - I just tried doing this in the Safe Mode and here is what I got - 1st section of OTL.txt

OTL logfile created on: 3/5/2011 10:42:32 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Marshall\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 625.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 816 1632 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 86.21 Gb Free Space | 37.79% Space Free | Partition Type: NTFS
Drive D: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Unable to calculate disk information.
Drive J: | 14.94 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: FAT32

Computer Name: MARSHHOME | User Name: Marshall | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/05 09:02:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL.com
PRC - [2009/04/13 13:18:48 | 007,190,637 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/05 09:02:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ufbkavct)
SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Disabled | Stopped] -- -- (AOL ACS)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 19:12:35 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\skeys.exe -- (SerialKeys)
SRV - [2007/06/29 17:54:16 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/27 17:12:36 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/26 01:47:30 | 000,272,128 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2007/06/12 11:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/04/18 07:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 07:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 05:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 04:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 03:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 03:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 03:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 03:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 03:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 03:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 03:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 03:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 03:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/09 19:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/01 15:24:02 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/01/01 15:21:47 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/11/08 11:55:24 | 000,004,736 | ---- | M] (Laplink Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\llusbflt.sys -- (LLUSBFLT)
DRV - [2005/02/25 01:20:02 | 000,375,936 | ---- | M] (Emuzed, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Angel.sys -- (Angel)
DRV - [2004/08/24 11:52:42 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/28 13:46:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D20C9907-5C0A-480F-AB9D-650B22FE0874}: C:\Documents and Settings\Marshall\Local Settings\Application Data\{D20C9907-5C0A-480F-AB9D-650B22FE0874} [2011/01/29 10:53:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/05 08:25:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.7\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2010/12/13 18:05:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2010/12/13 18:05:14 | 000,000,000 | ---D | M]

[2009/04/07 16:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Extensions
[2011/03/05 08:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\fkgauy7f.default\extensions
[2011/03/05 08:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\fkgauy7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/07 23:25:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\fkgauy7f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/02/07 23:25:57 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\fkgauy7f.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/02/11 14:41:27 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\fkgauy7f.default\extensions\ChoiceGuard@Microsoft
[2011/03/05 08:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/12 10:11:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/13 13:18:53 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2009/04/13 13:18:39 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/04/13 13:18:39 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/04/13 13:18:41 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2009/04/07 16:46:18 | 003,771,296 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/04/13 13:18:52 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2009/04/13 13:18:52 | 000,000,741 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2009/04/13 13:18:52 | 000,001,150 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.png
[2009/04/13 13:18:52 | 000,000,539 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.src
[2008/07/17 16:20:18 | 000,000,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ask.gif
[2009/04/07 16:41:09 | 000,000,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ask.src
[2009/04/13 13:18:52 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2009/04/13 13:18:52 | 000,001,007 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2009/04/13 13:18:52 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2009/04/13 13:18:52 | 000,001,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2009/04/13 13:18:52 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2009/04/13 13:18:52 | 000,000,733 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2010/11/26 09:42:40 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2009/04/13 13:18:52 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2009/04/13 13:18:52 | 000,001,122 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2010/12/01 11:33:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Xdabihebajog] C:\WINDOWS\unicuhuhoneniqe.dll (CyberLink Corp.)
O4 - HKCU..\Run: [Mnivozisij] C:\WINDOWS\gatrcosx.dll ()
O4 - HKCU..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe ()
O4 - HKCU..\RunOnce: [eIpLgDk06300] C:\Documents and Settings\All Users\Application Data\eIpLgDk06300\eIpLgDk06300.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} [You must be registered and logged in to see this link.] (SOE Web Installer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} [You must be registered and logged in to see this link.] (SonyOnlineInstallerX)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} [You must be registered and logged in to see this link.] (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} [You must be registered and logged in to see this link.] (ZtServiceManager Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} [You must be registered and logged in to see this link.] (FujifilmUploader Class)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} [You must be registered and logged in to see this link.] (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [You must be registered and logged in to see this link.] (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marshall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marshall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/10/07 00:58:56 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2006/11/05 17:08:40 | 000,000,354 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/21 02:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/06/27 04:12:50 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "sprtsvc_dellsupportcenter"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NetSvc"
MsConfig - Services: "MDM"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "IJPLMSVC"
MsConfig - Services: "IDriverT"
MsConfig - Services: "gusvc"
MsConfig - Services: "gupdate1c9652933ff0dac"
MsConfig - Services: "DTSRVC"
MsConfig - Services: "DSBrokerService"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - Services: "CLTNetCnService"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "AOL ACS"
MsConfig - Services: "McTaskManager"
MsConfig - Services: "McShield"
MsConfig - Services: "McAfeeFramework"
MsConfig - Services: "ATI Smart"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "idsvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IM-me.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Marshall^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - - File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CTDVDDET - hkey= - key= - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTHelper - hkey= - key= - File not found
MsConfig - StartUpReg: CTSysVol - hkey= - key= - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: DT HPW - hkey= - key= - C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Lamp - hkey= - key= - C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe ()
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MimBoot - hkey= - key= - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - Q867282
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - Q890923
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - IEJAVA
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {12e9e220-7101-11d3-824e-0000f80697e6} - Windows 98 Second Edition Q238453 Update
ActiveX: {14e380f0-c285-4faf-bbd9-29efec36d1af} - Windows 98 Q323172 Update
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 7.0.0
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2806b4d1-cadf-4568-99df-1c8836a6b4bc} - Windows 98 Q823559 Update
ActiveX: {280ad020-daec-11d2-83c7-0000f8051539} - Mobile processor update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2cd1b477-8d46-4b86-b7dc-13fb65fb5914} - Windows 98 KB891711 Update
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {3091dfdd-1894-477d-97c1-379f6b2636ac} - Windows 98 Q890175 Update
ActiveX: {32b1db33-27b9-43b7-8904-d5352decc292} - Windows 98 KB891711 Update
ActiveX: {34718640-ecfa-11d2-b5da-00a0c90833e8} - Windows 98 Second Edition
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38c91f78-0b74-451c-bcc5-95e5b3131849} - Q891781
ActiveX: {3a753dda-02a0-4834-b37c-9d3470a556ce} - Windows 98 Q888113 Update
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C30259F-BF13-49d0-B002-19EBFC785800} - Windows 98 Q323255 Update
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015C} - NetMeeting
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015D} - DirectX Layer
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47f67d00-9e55-11d1-baef-00c04fc2d130} - AOL Support Files
ActiveX: {4ed033a1-6334-4415-9089-bcabcc0b32f5} - Windows 98 Second Edition Q256015 Update
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {50daafc0-e217-11d2-83c7-0000f8051539} - Continuous windows operation fix
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {76C19B50-F0C8-11cf-87CC-0020AFEECF20} - Language Auto-Selection
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {804e2aa0-a9e4-4aa4-877b-f9e2c125e043} - Windows 98 Second Edition Q273991 Update
ActiveX: {893c7200-9dd-11d2-b0d6-00c04f777f0c} - Microsoft Libraries update
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4395} - rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\system32\ie4uinit.inf,Shell.UserStub,,36
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {9664fac0-26c5-11d4-a58a-00902766e933} - Windows 98 Second Edition Q259728 Update
ActiveX: {9a2e4ab0-9a7e-11d2-9da1-00c04f98bbc9} - Windows Media Player Codecs
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - C:\WINDOWS\system32\updcrl.exe -e -u C:\WINDOWS\system32\verisignpub1.crl
ActiveX: {b2bd81e0-979d-11d3-8000-0090276c5e3a} - Windows 98 Q245729 Update
ActiveX: {b59c7da0-daea-11d2-83c7-0000f8051539} - Registration wizard update
ActiveX: {b6e23809-caf7-4c8f-93f8-5f40dfabaaa1} - Windows 98 Q329115 Update
ActiveX: {B9A1063C-F9CC-11D1-8E01-0020AFE53FCF} - Active accessibility update
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C6EE82B1-BF65-4e0a-912E-A7B3BBA31F51} - Windows 98 Q811630 Update
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA0A4247-44BE-11d1-A005-00805F8ABE06} - RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {ce195cf6-3b36-4ffa-8df4-91a0f7ef577d} - Windows 98 Q840315 Update
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5925FA0-73D1-11D2-BCC5-0000F83002C6} - Windows 98 Year 2000 Update
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >PerUser_MSN_Clean - C:\WINDOWS\msnmgsr1.exe
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
ActiveX: PerUser_LinkBar_URLs - C:\WINDOWS\COMMAND\sulfnbk.exe /L

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 10:37:21 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL(4).com
[2011/03/05 10:11:45 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/05 09:06:51 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL(3).com
[2011/03/05 09:02:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL(2).com
[2011/03/05 09:02:08 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL.com
[2011/03/04 23:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eIpLgDk06300
[2011/02/22 11:03:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/02/04 16:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\My Documents\Comp Apps 2
[2005/12/01 12:12:47 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/12/01 12:12:47 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[5 C:\*.tmp files -> C:\*.tmp -> ]
[290 C:\Documents and Settings\Marshall\My Documents\*.tmp files -> C:\Documents and Settings\Marshall\My Documents\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Marshall\Desktop\*.tmp files -> C:\Documents and Settings\Marshall\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/05 10:37:17 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL(4).com
[2011/03/05 10:35:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/05 10:34:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/05 10:33:26 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/03/05 10:33:26 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/03/05 10:33:26 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/03/05 10:33:26 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/03/05 10:33:26 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/03/05 10:32:43 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Vqukupalirikijir.dat
[2011/03/05 10:32:18 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/05 10:30:00 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6EF6D11C-D921-4040-A5C9-ECD769239F67}.job
[2011/03/05 09:29:15 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/05 09:06:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL(3).com
[2011/03/05 09:02:39 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL(2).com
[2011/03/05 09:02:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marshall\Desktop\OTL.com
[2011/03/05 08:26:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mjixerewerilupav.bin
[2011/03/05 07:57:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/03 07:41:57 | 000,000,063 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/03/03 07:41:57 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/02 02:58:18 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/27 11:52:17 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Ambitions.lnk
[2011/02/26 19:59:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/23 16:19:45 | 000,010,674 | ---- | M] () -- C:\Documents and Settings\Marshall\Desktop\Zombatar_18.jpg
[2011/02/22 11:03:41 | 000,002,150 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2011/02/22 10:51:57 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
[2011/02/12 12:19:40 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2011/02/09 12:29:03 | 000,450,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 12:11:20 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/06 13:59:06 | 000,010,040 | ---- | M] () -- C:\Documents and Settings\Marshall\Desktop\Zombatar_2.jpg
[2011/02/04 16:56:44 | 000,007,503 | ---- | M] () -- C:\Documents and Settings\Marshall\My Documents\art.htm
[2011/02/03 19:18:54 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Master Key User Options
[2011/02/03 19:18:53 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Master Key History
[2011/02/03 19:16:35 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2011/02/03 19:16:35 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\Marshall\Desktop\LEGO Digital Designer.lnk
[5 C:\*.tmp files -> C:\*.tmp -> ]
[290 C:\Documents and Settings\Marshall\My Documents\*.tmp files -> C:\Documents and Settings\Marshall\My Documents\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Marshall\Desktop\*.tmp files -> C:\Documents and Settings\Marshall\Desktop\*.tmp -> ]


hillb2

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-03-06
Operating System : windows xp

View user profile

Back to top Go down

2nd section

Post by hillb2 on Sun 06 Mar 2011, 3:41 am

========== Files Created - No Company Name ==========

[2011/03/05 08:56:35 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/27 11:52:12 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Ambitions.lnk
[2011/02/23 16:19:45 | 000,010,674 | ---- | C] () -- C:\Documents and Settings\Marshall\Desktop\Zombatar_18.jpg
[2011/02/22 11:03:41 | 000,002,150 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2011/02/22 10:51:57 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
[2011/02/04 16:56:43 | 000,007,503 | ---- | C] () -- C:\Documents and Settings\Marshall\My Documents\art.htm
[2011/02/04 16:49:54 | 002,099,672 | ---- | C] () -- C:\Documents and Settings\Marshall\My Documents\I Vampiri.jpg
[2011/02/03 19:16:35 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2011/02/03 19:16:35 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\Marshall\Desktop\LEGO Digital Designer.lnk
[2011/01/27 22:04:26 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\Master Key History
[2011/01/27 22:04:26 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\Master Key User Options
[2010/12/09 20:28:27 | 000,000,063 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/12/09 20:28:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/01 11:15:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/01 11:15:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/01 11:15:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/01 11:15:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/01 11:15:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/23 20:30:21 | 000,008,262 | ---- | C] () -- C:\WINDOWS\System32\e659parse889z.bin
[2009/11/15 15:22:45 | 000,006,676 | ---- | C] () -- C:\WINDOWS\System32\91536zpy3ef.dll
[2009/10/26 09:59:43 | 000,007,899 | ---- | C] () -- C:\WINDOWS\System32\z0583s5am9ot720.exe
[2009/09/15 02:52:41 | 000,017,149 | ---- | C] () -- C:\WINDOWS\System32\z8606vir95754.bin
[2009/08/16 07:44:51 | 000,004,507 | ---- | C] () -- C:\WINDOWS\System32\e0195r2z91.bin
[2009/08/15 20:48:06 | 000,007,707 | ---- | C] () -- C:\WINDOWS\System32\94downzoa5er613.dll
[2009/08/14 12:57:52 | 000,016,035 | ---- | C] () -- C:\WINDOWS\System32\z11939py6e5.dll
[2009/08/14 12:57:52 | 000,010,943 | ---- | C] () -- C:\WINDOWS\System32\97c0thief2z85.exe
[2009/08/14 12:57:52 | 000,007,051 | ---- | C] () -- C:\WINDOWS\System32\z6281worm975.bin
[2009/08/14 12:57:51 | 000,018,185 | ---- | C] () -- C:\WINDOWS\System32\92c6downl5adez1638.dll
[2009/08/14 12:57:51 | 000,018,120 | ---- | C] () -- C:\WINDOWS\System32\c58spy5are2z59.exe
[2009/08/14 12:57:51 | 000,016,318 | ---- | C] () -- C:\WINDOWS\System32\z9aa5hreat19868.bin
[2009/08/14 12:57:51 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\74dzb9ckdoor5702.dll
[2009/08/14 12:57:51 | 000,013,233 | ---- | C] () -- C:\WINDOWS\System32\964viz5238.dll
[2009/08/14 12:57:51 | 000,009,786 | ---- | C] () -- C:\WINDOWS\System32\9190zo9m5c9.bin
[2009/08/14 12:57:51 | 000,009,688 | ---- | C] () -- C:\WINDOWS\System32\z69not9a-viru57ec.exe
[2009/08/14 12:57:51 | 000,008,532 | ---- | C] () -- C:\WINDOWS\System32\9e9bbackdoor18z25.dll
[2009/08/14 12:57:51 | 000,008,521 | ---- | C] () -- C:\WINDOWS\System32\a439za5se3249.bin
[2009/08/14 12:57:51 | 000,004,056 | ---- | C] () -- C:\WINDOWS\System32\6z94spar5e796.bin
[2009/08/13 20:38:00 | 000,003,241 | ---- | C] () -- C:\WINDOWS\th1234.dat
[2009/08/10 11:21:02 | 000,008,637 | ---- | C] () -- C:\WINDOWS\System32\7814h5cktoolz59.dll
[2009/08/09 12:27:46 | 000,016,510 | ---- | C] () -- C:\WINDOWS\System32\7z25stea9323.bin
[2009/08/01 22:29:08 | 000,008,753 | ---- | C] () -- C:\WINDOWS\System32\7659viru9z1c.dll
[2009/07/14 04:25:46 | 000,006,098 | ---- | C] () -- C:\WINDOWS\System32\z179ack5oor2380.bin
[2009/06/24 21:06:54 | 000,006,298 | ---- | C] () -- C:\WINDOWS\System32\z2286vir9s515.dll
[2009/06/20 23:27:54 | 000,004,787 | ---- | C] () -- C:\WINDOWS\System32\7247downlozder5009.dll
[2009/06/05 13:47:15 | 000,013,754 | ---- | C] () -- C:\WINDOWS\System32\99c7s5ezl1648.exe
[2009/06/02 02:14:11 | 000,016,796 | ---- | C] () -- C:\WINDOWS\System32\9c65zhreat4494.bin
[2009/04/20 15:01:12 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2009/04/17 10:51:43 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\Native.exe
[2009/04/17 10:33:12 | 000,000,258 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/04/17 10:26:06 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/13 10:04:12 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2009/04/08 06:35:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mjixerewerilupav.bin
[2009/04/08 06:35:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vqukupalirikijir.dat
[2009/03/20 20:27:41 | 000,011,491 | ---- | C] () -- C:\WINDOWS\System32\z3ffste592705.dll
[2009/02/19 18:52:30 | 000,004,932 | ---- | C] () -- C:\WINDOWS\System32\7701viz29625.exe
[2009/02/05 23:40:30 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\99443w5rz797.bin
[2009/01/22 11:43:07 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\7a1bs5ywar9251z.bin
[2009/01/16 12:30:40 | 000,004,698 | ---- | C] () -- C:\WINDOWS\System32\7752vzrus3a9.bin
[2009/01/08 00:48:06 | 000,015,908 | ---- | C] () -- C:\WINDOWS\System32\z36aste5l994.dll
[2009/01/05 12:34:37 | 000,011,133 | ---- | C] () -- C:\WINDOWS\System32\z4d9s5yware2570.bin
[2008/12/24 18:31:23 | 000,016,326 | ---- | C] () -- C:\WINDOWS\System32\7499t5zef3107.dll
[2008/12/20 16:16:34 | 000,010,477 | ---- | C] () -- C:\WINDOWS\System32\7z57w9rm554.dll
[2008/10/28 17:39:40 | 000,009,302 | ---- | C] () -- C:\WINDOWS\System32\7b3zthr5at17982.dll
[2008/10/07 12:31:38 | 000,013,575 | ---- | C] () -- C:\WINDOWS\System32\z598spy9ar51158.dll
[2008/07/17 05:39:04 | 000,014,118 | ---- | C] () -- C:\WINDOWS\System32\b75thiefz579.exe
[2008/06/17 19:28:57 | 000,016,392 | ---- | C] () -- C:\WINDOWS\System32\9b55szeal77.exe
[2008/06/03 14:10:12 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\z959thi9f786.bin
[2008/05/13 08:07:35 | 000,011,747 | ---- | C] () -- C:\WINDOWS\System32\9959vir1z54.dll
[2008/04/04 23:13:07 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/04/04 06:30:05 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\z9cev5r1560.dll
[2008/03/26 08:43:03 | 000,014,534 | ---- | C] () -- C:\WINDOWS\System32\7cecdownloazer9659.exe
[2008/03/07 23:45:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpsjbmgr.ini
[2008/02/27 10:09:39 | 000,015,185 | ---- | C] () -- C:\WINDOWS\System32\z88959roj60b5.bin
[2008/02/19 06:05:48 | 000,005,703 | ---- | C] () -- C:\WINDOWS\System32\7757ba9kdozr815.dll
[2008/02/15 09:52:41 | 000,003,236 | ---- | C] () -- C:\WINDOWS\System32\z0172not-a9vir5s1ea.exe
[2008/02/04 20:42:54 | 000,000,928 | ---- | C] () -- C:\WINDOWS\System32\hpsj1695.dll
[2008/01/27 12:08:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2008/01/13 01:32:40 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\z937spyware450.exe
[2008/01/05 04:41:03 | 000,005,072 | ---- | C] () -- C:\WINDOWS\System32\94z015irus2be.bin
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/06/12 22:23:25 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 11:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 11:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 11:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 11:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/24 18:04:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/11/12 10:11:33 | 000,004,078 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/05 19:27:59 | 000,041,973 | ---- | C] () -- C:\WINDOWS\WININIT.EXE
[2006/11/05 19:27:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\VCMUI.EXE
[2006/11/05 19:26:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\UPWIZUN.EXE
[2006/11/05 19:25:51 | 000,045,379 | ---- | C] () -- C:\WINDOWS\SMARTDRV.EXE
[2006/11/05 19:25:50 | 000,018,939 | ---- | C] () -- C:\WINDOWS\SETVER.EXE
[2006/11/05 19:25:49 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2006/11/05 19:25:47 | 000,012,663 | ---- | C] () -- C:\WINDOWS\RAMDRIVE.SYS
[2006/11/05 19:25:46 | 000,000,182 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/11/05 19:25:45 | 000,000,270 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/11/05 19:25:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\PIDSET.EXE
[2006/11/05 19:25:40 | 000,027,616 | ---- | C] () -- C:\WINDOWS\PIDGEN.DLL
[2006/11/05 19:23:09 | 000,122,936 | ---- | C] () -- C:\WINDOWS\MSOWS409.DLL
[2006/11/05 19:23:09 | 000,034,543 | ---- | C] () -- C:\WINDOWS\NBTSTAT.EXE
[2006/11/05 19:23:09 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2006/11/05 19:23:08 | 000,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
[2006/11/05 19:23:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\MM2ENT.EXE
[2006/11/05 19:22:53 | 000,129,080 | ---- | C] () -- C:\WINDOWS\LOGOW.SYS
[2006/11/05 19:22:53 | 000,129,078 | ---- | C] () -- C:\WINDOWS\LOGOS.SYS
[2006/11/05 19:22:51 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2006/11/05 19:22:51 | 000,003,708 | ---- | C] () -- C:\WINDOWS\IFSHLP.SYS
[2006/11/05 19:22:50 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2006/11/05 19:22:49 | 000,033,191 | ---- | C] () -- C:\WINDOWS\HIMEM.SYS
[2006/11/05 19:22:47 | 000,125,495 | ---- | C] () -- C:\WINDOWS\EMM386.EXE
[2006/11/05 19:22:45 | 000,089,147 | ---- | C] () -- C:\WINDOWS\DOSREP.EXE
[2006/11/05 19:22:45 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2006/11/05 19:22:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\desinst32.exe
[2006/11/05 19:22:43 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2006/11/05 19:22:42 | 000,002,614 | ---- | C] () -- C:\WINDOWS\DBLBUFF.SYS
[2006/11/05 19:22:36 | 000,024,626 | ---- | C] () -- C:\WINDOWS\CMD640X.SYS
[2006/11/05 19:22:36 | 000,020,901 | ---- | C] () -- C:\WINDOWS\CMD640X2.SYS
[2006/11/05 19:22:12 | 000,001,105 | ---- | C] () -- C:\WINDOWS\ASPI2HLP.SYS
[2006/11/05 18:01:21 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL
[2006/11/05 18:01:12 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\WINALI.INI
[2006/11/05 18:01:12 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\WINALX.INI
[2006/11/05 18:00:58 | 000,056,057 | ---- | C] () -- C:\WINDOWS\System32\UNICODE.BIN
[2006/11/05 18:00:56 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\tips.dll
[2006/11/05 18:00:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SUCATREG.EXE
[2006/11/05 18:00:39 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\REBOOT.COM
[2006/11/05 18:00:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL
[2006/11/05 18:00:14 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\mswheel.exe
[2006/11/05 18:00:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\mswheel.dll
[2006/11/05 18:00:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MSHLOCAL.dll
[2006/11/05 17:59:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2006/11/05 17:59:34 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\IMGST_TR.INI
[2006/11/05 17:59:34 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\IMGSTART.INI
[2006/11/05 17:59:31 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL
[2006/11/05 17:59:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[2006/11/05 17:59:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GROUPPOL.DLL
[2006/11/05 17:59:02 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL
[2006/11/05 17:58:25 | 000,014,696 | ---- | C] () -- C:\WINDOWS\System32\CONAGENT.EXE
[2006/11/05 17:58:24 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\cmtool32.dll
[2006/11/05 17:58:22 | 000,010,208 | ---- | C] () -- C:\WINDOWS\System32\BVRPWFU.drv
[2006/11/05 17:39:11 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/11/05 17:39:11 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/11/05 17:11:22 | 000,000,109 | ---- | C] () -- C:\WINDOWS\au30dos.ini
[2006/10/23 12:21:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/31 00:11:08 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/23 00:34:17 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\PFP120JPR.{PB
[2006/08/23 00:34:17 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\PFP120JCM.{PB
[2006/06/01 17:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/15 17:04:55 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/05/03 00:39:35 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/21 21:00:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/04/21 20:24:31 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2006/03/23 21:19:53 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2006/02/17 21:09:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/01/21 20:58:09 | 000,001,150 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2006/01/07 15:51:42 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/01/05 01:44:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/01/01 15:21:47 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9533.sys
[2005/12/31 14:50:18 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\B6D2BA2A5F.sys
[2005/12/29 01:53:57 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/29 01:31:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/27 05:08:55 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/27 04:47:06 | 000,142,780 | ---- | C] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\imageCache7.db
[2005/12/26 18:32:36 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\fusioncache.dat
[2005/12/01 12:27:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/01 12:25:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.dat
[2005/12/01 12:25:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.dat
[2005/12/01 12:22:36 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/01 12:18:57 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/01 12:16:21 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/01 12:13:13 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2005/12/01 12:13:11 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/12/01 12:13:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/12/01 12:12:48 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/12/01 12:12:48 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/12/01 12:12:48 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/12/01 12:12:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/01 12:12:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/12/01 12:12:47 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2005/12/01 12:12:47 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/12/01 12:12:24 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/12/01 11:48:34 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/12/01 11:48:34 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/12/01 11:48:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/01 11:48:26 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/01 11:48:24 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/12/01 11:48:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/12/01 11:47:54 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 22:00:28 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\pdbrowse.dll
[2005/08/31 11:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,450,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\gatrcosx.dll
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,435,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,068,214 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:30 | 006,566,656 | ---- | C] () -- C:\WINDOWS\System32\baxameqn.dat
[2005/08/16 05:18:30 | 000,633,600 | ---- | C] () -- C:\WINDOWS\System32\xvvhatdj.dat
[2005/08/16 05:18:30 | 000,218,880 | ---- | C] () -- C:\WINDOWS\System32\hniirpap.dat
[2005/08/16 05:18:30 | 000,045,824 | ---- | C] () -- C:\WINDOWS\System32\ikpbwaox.dat
[2005/08/16 05:18:30 | 000,037,120 | ---- | C] () -- C:\WINDOWS\System32\isinxpcv.dat
[2005/08/16 05:18:30 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\nyvdcioo.dat
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/05/13 22:07:29 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/05/13 22:07:29 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/11/28 18:40:23 | 000,000,080 | ---- | C] () -- C:\WINDOWS\POOHRFMD.INI
[2004/11/25 21:49:43 | 000,000,428 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2004/08/28 18:07:55 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/12 13:25:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2004/07/08 15:05:15 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/07/08 15:05:15 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/07/08 15:05:14 | 000,025,600 | ---- | C] () -- C:\WINDOWS\MEMBOOT.DLL
[2004/07/08 14:58:01 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/07/08 13:42:02 | 000,006,550 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.DAT
[2004/07/08 12:13:47 | 000,006,140 | ---- | C] () -- C:\WINDOWS\NDISHLP.SYS
[2004/07/08 12:13:46 | 000,014,952 | ---- | C] () -- C:\WINDOWS\PROTMAN.EXE
[2004/07/08 12:10:21 | 000,004,809 | ---- | C] () -- C:\WINDOWS\System32\LMSCRIPT.EXE
[2004/07/08 12:00:39 | 000,132,064 | ---- | C] () -- C:\WINDOWS\System32\WMPASS.DLL
[2004/07/08 11:57:41 | 000,462,880 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[2004/07/08 11:55:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/07/08 11:55:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\MOUSEDRV.INI
[2004/05/27 17:37:31 | 000,000,245 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/02/17 16:38:00 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/01/31 17:22:37 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/01/31 17:19:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2003/08/02 22:01:21 | 000,094,304 | ---- | C] () -- C:\WINDOWS\System32\hpz9xd04.drv
[2003/07/30 22:00:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\hppstats.ini
[2003/04/08 20:27:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2003/03/12 19:59:50 | 000,000,567 | ---- | C] () -- C:\WINDOWS\WM8.INI
[2003/02/02 15:01:31 | 000,765,952 | ---- | C] () -- C:\WINDOWS\NuNInst.exe
[2003/01/30 18:54:36 | 000,037,362 | ---- | C] () -- C:\WINDOWS\System32\hph1115.dat
[2003/01/30 18:54:32 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\hphuci03.dll
[2003/01/30 18:54:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 18:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2003/01/25 19:11:14 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\QuickBooks Templates.lnk
[2003/01/20 13:43:35 | 000,000,333 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI
[2003/01/20 13:43:24 | 000,000,270 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2003/01/20 13:42:39 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2003/01/20 13:42:31 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppLangChoice.ini
[2003/01/20 13:42:29 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/01/20 13:42:29 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/01/20 13:41:48 | 000,004,000 | ---- | C] () -- C:\WINDOWS\System32\hppfxdrv.drv
[2003/01/20 13:41:41 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/13 23:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AS32CHASSIS.INI
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/29 23:23:00 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2002/12/28 15:18:35 | 000,000,249 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/12/28 14:46:09 | 000,000,762 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/05/23 22:18:28 | 000,265,902 | ---- | C] () -- C:\WINDOWS\Aolunins.exe
[2002/04/22 17:24:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\PLUGIN~1.EXE
[2002/04/20 22:53:06 | 000,000,081 | ---- | C] () -- C:\WINDOWS\IMPORTCLIENT.INI
[2002/04/20 22:07:40 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2002/04/20 22:04:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2002/04/20 21:09:14 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2002/04/20 21:09:13 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\Ptabimp3.exe
[2002/03/14 20:36:21 | 000,000,065 | ---- | C] () -- C:\WINDOWS\ARIEL_SS.INI
[2001/04/15 09:18:56 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2001/03/29 16:10:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe
[2001/03/29 16:10:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\CR.ini
[2001/03/02 20:55:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2001/02/05 20:18:33 | 000,000,021 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2001/02/05 16:58:39 | 000,150,016 | ---- | C] () -- C:\WINDOWS\crlasp95.dll
[2001/02/05 16:47:56 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpoj_reg.ini
[2000/10/30 12:51:47 | 000,000,280 | ---- | C] () -- C:\WINDOWS\sizzle.ini
[2000/10/20 13:25:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2000/08/05 11:12:34 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Toyland.ini
[2000/05/03 23:37:23 | 000,000,132 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2000/05/03 23:23:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2000/05/03 23:22:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2000/05/03 23:21:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2000/05/03 23:21:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2000/05/03 23:17:35 | 000,000,904 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2000/05/03 23:17:34 | 000,000,811 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2000/05/03 23:17:32 | 000,006,838 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2000/04/08 11:46:39 | 000,000,418 | ---- | C] () -- C:\WINDOWS\dlcs.INI
[2000/01/17 00:43:08 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2000/01/16 23:55:49 | 000,000,512 | ---- | C] () -- C:\WINDOWS\randseed.bin
[2000/01/10 18:10:22 | 000,000,305 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2000/01/10 18:07:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[1999/12/01 20:55:15 | 000,008,766 | ---- | C] () -- C:\WINDOWS\hh.dat
[1999/11/25 19:12:00 | 000,001,952 | ---- | C] () -- C:\WINDOWS\System32\aolndi.dll
[1999/11/24 13:16:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFRIEND.INI
[1999/10/22 10:34:11 | 000,000,527 | ---- | C] () -- C:\WINDOWS\hegames.ini
[1999/10/22 09:50:14 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1999/10/21 01:20:22 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[1999/10/20 23:37:39 | 000,002,164 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[1999/10/20 23:30:39 | 000,008,359 | ---- | C] () -- C:\WINDOWS\disney.ini
[1999/10/07 01:06:44 | 000,000,157 | ---- | C] () -- C:\WINDOWS\AudioMix.ini
[1999/10/07 01:06:24 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\inetwh16.dll
[1999/10/07 01:06:24 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\setbrows.exe
[1999/10/07 01:06:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vtdg8830.dll
[1999/10/07 01:06:20 | 000,000,336 | ---- | C] () -- C:\WINDOWS\Vtray.ini
[1999/10/07 00:56:43 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[1999/10/07 00:55:38 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[1999/10/07 00:53:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\9770P.INI
[1999/10/07 00:52:39 | 000,057,344 | ---- | C] () -- C:\WINDOWS\DVDRGN.EXE
[1999/10/07 00:52:38 | 000,139,264 | ---- | C] () -- C:\WINDOWS\DVDPLAY.EXE
[1999/10/07 00:52:02 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\MFNDFILE.EXE
[1999/10/07 00:52:02 | 000,079,375 | ---- | C] () -- C:\WINDOWS\System32\OSR2GLUE.EXE
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/08/13 23:25:42 | 000,053,039 | ---- | C] () -- C:\WINDOWS\System32\EXTRACT.EXE

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 05:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/05/30 00:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9D.DLL
[2008/05/29 19:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9D.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1999/04/23 22:22:00 | 000,091,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Channel Screen Saver.SCR
[2006/03/20 13:14:58 | 001,159,168 | ---- | M] () -- C:\WINDOWS\My Sim Aquarium.scr
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2004/07/08 11:56:46 | 000,000,266 | -H-- | M] () -- C:\Program Files\desktop.ini
[2004/07/08 11:56:46 | 000,011,079 | -H-- | M] () -- C:\Program Files\folder.htt

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/10 18:17:06 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2008/01/04 23:18:09 | 000,005,120 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Thumbs.db

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/12/26 18:32:48 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 05:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/26 12:34:42 | 000,568,672 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Marshall\Desktop\ChromeSetup.exe
[2010/12/01 11:10:45 | 003,983,387 | R--- | M] () -- C:\Documents and Settings\Marshall\Desktop\ComboFix.exe
[2010/11/26 12:21:13 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marshall\Desktop\mbam-setup-1.46(2).exe
[2010/11/26 12:24:48 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marshall\Desktop\mbam-setup-1.46(3).exe
[2010/11/26 12:03:38 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marshall\Desktop\mbam-setup-1.46.exe
[2009/08/14 18:52:39 | 003,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marshall\Desktop\mbam-setup.exe
[1 C:\Documents and Settings\Marshall\Desktop\*.tmp files -> C:\Documents and Settings\Marshall\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >
[2002/05/23 22:20:18 | 008,398,225 | RH-- | M] () -- C:\Program Files\Internet Explorer\ie5bak.DAT
[2003/03/28 16:08:32 | 010,106,466 | RH-- | M] () -- C:\Program Files\Internet Explorer\ie6bak.DAT

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >
[1999/04/23 22:22:00 | 000,000,654 | ---- | M] () -- C:\WINDOWS\Config\GENERAL.IDF

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2009/04/13 13:18:48 | 007,190,637 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/04/13 13:18:53 | 000,123,524 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
[2009/04/13 13:18:53 | 000,063,606 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xpicleanup.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/12/26 18:32:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Marshall\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2006/01/01 15:21:47 | 000,664,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2006/01/01 15:21:47 | 000,096,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd9533.sys

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 06:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/12/08 19:55:44 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\system32\B6D2BA2A5F.sys
[2004/08/10 06:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2005/02/07 22:07:08 | 000,004,608 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI64.sys
[2005/03/13 19:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2005/02/09 16:08:04 | 000,007,168 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DLPT64.sys
[2000/11/16 17:35:44 | 000,025,424 | ---- | M] (CNet Technology, Inc.) -- C:\WINDOWS\system32\DM9PCI3.SYS
[2000/11/16 17:35:44 | 000,025,824 | ---- | M] (CNet Technology, Inc.) -- C:\WINDOWS\system32\DM9PCI4.SYS
[2001/07/25 16:49:54 | 000,033,207 | ---- | M] (CNet Technology, Inc. ) -- C:\WINDOWS\system32\DM9PCI5.SYS
[2005/02/08 16:04:46 | 000,005,632 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEn64.sys
[2005/02/08 15:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2005/02/08 18:46:04 | 000,005,120 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMO64.sys
[2004/06/15 18:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2004/08/10 06:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2001/01/16 14:43:08 | 000,085,972 | ---- | M] (HP) -- C:\WINDOWS\system32\hppadt40.sys
[2001/01/16 14:43:34 | 000,015,792 | ---- | M] (HP) -- C:\WINDOWS\system32\hppaprt0.sys
[2001/01/16 14:41:34 | 000,098,524 | ---- | M] (HP) -- C:\WINDOWS\system32\hppausb0.sys
[2004/08/10 06:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 06:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/12/08 19:55:45 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\system32\KGyGaAvL.sys
[1999/04/23 22:22:00 | 000,016,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\NDISWMI.SYS
[1999/04/23 22:22:00 | 000,056,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\NETPPTP.SYS
[2004/08/10 06:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 06:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 06:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 06:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 06:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 06:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[1999/08/18 13:03:56 | 000,016,768 | ---- | M] (Voyetra Turtle Beach.) -- C:\WINDOWS\system32\vtdg8830.sys
[2001/08/16 18:20:34 | 000,028,396 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\wanatw4.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2001/12/17 11:25:58 | 000,015,417 | ---- | M] (Scientific Atlanta) -- C:\WINDOWS\system32\WEBSTAR.SYS
[2010/12/31 08:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2006/02/09 19:26:38 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/05/30 00:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9D.DLL
[2008/05/29 19:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9D.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/03 01:07:19 | 000,031,091 | ---- | M] () -- C:\00000000.MCQ
[2006/01/31 15:10:58 | 000,000,042 | ---- | M] () -- C:\ace.log
[2005/12/29 01:48:51 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/29 01:48:51 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[1999/10/07 00:58:56 | 000,000,189 | ---- | M] () -- C:\AUTOEXEC.001
[2006/11/05 17:08:40 | 000,000,354 | ---- | M] () -- C:\AUTOEXEC.BAK
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/20 14:32:02 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/12/01 11:21:02 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2006/03/17 07:44:14 | 000,074,119 | -H-- | M] () -- C:\BOOTLOG.PRV
[2006/03/17 07:52:28 | 000,070,634 | -H-- | M] () -- C:\BOOTLOG.TXT
[2008/11/24 20:33:10 | 000,231,932 | ---- | M] () -- C:\ClearLog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/01 11:40:07 | 000,046,328 | ---- | M] () -- C:\ComboFix.txt
[2006/11/05 17:12:48 | 000,000,967 | ---- | M] () -- C:\command.PIF
[2003/02/03 11:16:02 | 000,000,258 | ---- | M] () -- C:\CONFIG.BAK
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2002/04/20 21:04:32 | 000,000,067 | RHS- | M] () -- C:\DclEng.log
[2005/12/01 11:52:32 | 000,006,388 | RH-- | M] () -- C:\dell.sdr
[2003/02/02 16:41:16 | 000,008,160 | -HS- | M] () -- C:\DETLOG.OLD
[2004/07/08 11:53:50 | 000,007,357 | -HS- | M] () -- C:\DETLOG.TXT
[2002/04/27 01:34:54 | 000,002,086 | ---- | M] () -- C:\dlr.log
[2001/03/29 10:46:26 | 000,000,000 | ---- | M] () -- C:\Dumplog.txt
[2004/07/08 11:53:14 | 000,000,778 | ---- | M] () -- C:\FRUNLOG.TXT
[2011/03/05 09:29:15 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2005/12/27 03:18:16 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2006/01/07 15:49:09 | 000,015,747 | ---- | M] () -- C:\install.log
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2008/07/28 20:42:02 | 000,002,000 | -H-- | M] () -- C:\IPH.PH
[2002/04/20 21:04:28 | 000,000,005 | ---- | M] () -- C:\lcl.dat
[2004/07/08 12:07:06 | 000,000,005 | ---- | M] () -- C:\lcl.txt
[2005/11/30 09:02:24 | 000,000,142 | ---- | M] () -- C:\lfinfo.dat
[2004/06/13 19:41:02 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2008/11/08 08:56:41 | 001,585,539 | ---- | M] () -- C:\logfile
[1999/09/07 14:35:30 | 000,129,078 | ---- | M] () -- C:\logo.W98
[1999/05/14 10:49:20 | 000,001,646 | -H-- | M] () -- C:\MSDOS.---
[2004/07/08 11:38:12 | 000,001,716 | RHS- | M] () -- C:\MSDOS.BAK
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004/07/08 11:58:36 | 000,007,615 | ---- | M] () -- C:\NETLOG.TXT
[2000/08/10 22:24:06 | 000,000,118 | ---- | M] () -- C:\netsig.txt
[2005/12/27 02:28:34 | 000,001,040 | ---- | M] () -- C:\net_save.dna
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/10 18:09:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/05 10:34:34 | 855,638,016 | -HS- | M] () -- C:\pagefile.sys
[2009/01/31 15:38:08 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009/04/17 11:10:10 | 000,000,679 | ---- | M] () -- C:\reimage.log
[2006/11/01 19:15:02 | 000,313,688 | ---- | M] () -- C:\SCANDISK.LOG
[2003/02/02 16:48:24 | 000,164,060 | -H-- | M] () -- C:\SETUPLOG.OLD
[2004/07/08 11:58:36 | 000,150,749 | -H-- | M] () -- C:\SETUPLOG.TXT
[2003/02/02 19:10:22 | 000,004,014 | ---- | M] () -- C:\SETUPXLG.TXT
[2011/01/24 15:00:35 | 000,000,481 | ---- | M] () -- C:\stub.log
[1999/05/14 11:00:46 | 000,007,798 | RH-- | M] () -- C:\SUHDLOG.---
[2003/02/02 16:36:10 | 000,005,166 | RH-- | M] () -- C:\SUHDLOG.BAK
[2005/12/01 12:17:36 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2004/06/13 17:43:40 | 002,405,464 | ---- | M] () -- C:\trace.log
[2003/02/02 16:24:16 | 161,025,075 | RH-- | M] () -- C:\W98UNDO.DAT
[2003/02/02 16:24:18 | 000,369,968 | RH-- | M] () -- C:\W98UNDO.INI
[2003/02/02 16:21:00 | 000,050,037 | RHS- | M] () -- C:\WINLFN.INI
[2003/02/02 16:21:02 | 000,023,493 | RHS- | M] () -- C:\WINLFN1.INI
[1999/04/21 11:04:14 | 000,000,017 | -H-- | M] () -- C:\ZTECH.BAT
[1999/06/22 17:26:04 | 000,109,057 | -H-- | M] () -- C:\ZTECH.EXE
[1999/06/22 15:59:34 | 000,000,481 | ---- | M] () -- C:\ZTECH.RES
[1999/06/28 13:03:52 | 000,143,658 | -H-- | M] () -- C:\ZZ.EXE
[1999/05/03 15:03:48 | 000,000,277 | -H-- | M] () -- C:\ZZTOP.BAT
[5 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2006/11/05 18:02:11 | 000,000,000 | ---D | M] -- C:\Program Files\3Com
[2007/03/21 18:30:29 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2006/11/05 18:02:20 | 000,000,000 | R--D | M] -- C:\Program Files\Accessories
[2006/11/05 18:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2006/11/05 18:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Adaptec
[2006/11/05 18:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/11/05 18:03:24 | 000,000,000 | ---D | M] -- C:\Program Files\ahead
[2010/01/22 21:43:28 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2006/11/05 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\aod
[2009/04/13 13:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2010/09/02 21:26:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/03/23 21:30:48 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/04/17 10:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/12/13 17:59:01 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/11/05 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2010/04/11 16:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/03/29 21:17:12 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2009/04/20 13:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2006/11/05 18:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\CHAT
[2010/12/01 11:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/08/16 05:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/08/28 14:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2005/12/01 12:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2007/01/22 15:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Wonders
[2005/12/01 12:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/04/22 15:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/12/22 22:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Games
[2008/04/28 06:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/04/09 12:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2006/11/05 18:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\DirectX
[2006/11/05 18:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2008/11/05 20:27:49 | 000,000,000 | ---D | M] -- C:\Program Files\Disney Interactive
[2008/12/26 17:31:12 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2008/03/27 18:50:33 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES 3
[2008/12/26 17:31:12 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES2
[2006/01/05 01:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2011/02/27 11:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/04/22 15:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2006/10/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/04/22 15:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\ESPNMotion
[2006/11/05 18:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Exit Killer
[2006/11/05 18:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\FBI
[2006/11/05 18:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\FinePixViewer
[2008/01/02 21:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\Formosoft
[2006/12/02 18:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\GameHouse
[2010/12/09 20:24:24 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2008/03/09 16:48:41 | 000,000,000 | ---D | M] -- C:\Program Files\Girl Tech
[2009/12/09 21:39:46 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/02/04 20:42:48 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/11/05 18:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\HP OfficeJet Series 600
[2006/11/05 18:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\hp photosmart
[2006/11/05 18:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\iChoose
[2011/02/27 11:45:58 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/12/01 12:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/02/10 13:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/11/05 18:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/12/13 18:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/13 18:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/02/03 22:13:38 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/11/05 18:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\JumpStart
[2010/03/29 16:39:32 | 000,000,000 | ---D | M] -- C:\Program Files\KingsIsle Entertainment
[2010/01/10 12:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2006/11/05 16:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\Laplink
[2007/04/30 18:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\Legacy Interactive
[2010/03/24 13:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Company
[2006/11/05 18:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/12/01 15:57:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/31 15:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\Master Key
[2006/11/05 18:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mattel Interactive
[2006/11/05 18:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mattel Media
[2011/03/05 08:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2006/11/05 19:02:17 | 000,000,000 | ---D | M] -- C:\Program Files\mcafee.com
[2005/12/31 23:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\MCE
[2006/01/05 01:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Media Center Karaoke Plug-in
[2009/04/17 15:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/04/20 11:57:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/01/05 01:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/09 12:56:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/08/16 05:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/10/25 20:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2007/08/03 22:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/04/20 11:58:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2007/07/30 17:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus!
[2007/07/30 17:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2006/11/05 18:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Reference
[2011/01/06 09:19:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/11/05 18:47:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets & Trips
[2006/01/05 01:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/12/01 17:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/09/04 21:06:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2006/01/05 01:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/12/01 17:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/05 18:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\MoviePlace
[2011/03/05 10:35:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/05 18:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\MS Hardware
[2009/04/20 09:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/04/20 13:30:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/16 13:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/08/16 05:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/07/30 17:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSNIA
[2006/10/14 08:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/01/05 01:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/10/10 18:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/11/05 18:47:48 | 000,000,000 | ---D | M] -- C:\Program Files\Network Associates
[2007/07/30 17:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\NetZero
[2005/12/01 12:14:27 | 000,000,000 | ---D | M] -- C:\Program Files\NetZeroInstallers
[2008/10/10 17:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\NoAdware
[2009/04/16 13:35:52 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2006/11/05 18:48:25 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate
[2006/01/05 01:56:07 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2007/07/29 07:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\OLYMPUS
[2010/01/18 19:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 12:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/07/30 17:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2008/04/10 17:30:56 | 000,000,000 | ---D | M] -- C:\Program Files\PCFriendly
[2009/04/22 15:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\PHILIPS
[2007/07/30 17:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\PhoneTools
[2006/11/05 18:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2006/11/05 18:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Plus!
[2010/12/09 20:28:27 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2009/01/31 15:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Portrait Displays
[2006/10/23 12:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2006/11/05 18:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\QI
[2010/12/13 18:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/07/30 17:45:18 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime(2)
[2006/05/23 22:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/04/20 09:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/04/17 10:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reimage
[2006/10/22 01:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2006/11/05 18:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\Scholastic's Clifford
[2006/01/05 01:57:06 | 000,000,000 | ---D | M] -- C:\Program Files\SlySoft
[2006/10/22 01:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Panel
[2006/11/05 18:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2010/02/12 18:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Online Entertainment
[2006/11/05 18:54:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/11/05 18:54:30 | 000,000,000 | ---D | M] -- C:\Program Files\Surf Safari
[2006/11/05 18:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\The Learning Company
[2006/01/05 01:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/12/02 18:54:29 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2009/04/22 15:47:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/06/06 18:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2007/07/30 17:45:23 | 000,000,000 | ---D | M] -- C:\Program Files\Valentine's Day 3D Screensaver
[2010/02/11 14:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Earth 3D
[2006/11/05 18:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\VitalSigns
[2006/11/05 18:55:23 | 000,000,000 | ---D | M] -- C:\Program Files\Volo View Express
[2006/11/05 18:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\VOYETRA
[2009/04/22 15:47:21 | 000,000,000 | R--D | M] -- C:\Program Files\Web Publish
[2009/09/24 18:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\WillMaker 8
[2007/07/30 17:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/04/20 13:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009/04/20 11:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/04/20 11:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/10/10 18:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/08/16 05:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/11/05 19:12:44 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/10/07 22:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\Winkflash
[2009/02/07 10:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2007/07/30 17:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\WOW
[2005/08/16 05:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/11/24 08:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2005/12/01 12:16:14 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name
[2010/02/22 22:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\YouSendIt
[2007/04/30 18:05:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2005/08/16 05:33:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Marshall\Application Data\desktop.ini
[2006/11/04 07:24:14 | 000,009,999 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\dw.log
[2005/12/31 02:34:15 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2011/02/03 19:18:53 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Master Key History
[2011/02/03 19:18:54 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Master Key User Options
[2009/04/16 08:13:38 | 000,001,392 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\ntuser.dat.sp1
[2009/04/16 15:13:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\ntuser.dat.sp2
[2006/08/23 00:34:17 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\PFP120JCM.{PB
[2006/08/23 00:34:17 | 000,061,678 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\PFP120JPR.{PB
[2003/01/25 19:11:16 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\QuickBooks Templates.lnk


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/10 18:04:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/10 18:04:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys


hillb2

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-03-06
Operating System : windows xp

View user profile

Back to top Go down

3rd Section

Post by hillb2 on Sun 06 Mar 2011, 3:47 am

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/10 18:04:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/10 18:04:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/10/10 18:04:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/10/10 18:04:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[1997/05/15 05:30:00 | 000,032,576 | ---- | M] (Microsoft Corporation) MD5=5A00EED05C478461405447FD550179E5 -- C:\TOOLS_95\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/10/10 18:04:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/10/10 18:04:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\i386\USBSTOR.SYS
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-10 17:02:25

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F

< End of report >

hillb2

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-03-06
Operating System : windows xp

View user profile

Back to top Go down

Extras.txt

Post by hillb2 on Sun 06 Mar 2011, 3:52 am

OTL Extras logfile created on: 3/5/2011 10:42:32 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Marshall\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 625.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 816 1632 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 86.21 Gb Free Space | 37.79% Space Free | Partition Type: NTFS
Drive D: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Unable to calculate disk information.
Drive J: | 14.94 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: FAT32

Computer Name: MARSHHOME | User Name: Marshall | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1135839545\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1135839545\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{348054A0-6F9A-4EF9-BBB0-827C14C20D86}" = Media Center Karaoke Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{62426D97-A032-4C69-845D-C002763915AB}" = My Movies
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Create a World Tool - Beta
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D9C0880-1234-4115-B7D2-444332C7CEEC}" = My Netflix
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8B611C23-ADB6-4F5E-A04A-959EB0D349F6}" = Winkflash Transporter
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90200409-6000-11D3-8CFE-0050048383C9}" = System Files Update
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEBE08FB-2801-4ABD-B8BE-3187512E4634}" = MTV Overdrive for Media Center
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 3.0.1
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Collapse! Crunch" = Collapse! Crunch
"EADM" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Google Chrome" = Google Chrome
"HP PrecisionScan" = HP PrecisionScan
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master Key_is1" = Master Key 5.5.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (1.5.0.7)" = Mozilla Firefox (1.5.0.7)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pet Pals Animal Doctor" = Pet Pals Animal Doctor
"Plants vs. Zombies" = Plants vs. Zombies
"PROSet" = Intel(R) PRO Network Connections Drivers
"PUBLISHERR" = Microsoft Office Publisher 2007
"RealPlayer 6.0" = RealPlayer
"Reimage Repair" = Reimage Repair
"UnityWebPlayer" = Unity Web Player
"WildTangent dell Master Uninstall" = WildTangent Games
"WillMaker 8 Deluxe" = WillMaker 8 Deluxe
"Winamp" = Winamp (remove only)
"Windows" = Uninstall Windows 98 Second Edition
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 2" = Zoo Tycoon 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BFX Drippy" = BFX Drippy
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"New LEGO Digital Designer" = LEGO Digital Designer
"SOE-Clone Wars" = Clone Wars

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2011 8:12:30 AM | Computer Name = MARSHHOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/25/2011 8:12:30 AM | Computer Name = MARSHHOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/27/2011 4:04:24 PM | Computer Name = MARSHHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2011 11:32:43 PM | Computer Name = MARSHHOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2011 12:22:56 AM | Computer Name = MARSHHOME | Source = Media Center Guide | ID = 0
Description = Event Info: Guide creation error. Process: DefaultDomain Object Name:
Media Center Guide

Error - 3/2/2011 12:22:57 AM | Computer Name = MARSHHOME | Source = Media Center Guide | ID = 0
Description = Event Info: Guide creation error. Process: DefaultDomain Object Name:
Media Center Guide

Error - 3/2/2011 12:22:57 AM | Computer Name = MARSHHOME | Source = Media Center Guide | ID = 0
Description = Event Info: Guide creation error. Process: DefaultDomain Object Name:
Media Center Guide

Error - 3/2/2011 12:22:57 AM | Computer Name = MARSHHOME | Source = Media Center Guide | ID = 0
Description = Event Info: Guide creation error. Process: DefaultDomain Object Name:
Media Center Guide

Error - 3/2/2011 12:22:57 AM | Computer Name = MARSHHOME | Source = Media Center Scheduler | ID = 0
Description =

Error - 3/2/2011 12:23:21 AM | Computer Name = MARSHHOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unicuhuhoneniqe.dll, version 0.0.0.0, fault address 0x0002202b.

[ OSession Events ]
Error - 2/12/2010 11:50:07 PM | Computer Name = MARSHHOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 344138
seconds with 180 seconds of active time. This session ended with a crash.

Error - 5/11/2010 12:51:46 PM | Computer Name = MARSHHOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/5/2011 10:41:00 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 111 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 3/5/2011 10:41:05 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 112 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 3/5/2011 10:41:10 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 11 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/5/2011 10:41:10 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 113 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 3/5/2011 10:41:16 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 114 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 3/5/2011 10:41:21 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 115 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 3/5/2011 10:41:27 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 116 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 3/5/2011 10:41:32 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 117 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 3/5/2011 10:41:37 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 118 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 3/5/2011 10:41:43 AM | Computer Name = MARSHHOME | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 119 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.


< End of report >

hillb2

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-03-06
Operating System : windows xp

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER!

Post by Belahzur on Sun 06 Mar 2011, 12:13 pm

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER!

Post by hillb2 on Sun 06 Mar 2011, 4:25 pm

I was able to rename and save the Combo-fix file - but cannot access my online Malwarebytes to disable the tool.

hillb2

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-03-06
Operating System : windows xp

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER!

Post by Belahzur on Mon 07 Mar 2011, 12:45 pm

MBAM shouldn't need disabling, try leaving it on and running Combofix.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Combo-Fix not responding

Post by hillb2 on Mon 07 Mar 2011, 12:57 pm

Nothing happens when I double click the icon and a pop-up message says that Combo-fix has been infected

hillb2

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-03-06
Operating System : windows xp

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER!

Post by Belahzur on Tue 08 Mar 2011, 12:12 pm

Hello.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER!

Post by hillb2 on Tue 08 Mar 2011, 11:52 pm

After double clicking, a black pop-up flashes briefly and then nothing happens

hillb2

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-03-06
Operating System : windows xp

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER!

Post by hillb2 on Wed 09 Mar 2011, 12:08 am

I retried in the Safe Mode and this is what I got:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 08:05 on 08/03/2011 (Marshall)
Firefox version 1.5.0.7 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[You must be registered and logged in to see this link.] [15:11 12/11/2006]
{3112ca9c-de6d-4884-a869-9855de68056c} [15:11 12/11/2006]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:11 12/11/2006]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [03:14 04/02/2009]

C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\fkgauy7f.default\extensions\
ChoiceGuard@Microsoft [19:41 11/02/2010]
{20a82645-c095-46ed-80e3-08825760534b} [13:59 05/03/2011]
{3112ca9c-de6d-4884-a869-9855de68056c} [04:25 08/02/2009]
{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [22:19 14/07/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:13 04/02/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [18:46 28/03/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:01 20/04/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [15:58 13/06/2009]

---------- Old Logs ----------
GooredFix[12.59.21_08-03-2011].txt

-=E.O.F=-

hillb2

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-03-06
Operating System : windows xp

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER!

Post by Belahzur on Wed 09 Mar 2011, 11:20 am

Hmm.
Can you run Combofix now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER!

Post by Sponsored content Today at 12:52 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum