tried to remove fake windows security, now usb won't work

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

tried to remove fake windows security, now usb won't work

Post by dmn3331 on Tue 31 May 2011, 8:25 am

hi,
i followed some advice i saw about removing the fake windows security on my pc (i'm now working on my laptop)...the advice included running kaspersky, malwarebytes, and then turning system restore off and on...i turned it off (in safe mode) but couldn't turn it back on...now i'm not sure what happened, or what other things i may have run that i saw posted as helps, but currently i can't even use my mouse, so i can't log in...even in safe mode. what to do?

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

ps- i don't know how to run the otl or other programs on my pc without mouse!

Post by dmn3331 on Tue 31 May 2011, 9:01 am

ps- i don't know how to run the otl or other programs on my pc without mouse! that's why i haven't followed the directions...can someone tell me how to do this when my mouse (and all things connect via usb) aren't working on my pc?

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Belahzur on Wed 01 Jun 2011, 7:15 am

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

done, but a few differences

Post by dmn3331 on Wed 01 Jun 2011, 1:38 pm

Hi,
i followed your instructions except
1) it did not ask me "Do you wish to load the remote registry?", but went straight to the next question
2) the options under drivers were: none, use safelist, all...so i chose none

here is the otl.txt:
OTL logfile created on: 5/31/2011 11:29:37 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 98.49 Gb Free Space | 68.24% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2011/05/14 02:57:53 | 000,251,216 | -H-- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/05/14 02:57:53 | 000,206,160 | -H-- | M] (Computer Associates International, Inc.) [Auto] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/08/23 21:21:40 | 000,013,672 | -H-- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Disabled] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Disabled] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 000,076,848 | -H-- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\Nikko_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [2011/05/16 05:30:57 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [swg] File not found
O4 - HKU\Nikko_ON_C..\Run: [AIM] File not found
O4 - HKU\Nikko_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Nikko_ON_C..\Run: [swg] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [bdWruSduNKKJP] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1\kasperskysetup_9.0.0.722_27.05.2011_16-20\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DIANE_BLUMENFIELD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jesse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nikko_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 19:12:07 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/27 23:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2011/05/27 23:21:29 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\2366736.sys
[2011/05/27 23:21:29 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\23667361.sys
[2011/05/27 23:21:29 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\23667362.sys
[2011/05/27 23:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1
[2011/05/27 23:18:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/27 23:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/27 18:42:58 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6435323.sys
[2011/05/27 18:42:58 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\64353231.sys
[2011/05/27 18:42:58 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\64353232.sys
[2011/05/27 18:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/05/26 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Malwarebytes
[2011/05/26 21:03:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/26 21:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/26 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/26 21:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/26 21:03:05 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/25 09:49:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Recent
[2011/05/25 08:17:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Start Menu\Programs\Windows XP Recovery
[2011/05/24 20:55:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\_paul cat scans april 2011
[2011/05/24 20:53:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\My Documents\paul 2011 ct scans
[2011/05/22 09:26:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Desktop\Jesse's Work
[2011/05/21 08:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikko\Local Settings\Application Data\Conduit
[2011/05/21 08:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikko\Local Settings\Application Data\quixley_v2
[2011/05/21 08:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikko\Application Data\somototoolbar
[2011/05/21 08:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikko\Application Data\dtband
[2011/05/21 08:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikko\Local Settings\Application Data\ConduitEngine
[2011/05/19 18:13:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jesse\Local Settings\Application Data\Conduit
[2011/05/19 18:13:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jesse\Local Settings\Application Data\quixley_v2
[2011/05/19 18:12:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jesse\Application Data\dtband
[2011/05/19 18:12:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jesse\Application Data\somototoolbar
[2011/05/19 18:12:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jesse\Local Settings\Application Data\ConduitEngine
[2011/05/16 19:36:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\Conduit
[2011/05/16 19:35:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\quixley_v2
[2011/05/16 19:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\somototoolbar
[2011/05/16 19:35:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\dtband
[2011/05/16 19:35:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\ConduitEngine
[2011/05/15 08:46:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Conduit
[2011/05/15 08:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\quixley_v2
[2011/05/15 08:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\ConduitEngine
[2011/05/15 08:46:02 | 000,000,000 | -H-D | C] -- C:\Program Files\ConduitEngine
[2011/05/15 08:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\Conduit
[2011/05/15 08:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\Temp
[2011/05/15 08:45:40 | 000,000,000 | -H-D | C] -- C:\Program Files\quixley_v2
[2011/05/15 07:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\dtband
[2011/05/15 07:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\somototoolbar
[2011/05/15 07:01:57 | 000,000,000 | -H-D | C] -- C:\Program Files\somototoolbar
[2011/05/15 07:01:38 | 000,000,000 | -H-D | C] -- C:\Program Files\MP3 Rocket FileBulldog Toolbar
[2011/05/13 22:04:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/05/13 22:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\PC_Drivers_Headquarters
[2011/05/13 22:03:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/13 22:03:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/05/13 22:03:03 | 000,000,000 | -H-D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2011/05/13 21:59:08 | 000,000,000 | -H-D | C] -- C:\BJPrinter
[2011/05/09 17:26:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jesse\Start Menu\Programs\BrowserPlus
[2011/05/09 17:26:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jesse\Local Settings\Application Data\Yahoo!
[2011/05/07 10:25:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/07 10:24:18 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/05/07 10:24:04 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011/05/07 10:18:16 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2008/07/27 20:21:51 | 000,726,008 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\DIANE BLUMENFIELD\gotomypc_437.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 18:43:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/30 18:43:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/05/30 18:42:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job
[2011/05/30 18:29:06 | 3479,326,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/30 18:01:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/29 16:22:57 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 23:23:34 | 000,002,418 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk
[2011/05/27 20:52:47 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/27 20:52:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 20:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/27 05:27:12 | 000,009,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\7582
[2011/05/26 21:03:51 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/26 21:03:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/26 20:37:47 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jvvkws.sys
[2011/05/26 18:28:32 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.com
[2011/05/26 09:12:20 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/05/26 06:30:31 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\aaain.sys
[2011/05/25 18:55:32 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\qiofkd.sys
[2011/05/25 18:40:38 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.scr
[2011/05/25 08:25:16 | 000,000,400 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/05/25 08:17:49 | 000,000,819 | -H-- | M] () -- C:\Documents and Settings\PAUL NEWMAN\Desktop\Windows XP Recovery.lnk
[2011/05/25 06:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZyXEL PLA-4xx Series Configuration
[2011/05/25 06:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 12
[2011/05/25 06:57:01 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TabIt
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic
[2011/05/25 06:57:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2011/05/25 06:57:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickVerse 2006
[2011/05/25 06:56:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/05/25 06:56:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2011/05/25 06:56:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Palm Desktop
[2011/05/25 06:56:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Palm
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem On Hold
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem Helper
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Memorex exPressit Label Design Studio
[2011/05/25 06:56:56 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel Network Adapters
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Finale NotePad 2007
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\e-Sword
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Encountering The New Testament 2
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyWorship
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Games
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA iP3000 Manual
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bible Explorer 4
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Software Suite
[2011/05/25 06:56:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/25 06:56:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/05/25 06:56:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaImpression for Kodak
[2011/05/25 06:56:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2011/05/24 20:22:10 | 005,139,129 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\paul medical records as of may 23 2011.pdf
[2011/05/24 00:01:43 | 000,995,548 | -H-- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/05/24 00:01:43 | 000,907,041 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2011/05/24 00:01:43 | 000,021,123 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2011/05/24 00:01:43 | 000,000,533 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2011/05/21 09:17:02 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/18 16:00:45 | 000,000,243 | -H-- | M] () -- C:\Documents and Settings\PAUL NEWMAN\Desktop\PowerSchool Parent Logon.url
[2011/05/18 06:47:24 | 000,029,696 | -H-- | M] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 07:55:16 | 000,610,827 | -H-- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\canon pixma ip3000 service manual.pdf
[2011/05/16 07:12:33 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Streets & Trips.lnk
[2011/05/15 07:02:12 | 000,000,860 | -H-- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/15 07:01:53 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\MP3 Rocket 6.0.6.lnk
[2011/05/07 10:40:40 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\22.est
[2011/05/07 10:14:39 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/06 23:57:26 | 000,018,944 | -H-- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\30 Wilson Ave E, Riverdale, NJ 07457 to 8 E Randolph Ave, Dover, NJ 07801.est
[2011/05/06 06:44:30 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/30 10:57:54 | 3479,326,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/27 23:14:24 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/05/27 20:52:47 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/27 18:45:22 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk
[2011/05/27 05:27:12 | 000,009,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\7582
[2011/05/26 21:03:51 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/26 21:03:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 20:37:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jvvkws.sys
[2011/05/26 18:28:32 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.com
[2011/05/26 06:30:30 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\aaain.sys
[2011/05/25 18:56:51 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.scr
[2011/05/25 18:55:32 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qiofkd.sys
[2011/05/25 08:17:49 | 000,000,819 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Desktop\Windows XP Recovery.lnk
[2011/05/25 08:17:43 | 000,000,400 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/05/24 20:22:10 | 005,139,129 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\paul medical records as of may 23 2011.pdf
[2011/05/16 07:55:16 | 000,610,827 | -H-- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\canon pixma ip3000 service manual.pdf
[2011/05/15 07:01:53 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\MP3 Rocket 6.0.6.lnk
[2011/05/11 22:43:06 | 000,000,243 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Desktop\PowerSchool Parent Logon.url
[2011/05/06 23:59:46 | 000,017,408 | -H-- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\22.est
[2011/05/06 23:57:26 | 000,018,944 | -H-- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\30 Wilson Ave E, Riverdale, NJ 07457 to 8 E Randolph Ave, Dover, NJ 07801.est
[2011/01/30 12:52:49 | 000,300,848 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/21 06:36:09 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A5W.INI
[2011/01/21 06:35:10 | 000,000,183 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/12/13 05:14:20 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Jesse\Application Data\mfwxgh.dat
[2010/10/23 17:05:43 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\completescan
[2010/10/23 17:04:49 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\start
[2010/10/23 16:43:11 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\install
[2010/10/23 16:32:38 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\15825.bat
[2010/09/03 15:51:48 | 000,074,703 | -H-- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/07/31 12:47:03 | 000,005,636 | -H-- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2010/07/25 21:41:46 | 000,000,007 | -H-- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/07/25 21:40:49 | 001,054,032 | -H-- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/06/05 07:19:48 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/01/09 12:10:10 | 000,115,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/08 21:39:13 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2009/07/08 19:57:22 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Launch Internet Explorer Browser.lnk
[2009/07/08 19:44:19 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/08 19:44:19 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/08 19:43:23 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/08 19:43:23 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/08 19:43:22 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/19 20:31:59 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2009/05/19 20:31:20 | 000,000,255 | -H-- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2008/11/13 23:06:43 | 000,108,712 | -H-- | C] () -- C:\WINDOWS\TrueInstall.exe
[2008/11/12 19:59:17 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/12 20:29:27 | 000,091,648 | -H-- | C] () -- C:\WINDOWS\gzip.exe
[2008/04/06 19:09:11 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/06 19:36:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/25 23:25:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2007/12/25 23:15:52 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007/11/25 21:02:49 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/06 20:57:57 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/06 20:57:03 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2007/10/29 15:25:47 | 000,001,214 | -H-- | C] () -- C:\WINDOWS\checkip.dat
[2007/10/21 01:21:07 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.PAUL NEWMAN.ini
[2007/09/23 17:37:57 | 000,000,299 | -H-- | C] () -- C:\WINDOWS\EReg184.dat
[2007/02/04 22:34:15 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/01 17:52:34 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 16:04:00 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 23:03:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\REWCACHE.DAT
[2006/10/07 07:57:55 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/28 23:42:17 | 000,001,759 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/23 17:24:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JPR.{PB
[2006/04/23 17:24:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JCM.{PB
[2006/03/25 14:38:41 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/03/25 14:18:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 22:26:38 | 000,000,014 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/09 17:07:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/28 23:58:11 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\066CD7E7C2.sys
[2005/11/28 23:58:10 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/19 09:17:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JPR.{PB
[2005/11/19 09:17:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JCM.{PB
[2005/11/09 23:25:38 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JPR.{PB
[2005/11/09 23:25:38 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JCM.{PB
[2005/11/06 14:39:06 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/05 17:06:06 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\fusioncache.dat
[2005/11/05 16:50:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\fusioncache.dat
[2005/10/31 22:13:04 | 000,000,134 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\fusioncache.dat
[2005/10/29 16:32:57 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/10/29 16:15:27 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/10/29 15:14:48 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/10/29 14:50:42 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/29 14:47:13 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\fusioncache.dat
[2005/10/23 10:48:13 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/23 10:45:41 | 000,149,504 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/23 10:39:58 | 000,000,860 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/23 10:37:38 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/23 10:12:14 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/23 10:11:52 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 18:04:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 17:20:39 | 000,000,908 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:16:24 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 17:01:43 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 16:57:50 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,490,680 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:58 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/19 16:49:51 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 16:49:47 | 000,491,160 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 16:49:47 | 000,088,640 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:47 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 16:49:47 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 16:49:44 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 16:49:43 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 16:49:38 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 16:49:38 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 16:49:30 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 16:49:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/05/31 20:43:38 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\TrueProcess.exe
[1999/01/22 14:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/03/17 22:44:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2005/12/01 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Aim
[2010/11/01 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CallingID
[2010/10/30 11:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CBS Interactive
[2011/05/15 07:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\dtband
[2010/11/03 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Free Upload Manager
[2010/06/05 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\GARMIN
[2007/12/20 07:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\HotSync
[2011/01/24 07:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo
[2005/11/27 19:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Leadertech
[2011/05/15 08:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\MP3Rocket
[2010/10/30 11:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\OpenCandy
[2008/12/20 17:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Softouch
[2011/05/15 07:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\somototoolbar
[2010/10/30 14:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Spyware Terminator
[2007/02/15 09:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Viewpoint
[2007/07/15 21:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\WildTangent
[2008/05/12 22:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Yapta
[2010/10/27 18:27:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\CallingID
[2011/05/19 18:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\dtband
[2010/06/30 13:36:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\FCTB000062125
[2009/03/07 08:44:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\GOODSEARCH
[2007/12/25 16:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\HotSync
[2010/09/13 07:02:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\iolo
[2008/01/25 08:24:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Leadertech
[2011/05/19 18:13:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\somototoolbar
[2010/12/27 21:00:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Sony
[2008/05/22 06:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Yapta
[2010/09/03 15:53:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/07/07 22:37:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2005/11/05 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Aim
[2006/10/29 17:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Cakewalk
[2010/10/30 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\CallingID
[2011/05/21 08:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\dtband
[2010/06/28 12:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\FCTB000062125
[2008/12/31 19:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\GOODSEARCH
[2007/12/21 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\HotSync
[2010/12/13 08:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\iolo
[2011/05/21 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\somototoolbar
[2010/10/30 16:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Spyware Terminator
[2007/02/02 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Viewpoint
[2008/05/13 15:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Yapta
[2005/11/19 16:20:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Aim
[2006/10/24 16:54:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Cakewalk
[2010/11/01 14:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\CallingID
[2011/05/16 19:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\dtband
[2010/06/25 18:44:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\FCTB000062125
[2009/03/23 22:41:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GARMIN
[2010/09/11 21:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GOODSEARCH
[2007/12/20 23:45:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\HotSync
[2010/11/25 07:51:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\iolo
[2007/12/25 23:08:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Leadertech
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Ludia
[2009/07/08 20:51:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\MSNInstaller
[2010/12/10 14:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\QuickVerse10
[2011/02/25 09:47:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Raintree
[2011/05/16 19:36:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\somototoolbar
[2010/12/27 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Sony
[2007/01/17 00:12:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Viewpoint
[2006/06/20 23:47:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\WildTangent
[2009/03/06 10:33:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Yapta
[2010/11/01 18:07:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/07/25 19:36:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/05/27 23:18:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/23 23:06:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/12/13 05:14:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\hOdMj05700
[2007/12/20 07:33:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/05/26 22:31:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2005/10/29 16:33:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MCA219.tmp
[2010/02/27 00:53:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/05/27 23:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/01 15:13:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/13 22:03:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/12/20 17:54:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Softouch
[2008/02/03 02:42:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/13 22:04:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2007/04/14 14:13:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/20 23:47:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/02/29 00:36:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2007/06/16 19:08:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2009/03/14 09:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/06/16 19:08:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{10659AF2-4F35-499C-A058-D29D27AEE138}
[2010/04/08 18:07:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/06 22:08:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/16 17:36:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/14 22:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/30 18:01:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/05/30 18:43:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/05/30 18:42:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\Book_Worm-Setup.exe:SummaryInformation
< End of report >

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

bump, please

Post by dmn3331 on Fri 03 Jun 2011, 11:49 am

bump?

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Belahzur on Mon 06 Jun 2011, 1:02 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2011/05/27 05:27:12 | 000,009,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\7582
    [2011/05/26 20:37:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jvvkws.sys
    [2011/05/26 06:30:30 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\aaain.sys
    [2011/05/25 18:55:32 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qiofkd.sys
    [2010/12/13 05:14:20 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Jesse\Application Data\mfwxgh.dat
    [2010/10/23 17:05:43 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\completescan
    [2010/10/23 17:04:49 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\start
    [2010/10/23 16:43:11 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\install
    [2010/10/23 16:32:38 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\15825.bat


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Mon 06 Jun 2011, 2:16 am

Hi again,
On the pc, I only have the otlpe program, so i ran that (was that correct?) thanks
Here is the log:
========== OTL ==========
C:\WINDOWS\system32\drivers\7582 moved successfully.
C:\WINDOWS\system32\drivers\jvvkws.sys moved successfully.
C:\WINDOWS\system32\drivers\aaain.sys moved successfully.
C:\WINDOWS\system32\drivers\qiofkd.sys moved successfully.
C:\Documents and Settings\Jesse\Application Data\mfwxgh.dat moved successfully.
C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\completescan moved successfully.
C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\start moved successfully.
C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\install moved successfully.
C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\15825.bat moved successfully.

OTLPE by OldTimer - Version 3.1.46.0 log created on 06052011_151417

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Belahzur on Tue 07 Jun 2011, 7:32 am

Does the mouse work when you boot normally now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Wed 08 Jun 2011, 2:12 pm

no, i was still booting up with the disc containing the otlpe....i just took out the disc, and the screen said the disc was missing, so i hit the setup key, and then exited setup....it started to boot up (normally?) but the mouse still isn't functional. i didn't think we fixed anything yet...i thought the logs i was sending you were just to give you info on what was wrong. sorry, i'm totally clueless...just an fyi though...the other post i have with you (the explorer.exe error) is on my laptop...this booting/mouse/keyboard problem is on my desktop (which i haven't been using since the problem began)
thanks

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

bump please

Post by dmn3331 on Sun 12 Jun 2011, 9:45 am

hi, i'm not sure how to boot "normally" now...it says that it can't find drive 1, so to enter setup, i go in there, and can't figure out what to do...i exit setup, the logon screen comes back on, but i still can't use the mouse

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

bump

Post by dmn3331 on Sun 19 Jun 2011, 7:29 am

Hi, it's even worse now...I tried to run the otlpe from the disc and now it says "missing operating system" and just sits there

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Tue 21 Jun 2011, 2:41 pm

Hi,

So you can't boot with OTLPE anymore? Try re-downloading it.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Wed 22 Jun 2011, 1:49 pm

Ok, I was able to load and run the otl again. The first time I ran it, I was instructed to change drivers to "non-microsoft", but the only options were "none", "all", "use safelist". That time I chose "none" and posted that log. This time I ran it choosing "safelist". Here is the log:
OTL logfile created on: 6/21/2011 11:43:24 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 101.73 Gb Free Space | 70.49% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1742.42 Gb Free Space | 93.53% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2011/05/14 02:57:53 | 000,251,216 | -H-- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/05/14 02:57:53 | 000,206,160 | -H-- | M] (Computer Associates International, Inc.) [Auto] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/08/23 21:21:40 | 000,013,672 | -H-- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Disabled] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Disabled] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 000,076,848 | -H-- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PLCMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - [2011/01/25 03:57:04 | 000,009,072 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\24185 -- (24185)
DRV - [2010/11/22 12:03:58 | 000,009,072 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\19757 -- (19757)
DRV - [2010/09/24 11:16:18 | 000,146,000 | -H-- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2010/09/24 11:16:18 | 000,115,792 | -H-- | M] (CA) [Kernel | System] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2010/09/24 11:16:18 | 000,061,008 | -H-- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2010/09/24 11:16:18 | 000,061,008 | -H-- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2010/09/17 12:21:00 | 000,135,248 | -H-- | M] (CA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/06/09 06:54:38 | 000,244,304 | -H-- | M] (CA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/05/03 02:12:02 | 000,108,112 | -H-- | M] (CA) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart)
DRV - [2010/03/22 13:58:42 | 000,079,864 | -H-- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/11/19 15:33:20 | 000,051,200 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/10/14 10:59:38 | 000,022,696 | -H-- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/03/27 15:27:04 | 000,598,656 | -H-- | M] (Computer Associates International, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/12/20 07:32:10 | 000,016,694 | -H-- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/06 14:22:00 | 000,036,224 | -H-- | M] (ArcSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/07/30 21:59:14 | 000,017,280 | -H-- | M] (Intellon, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2007/04/25 09:55:02 | 000,134,912 | -H-- | M] (ArcSoft Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | -H-- | M] (ArcSoft Inc.) [Recognizer | System] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/10 16:05:00 | 000,018,688 | -H-- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/05 16:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/14 23:40:08 | 000,180,864 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/08 12:55:50 | 000,013,567 | -H-- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/06 05:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/17 15:30:46 | 000,017,005 | -H-- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/09/19 16:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/27 16:12:36 | 000,015,360 | RH-- | M] (CEntrance, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD)
DRV - [2002/06/24 10:00:00 | 000,053,412 | -H-- | M] (GEAR Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GEARASPISYS.SYS -- (GearAspiSys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\Nikko_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [2011/05/16 05:30:57 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [swg] File not found
O4 - HKU\Nikko_ON_C..\Run: [AIM] File not found
O4 - HKU\Nikko_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Nikko_ON_C..\Run: [swg] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [bdWruSduNKKJP] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1\kasperskysetup_9.0.0.722_27.05.2011_16-20\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DIANE_BLUMENFIELD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jesse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nikko_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 19:12:07 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 15:14:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/27 23:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2011/05/27 23:21:29 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\2366736.sys
[2011/05/27 23:21:29 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\23667361.sys
[2011/05/27 23:21:29 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\23667362.sys
[2011/05/27 23:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1
[2011/05/27 23:18:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/27 23:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/27 18:42:58 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6435323.sys
[2011/05/27 18:42:58 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\64353231.sys
[2011/05/27 18:42:58 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\64353232.sys
[2011/05/27 18:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/05/26 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Malwarebytes
[2011/05/26 21:03:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/26 21:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/26 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/26 21:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/26 21:03:05 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/25 09:49:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Recent
[2011/05/25 08:17:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Start Menu\Programs\Windows XP Recovery
[2011/05/24 20:55:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\_paul cat scans april 2011
[2011/05/24 20:53:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\My Documents\paul 2011 ct scans
[2008/07/27 20:21:51 | 000,726,008 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\DIANE BLUMENFIELD\gotomypc_437.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 14:31:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/18 12:58:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/06/18 12:57:10 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 18:42:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job
[2011/05/30 18:01:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/27 23:23:34 | 000,002,418 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk
[2011/05/27 20:52:47 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/27 20:52:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 20:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/26 21:03:51 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/26 21:03:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/26 18:28:32 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.com
[2011/05/26 09:12:20 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/05/25 18:40:38 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.scr
[2011/05/25 08:25:16 | 000,000,400 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/05/25 08:17:49 | 000,000,819 | -H-- | M] () -- C:\Documents and Settings\PAUL NEWMAN\Desktop\Windows XP Recovery.lnk
[2011/05/25 06:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZyXEL PLA-4xx Series Configuration
[2011/05/25 06:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 12
[2011/05/25 06:57:01 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TabIt
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic
[2011/05/25 06:57:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2011/05/25 06:57:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickVerse 2006
[2011/05/25 06:56:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/05/25 06:56:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2011/05/25 06:56:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Palm Desktop
[2011/05/25 06:56:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Palm
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem On Hold
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem Helper
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Memorex exPressit Label Design Studio
[2011/05/25 06:56:56 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel Network Adapters
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Finale NotePad 2007
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\e-Sword
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Encountering The New Testament 2
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyWorship
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Games
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA iP3000 Manual
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bible Explorer 4
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Software Suite
[2011/05/25 06:56:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/25 06:56:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/05/25 06:56:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaImpression for Kodak
[2011/05/25 06:56:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2011/05/24 20:22:10 | 005,139,129 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\paul medical records as of may 23 2011.pdf
[2011/05/24 00:01:43 | 000,995,548 | -H-- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/05/24 00:01:43 | 000,907,041 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2011/05/24 00:01:43 | 000,021,123 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2011/05/24 00:01:43 | 000,000,533 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/27 23:14:24 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/05/27 20:52:47 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/27 18:45:22 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk
[2011/05/26 21:03:51 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/26 21:03:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 18:28:32 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.com
[2011/05/25 18:56:51 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.scr
[2011/05/25 08:17:49 | 000,000,819 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Desktop\Windows XP Recovery.lnk
[2011/05/25 08:17:43 | 000,000,400 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/05/24 20:22:10 | 005,139,129 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\paul medical records as of may 23 2011.pdf
[2011/01/30 12:52:49 | 000,300,848 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/21 06:36:09 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A5W.INI
[2011/01/21 06:35:10 | 000,000,183 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/09/03 15:51:48 | 000,074,703 | -H-- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/07/31 12:47:03 | 000,005,636 | -H-- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2010/07/25 21:41:46 | 000,000,007 | -H-- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/07/25 21:40:49 | 001,054,032 | -H-- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/06/05 07:19:48 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/01/09 12:10:10 | 000,115,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/08 21:39:13 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2009/07/08 19:57:22 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Launch Internet Explorer Browser.lnk
[2009/07/08 19:44:19 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/08 19:44:19 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/08 19:43:23 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/08 19:43:23 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/08 19:43:22 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/19 20:31:59 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2009/05/19 20:31:20 | 000,000,255 | -H-- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2008/11/13 23:06:43 | 000,108,712 | -H-- | C] () -- C:\WINDOWS\TrueInstall.exe
[2008/11/12 19:59:17 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/12 20:29:27 | 000,091,648 | -H-- | C] () -- C:\WINDOWS\gzip.exe
[2008/04/06 19:09:11 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/06 19:36:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/25 23:25:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2007/12/25 23:15:52 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007/11/25 21:02:49 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/06 20:57:57 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/06 20:57:03 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2007/10/29 15:25:47 | 000,001,214 | -H-- | C] () -- C:\WINDOWS\checkip.dat
[2007/10/21 01:21:07 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.PAUL NEWMAN.ini
[2007/09/23 17:37:57 | 000,000,299 | -H-- | C] () -- C:\WINDOWS\EReg184.dat
[2007/02/04 22:34:15 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/01 17:52:34 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 16:04:00 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 23:03:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\REWCACHE.DAT
[2006/10/07 07:57:55 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/28 23:42:17 | 000,001,759 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/23 17:24:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JPR.{PB
[2006/04/23 17:24:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JCM.{PB
[2006/03/25 14:38:41 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/03/25 14:18:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 22:26:38 | 000,000,014 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/09 17:07:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/28 23:58:11 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\066CD7E7C2.sys
[2005/11/28 23:58:10 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/19 09:17:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JPR.{PB
[2005/11/19 09:17:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JCM.{PB
[2005/11/09 23:25:38 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JPR.{PB
[2005/11/09 23:25:38 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JCM.{PB
[2005/11/06 14:39:06 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/05 17:06:06 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\fusioncache.dat
[2005/11/05 16:50:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\fusioncache.dat
[2005/10/31 22:13:04 | 000,000,134 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\fusioncache.dat
[2005/10/29 16:32:57 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/10/29 16:15:27 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/10/29 15:14:48 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/10/29 14:50:42 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/29 14:47:13 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\fusioncache.dat
[2005/10/23 10:48:13 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/23 10:45:41 | 000,149,504 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/23 10:39:58 | 000,000,860 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/23 10:37:38 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/23 10:12:14 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/23 10:11:52 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 18:04:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 17:20:39 | 000,000,908 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:16:24 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 17:01:43 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 16:57:50 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,490,680 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:58 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/19 16:49:51 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 16:49:47 | 000,491,160 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 16:49:47 | 000,088,640 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:47 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 16:49:47 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 16:49:44 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 16:49:43 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 16:49:38 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 16:49:38 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 16:49:30 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 16:49:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/05/31 20:43:38 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\TrueProcess.exe
[1999/01/22 14:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/09/03 15:53:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/07/07 22:37:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2005/12/01 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Aim
[2010/11/01 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CallingID
[2010/10/30 11:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CBS Interactive
[2011/05/15 07:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\dtband
[2010/11/03 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Free Upload Manager
[2010/06/05 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\GARMIN
[2007/12/20 07:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\HotSync
[2011/01/24 07:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo
[2005/11/27 19:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Leadertech
[2011/05/15 08:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\MP3Rocket
[2010/10/30 11:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\OpenCandy
[2008/12/20 17:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Softouch
[2011/05/15 07:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\somototoolbar
[2010/10/30 14:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Spyware Terminator
[2007/02/15 09:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Viewpoint
[2007/07/15 21:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\WildTangent
[2008/05/12 22:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Yapta
[2010/10/27 18:27:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\CallingID
[2011/05/19 18:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\dtband
[2010/06/30 13:36:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\FCTB000062125
[2009/03/07 08:44:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\GOODSEARCH
[2007/12/25 16:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\HotSync
[2010/09/13 07:02:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\iolo
[2008/01/25 08:24:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Leadertech
[2011/05/19 18:13:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\somototoolbar
[2010/12/27 21:00:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Sony
[2008/05/22 06:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Yapta
[2005/11/05 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Aim
[2006/10/29 17:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Cakewalk
[2010/10/30 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\CallingID
[2011/05/21 08:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\dtband
[2010/06/28 12:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\FCTB000062125
[2008/12/31 19:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\GOODSEARCH
[2007/12/21 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\HotSync
[2010/12/13 08:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\iolo
[2011/05/21 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\somototoolbar
[2010/10/30 16:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Spyware Terminator
[2007/02/02 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Viewpoint
[2008/05/13 15:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Yapta
[2005/11/19 16:20:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Aim
[2006/10/24 16:54:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Cakewalk
[2010/11/01 14:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\CallingID
[2011/05/16 19:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\dtband
[2010/06/25 18:44:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\FCTB000062125
[2009/03/23 22:41:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GARMIN
[2010/09/11 21:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GOODSEARCH
[2007/12/20 23:45:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\HotSync
[2010/11/25 07:51:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\iolo
[2007/12/25 23:08:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Leadertech
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Ludia
[2009/07/08 20:51:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\MSNInstaller
[2010/12/10 14:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\QuickVerse10
[2011/02/25 09:47:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Raintree
[2011/05/16 19:36:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\somototoolbar
[2010/12/27 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Sony
[2007/01/17 00:12:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Viewpoint
[2006/06/20 23:47:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\WildTangent
[2009/03/06 10:33:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Yapta
[2010/11/01 18:07:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/07/25 19:36:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/05/27 23:18:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/23 23:06:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/12/13 05:14:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\hOdMj05700
[2007/12/20 07:33:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/05/26 22:31:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2005/10/29 16:33:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MCA219.tmp
[2010/02/27 00:53:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/05/27 23:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/01 15:13:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/13 22:03:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/12/20 17:54:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Softouch
[2008/02/03 02:42:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/13 22:04:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2007/04/14 14:13:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/20 23:47:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/02/29 00:36:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2007/06/16 19:08:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2009/03/14 09:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/06/16 19:08:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{10659AF2-4F35-499C-A058-D29D27AEE138}
[2010/04/08 18:07:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/06 22:08:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/16 17:36:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/14 22:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/30 18:01:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/18 12:58:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/05/30 18:42:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\Book_Worm-Setup.exe:SummaryInformation
< End of report >

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

ok, i followed the instructions on the "read this before posting" page

Post by dmn3331 on Thu 23 Jun 2011, 12:03 pm

included below are the otl log, otl text, aswmbr txt log, and checkup.txt

otl log:
========== OTL ==========
File C:\WINDOWS\System32\drivers\7582 not found.
File C:\WINDOWS\System32\drivers\jvvkws.sys not found.
File C:\WINDOWS\System32\drivers\aaain.sys not found.
File C:\WINDOWS\System32\drivers\qiofkd.sys not found.
File C:\Documents and Settings\Jesse\Application Data\mfwxgh.dat not found.
File C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\completescan not found.
File C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\start not found.
File C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\install not found.
File C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\15825.bat not found.

OTLPE by OldTimer - Version 3.1.46.0 log created on 06222011_204148





otl txt: (attached file)


aswmbr txt log:
aswMBR version 0.9.5.317 Copyright(c) 2011 AVAST Software
Run date: 2011-06-22 21:43:00
-----------------------------
21:43:00.828 OS Version: Windows 5.1.2600
21:43:00.828 Number of processors: 1 586 0x403
21:43:00.828 ComputerName: REATOGO UserName: SYSTEM
21:43:01.109 Initialze error 0
21:44:38.906 The log file has been saved successfully to "K:\aswMBR.txt"




checkup.txt:
Results of screen317's Security Check version 0.99.15
Windows XP
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
```````````````````````````````
Anti-malware/Other Utilities Check:

````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

otl.txt and comment on security check

Post by dmn3331 on Thu 23 Jun 2011, 12:09 pm

Ps - when I ran the security check, i got a pop up box that said "Auto It Error...Line -1:
Error: variable must be of type "object"....i clicked ok, and then got the checkup.txt output (included in my previous post)

I was not able to put the entire otl.txt here, and it would not let me attach the file, so here is the first part of the otl.txt...the second part will be in the next post

otl.txt
OTL logfile created on: 6/22/2011 9:17:23 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 98.49 Gb Free Space | 68.24% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1742.42 Gb Free Space | 93.53% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 6.51 Gb Free Space | 87.33% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2011/05/14 02:57:53 | 000,251,216 | -H-- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/05/14 02:57:53 | 000,206,160 | -H-- | M] (Computer Associates International, Inc.) [Auto] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/08/23 21:21:40 | 000,013,672 | -H-- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Disabled] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Disabled] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 000,076,848 | -H-- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PLCMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - [2011/01/25 03:57:04 | 000,009,072 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\24185 -- (24185)
DRV - [2010/11/22 12:03:58 | 000,009,072 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\19757 -- (19757)
DRV - [2010/09/24 11:16:18 | 000,146,000 | -H-- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2010/09/24 11:16:18 | 000,115,792 | -H-- | M] (CA) [Kernel | System] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2010/09/24 11:16:18 | 000,061,008 | -H-- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2010/09/24 11:16:18 | 000,061,008 | -H-- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2010/09/17 12:21:00 | 000,135,248 | -H-- | M] (CA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/06/09 06:54:38 | 000,244,304 | -H-- | M] (CA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/05/03 02:12:02 | 000,108,112 | -H-- | M] (CA) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart)
DRV - [2010/03/22 13:58:42 | 000,079,864 | -H-- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/11/19 15:33:20 | 000,051,200 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/10/14 10:59:38 | 000,022,696 | -H-- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/03/27 15:27:04 | 000,598,656 | -H-- | M] (Computer Associates International, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/12/20 07:32:10 | 000,016,694 | -H-- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/06 14:22:00 | 000,036,224 | -H-- | M] (ArcSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/07/30 21:59:14 | 000,017,280 | -H-- | M] (Intellon, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2007/04/25 09:55:02 | 000,134,912 | -H-- | M] (ArcSoft Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | -H-- | M] (ArcSoft Inc.) [Recognizer | System] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/10 16:05:00 | 000,018,688 | -H-- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/05 16:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/14 23:40:08 | 000,180,864 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/08 12:55:50 | 000,013,567 | -H-- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/06 05:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/17 15:30:46 | 000,017,005 | -H-- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/09/19 16:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/27 16:12:36 | 000,015,360 | RH-- | M] (CEntrance, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD)
DRV - [2002/06/24 10:00:00 | 000,053,412 | -H-- | M] (GEAR Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GEARASPISYS.SYS -- (GearAspiSys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\Nikko_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [2011/05/16 05:30:57 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [swg] File not found
O4 - HKU\Nikko_ON_C..\Run: [AIM] File not found
O4 - HKU\Nikko_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Nikko_ON_C..\Run: [swg] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [bdWruSduNKKJP] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1\kasperskysetup_9.0.0.722_27.05.2011_16-20\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DIANE_BLUMENFIELD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jesse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nikko_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 19:12:07 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Yahoo! Import WAB
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - WXcom Class
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - YbUploadFavsCtl Class
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 15:14:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/27 23:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2011/05/27 23:21:29 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\2366736.sys
[2011/05/27 23:21:29 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\23667361.sys
[2011/05/27 23:21:29 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\23667362.sys
[2011/05/27 23:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1
[2011/05/27 23:18:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/27 23:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/27 18:42:58 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6435323.sys
[2011/05/27 18:42:58 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\64353231.sys
[2011/05/27 18:42:58 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\64353232.sys
[2011/05/27 18:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/05/26 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Malwarebytes
[2011/05/26 21:03:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/26 21:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/26 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/26 21:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/26 21:03:05 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/25 09:49:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Recent
[2011/05/25 08:17:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\Start Menu\Programs\Windows XP Recovery
[2011/05/24 20:55:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\_paul cat scans april 2011
[2011/05/24 20:53:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\PAUL NEWMAN\My Documents\paul 2011 ct scans
[2008/07/27 20:21:51 | 000,726,008 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\DIANE BLUMENFIELD\gotomypc_437.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Thu 23 Jun 2011, 12:10 pm


========== Files - Modified Within 30 Days ==========

[2011/06/22 20:05:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 20:04:22 | 3479,326,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 20:02:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job
[2011/06/22 20:01:23 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/18 12:58:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/05/30 18:01:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/27 23:23:34 | 000,002,418 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk
[2011/05/27 20:52:47 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/27 20:52:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 20:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/26 21:03:51 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/26 21:03:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/26 18:28:32 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.com
[2011/05/26 09:12:20 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/05/25 18:40:38 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.scr
[2011/05/25 08:25:16 | 000,000,400 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/05/25 08:17:49 | 000,000,819 | -H-- | M] () -- C:\Documents and Settings\PAUL NEWMAN\Desktop\Windows XP Recovery.lnk
[2011/05/25 06:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZyXEL PLA-4xx Series Configuration
[2011/05/25 06:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 12
[2011/05/25 06:57:01 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TabIt
[2011/05/25 06:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic
[2011/05/25 06:57:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2011/05/25 06:57:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickVerse 2006
[2011/05/25 06:56:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/05/25 06:56:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2011/05/25 06:56:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Palm Desktop
[2011/05/25 06:56:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Palm
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem On Hold
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem Helper
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/05/25 06:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Memorex exPressit Label Design Studio
[2011/05/25 06:56:56 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel Network Adapters
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/05/25 06:56:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Finale NotePad 2007
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\e-Sword
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Encountering The New Testament 2
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyWorship
[2011/05/25 06:56:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support
[2011/05/25 06:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Games
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA iP3000 Manual
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bible Explorer 4
[2011/05/25 06:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Software Suite
[2011/05/25 06:56:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/25 06:56:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/05/25 06:56:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaImpression for Kodak
[2011/05/25 06:56:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2011/05/24 20:22:10 | 005,139,129 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\paul medical records as of may 23 2011.pdf
[2011/05/24 00:01:43 | 000,995,548 | -H-- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/05/24 00:01:43 | 000,907,041 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2011/05/24 00:01:43 | 000,021,123 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2011/05/24 00:01:43 | 000,000,533 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2011/05/24 00:01:43 | 000,000,285 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2011/05/24 00:01:43 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2011/05/24 00:01:43 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 20:49:35 | 3479,326,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/27 23:14:24 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/05/27 20:52:47 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/27 18:45:22 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk
[2011/05/26 21:03:51 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/26 21:03:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 18:28:32 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.com
[2011/05/25 18:56:51 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\rkill.scr
[2011/05/25 08:17:49 | 000,000,819 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Desktop\Windows XP Recovery.lnk
[2011/05/25 08:17:43 | 000,000,400 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/05/24 20:22:10 | 005,139,129 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\paul medical records as of may 23 2011.pdf
[2011/01/30 12:52:49 | 000,300,848 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/21 06:36:09 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A5W.INI
[2011/01/21 06:35:10 | 000,000,183 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/09/03 15:51:48 | 000,074,703 | -H-- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/07/31 12:47:03 | 000,005,636 | -H-- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2010/07/25 21:41:46 | 000,000,007 | -H-- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/07/25 21:40:49 | 001,054,032 | -H-- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/06/05 07:19:48 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/01/09 12:10:10 | 000,115,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/08 21:39:13 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2009/07/08 19:57:22 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Launch Internet Explorer Browser.lnk
[2009/07/08 19:44:19 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/08 19:44:19 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/08 19:43:23 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/08 19:43:23 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/08 19:43:22 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/19 20:31:59 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2009/05/19 20:31:20 | 000,000,255 | -H-- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2008/11/13 23:06:43 | 000,108,712 | -H-- | C] () -- C:\WINDOWS\TrueInstall.exe
[2008/11/12 19:59:17 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/12 20:29:27 | 000,091,648 | -H-- | C] () -- C:\WINDOWS\gzip.exe
[2008/04/06 19:09:11 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/06 19:36:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/25 23:25:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2007/12/25 23:15:52 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007/11/25 21:02:49 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/06 20:57:57 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/06 20:57:03 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2007/10/29 15:25:47 | 000,001,214 | -H-- | C] () -- C:\WINDOWS\checkip.dat
[2007/10/21 01:21:07 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.PAUL NEWMAN.ini
[2007/09/23 17:37:57 | 000,000,299 | -H-- | C] () -- C:\WINDOWS\EReg184.dat
[2007/02/04 22:34:15 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/01 17:52:34 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 16:04:00 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 23:03:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\REWCACHE.DAT
[2006/10/07 07:57:55 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/28 23:42:17 | 000,001,759 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/23 17:24:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JPR.{PB
[2006/04/23 17:24:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JCM.{PB
[2006/03/25 14:38:41 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/03/25 14:18:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 22:26:38 | 000,000,014 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/09 17:07:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/28 23:58:11 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\066CD7E7C2.sys
[2005/11/28 23:58:10 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/19 09:17:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JPR.{PB
[2005/11/19 09:17:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JCM.{PB
[2005/11/09 23:25:38 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JPR.{PB
[2005/11/09 23:25:38 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JCM.{PB
[2005/11/06 14:39:06 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/05 17:06:06 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\fusioncache.dat
[2005/11/05 16:50:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\fusioncache.dat
[2005/10/31 22:13:04 | 000,000,134 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\fusioncache.dat
[2005/10/29 16:32:57 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/10/29 16:15:27 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/10/29 15:14:48 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/10/29 14:50:42 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/29 14:47:13 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\fusioncache.dat
[2005/10/23 10:48:13 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/23 10:45:41 | 000,149,504 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/23 10:39:58 | 000,000,860 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/23 10:37:38 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/23 10:12:14 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/23 10:11:52 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 18:04:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 17:20:39 | 000,000,908 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:16:24 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 17:01:43 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 16:57:50 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,490,680 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:58 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/19 16:49:51 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 16:49:47 | 000,491,160 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 16:49:47 | 000,088,640 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:47 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 16:49:47 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 16:49:44 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 16:49:43 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 16:49:38 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 16:49:38 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 16:49:30 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 16:49:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/05/31 20:43:38 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\TrueProcess.exe
[1999/01/22 14:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/03/17 22:44:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2005/12/01 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Aim
[2010/11/01 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CallingID
[2010/10/30 11:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CBS Interactive
[2011/05/15 07:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\dtband
[2010/11/03 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Free Upload Manager
[2010/06/05 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\GARMIN
[2007/12/20 07:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\HotSync
[2011/01/24 07:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo
[2005/11/27 19:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Leadertech
[2011/05/15 08:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\MP3Rocket
[2010/10/30 11:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\OpenCandy
[2008/12/20 17:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Softouch
[2011/05/15 07:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\somototoolbar
[2010/10/30 14:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Spyware Terminator
[2007/02/15 09:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Viewpoint
[2007/07/15 21:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\WildTangent
[2008/05/12 22:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Yapta
[2010/10/27 18:27:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\CallingID
[2011/05/19 18:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\dtband
[2010/06/30 13:36:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\FCTB000062125
[2009/03/07 08:44:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\GOODSEARCH
[2007/12/25 16:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\HotSync
[2010/09/13 07:02:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\iolo
[2008/01/25 08:24:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Leadertech
[2011/05/19 18:13:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\somototoolbar
[2010/12/27 21:00:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Sony
[2008/05/22 06:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Yapta
[2010/09/03 15:53:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/07/07 22:37:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2005/11/05 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Aim
[2006/10/29 17:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Cakewalk
[2010/10/30 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\CallingID
[2011/05/21 08:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\dtband
[2010/06/28 12:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\FCTB000062125
[2008/12/31 19:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\GOODSEARCH
[2007/12/21 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\HotSync
[2010/12/13 08:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\iolo
[2011/05/21 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\somototoolbar
[2010/10/30 16:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Spyware Terminator
[2007/02/02 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Viewpoint
[2008/05/13 15:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Yapta
[2005/11/19 16:20:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Aim
[2006/10/24 16:54:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Cakewalk
[2010/11/01 14:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\CallingID
[2011/05/16 19:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\dtband
[2010/06/25 18:44:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\FCTB000062125
[2009/03/23 22:41:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GARMIN
[2010/09/11 21:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GOODSEARCH
[2007/12/20 23:45:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\HotSync
[2010/11/25 07:51:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\iolo
[2007/12/25 23:08:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Leadertech
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Ludia
[2009/07/08 20:51:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\MSNInstaller
[2010/12/10 14:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\QuickVerse10
[2011/02/25 09:47:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Raintree
[2011/05/16 19:36:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\somototoolbar
[2010/12/27 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Sony
[2007/01/17 00:12:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Viewpoint
[2006/06/20 23:47:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\WildTangent
[2009/03/06 10:33:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Yapta
[2010/11/01 18:07:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/07/25 19:36:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/05/27 23:18:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/23 23:06:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/12/13 05:14:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\hOdMj05700
[2007/12/20 07:33:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/05/26 22:31:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2005/10/29 16:33:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MCA219.tmp
[2010/02/27 00:53:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/05/27 23:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/01 15:13:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/13 22:03:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/12/20 17:54:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Softouch
[2008/02/03 02:42:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/13 22:04:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2007/04/14 14:13:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/20 23:47:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/02/29 00:36:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2007/06/16 19:08:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2009/03/14 09:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/06/16 19:08:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{10659AF2-4F35-499C-A058-D29D27AEE138}
[2010/04/08 18:07:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/06 22:08:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/16 17:36:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/14 22:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/30 18:01:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/18 12:58:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/06/22 20:02:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %systemroot%\system32\config\systemprofile\*.dat /x >

Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

Invalid Environment Variable: %USERPROFILE%\My Documents\*.exe

Invalid Environment Variable: %USERPROFILE%\*.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/03/03 02:55:19 | 000,149,504 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/02/22 19:06:28 | 011,080,704 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/02/22 19:06:28 | 001,991,680 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:37 | 008,462,336 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/08/06 09:03:55 | 000,000,000 | -H-D | M] -- C:\Program Files\AAdvantage eShoppingSM Toolbar
[2010/08/14 16:59:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2006/03/04 23:58:07 | 000,000,000 | -H-D | M] -- C:\Program Files\AIM
[2005/11/11 13:09:01 | 000,000,000 | -H-D | M] -- C:\Program Files\AOD
[2005/12/01 19:24:09 | 000,000,000 | -H-D | M] -- C:\Program Files\AOL
[2008/08/23 14:43:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2006/03/25 14:38:41 | 000,000,000 | -H-D | M] -- C:\Program Files\ArcSoft
[2011/03/08 07:53:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Ask.com
[2008/02/29 00:36:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Bible Explorer 4
[2011/05/27 20:23:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2010/07/25 21:42:34 | 000,000,000 | -H-D | M] -- C:\Program Files\CA
[2007/08/21 12:43:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Cakewalk
[2011/05/18 23:28:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Canon
[2007/10/20 12:33:16 | 000,000,000 | -H-D | M] -- C:\Program Files\CDKnet
[2010/12/27 21:46:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2004/08/19 17:02:56 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2011/05/15 08:46:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Conduit
[2011/05/15 08:46:04 | 000,000,000 | -H-D | M] -- C:\Program Files\ConduitEngine
[2010/08/07 10:29:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Coupons
[2005/10/23 10:34:49 | 000,000,000 | -H-D | M] -- C:\Program Files\CyberLink
[2005/10/23 10:46:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell
[2009/05/19 20:31:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell A920
[2009/08/21 12:00:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell AIO Printer A920
[2008/02/03 02:41:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell Support Center
[2007/04/11 20:50:15 | 000,000,000 | -H-D | M] -- C:\Program Files\DellSupport
[2010/09/12 13:22:52 | 000,000,000 | -H-D | M] -- C:\Program Files\DIFX
[2007/08/28 12:41:31 | 000,000,000 | -H-D | M] -- C:\Program Files\DigiTech
[2008/02/28 08:11:19 | 000,000,000 | -H-D | M] -- C:\Program Files\e-Sword
[2005/10/23 10:38:40 | 000,000,000 | -H-D | M] -- C:\Program Files\EarthLink Setup
[2010/11/02 21:43:32 | 000,000,000 | -H-D | M] -- C:\Program Files\EasyGPS
[2007/09/24 22:06:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Encountering the New Testament 2
[2004/08/19 17:16:18 | 000,000,000 | -H-D | M] -- C:\Program Files\EnglishOtto
[2011/01/10 21:04:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Finale NotePad 2007
[2010/09/12 13:22:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Garmin
[2004/08/19 17:16:22 | 000,000,000 | -H-D | M] -- C:\Program Files\GemMaster
[2009/03/15 07:34:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2010/06/19 15:21:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Hanes T-ShirtMaker Premier
[2008/05/12 20:29:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Homestead
[2005/10/29 15:16:26 | 000,000,000 | -H-D | M] -- C:\Program Files\illiminable
[2011/01/21 06:30:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/10/23 10:34:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel
[2011/04/15 03:12:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2005/10/23 10:39:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Intuit
[2010/09/03 15:52:54 | 000,000,000 | -H-D | M] -- C:\Program Files\iolo
[2011/05/07 10:24:18 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2010/11/01 18:02:43 | 000,000,000 | -H-D | M] -- C:\Program Files\ISSThirdParty
[2011/05/07 10:25:26 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2010/09/10 07:28:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2010/05/22 13:34:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2008/02/29 00:35:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Laridian
[2005/10/23 10:38:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Learn2.com
[2007/10/29 15:54:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Linksys
[2008/07/08 00:52:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Ludia
[2011/05/27 20:52:48 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/19 18:27:39 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee
[2009/08/19 18:27:37 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee.com
[2007/08/31 17:56:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Memorex exPressit Label Design Studio
[2008/08/13 18:18:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2008/11/06 13:14:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/02/22 18:39:55 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2007/08/15 00:30:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Games
[2009/09/01 20:28:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2005/10/23 10:36:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/10/23 10:36:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2011/04/22 15:30:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2008/11/05 00:06:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2005/12/01 22:05:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Streets and Trips
[2006/10/23 19:57:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2010/09/11 21:33:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Modem Helper
[2005/10/23 10:34:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Modem On Hold
[2010/08/11 17:36:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2007/02/27 23:36:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2011/05/15 08:43:26 | 000,000,000 | -H-D | M] -- C:\Program Files\MP3 Rocket
[2011/05/15 07:02:12 | 000,000,000 | -H-D | M] -- C:\Program Files\MP3 Rocket FileBulldog Toolbar
[2009/08/21 21:35:33 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2009/09/01 20:28:19 | 000,000,000 | -H-D | M] -- C:\Program Files\MSECache
[2009/01/06 19:43:37 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2004/08/19 17:01:48 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/26 20:53:36 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2008/11/13 22:39:48 | 000,000,000 | -H-D | M] -- C:\Program Files\MUSICMATCH
[2009/02/28 19:53:48 | 000,000,000 | -H-D | M] -- C:\Program Files\MySpace
[2008/07/24 20:15:49 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2008/07/25 08:20:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Oberon Media
[2006/10/23 20:26:26 | 000,000,000 | -H-D | M] -- C:\Program Files\OfficeUpdate11
[2004/08/19 17:02:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/16 04:01:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2011/01/27 08:06:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Palm
[2006/03/25 14:29:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Panasonic
[2007/09/21 18:18:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Parsons
[2011/05/13 22:03:03 | 000,000,000 | -H-D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2008/04/06 19:10:45 | 000,000,000 | -H-D | M] -- C:\Program Files\PIXELA
[2007/08/28 12:57:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Pro Tracks
[2010/12/18 10:21:05 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2010/12/10 14:28:48 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickVerse 2006
[2011/05/15 08:46:01 | 000,000,000 | -H-D | M] -- C:\Program Files\quixley_v2
[2005/10/23 10:38:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2009/08/21 21:35:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2004/08/19 17:20:24 | 000,000,000 | -H-D | M] -- C:\Program Files\RGB
[2008/11/01 08:41:09 | 000,000,000 | RH-D | M] -- C:\Program Files\rnamfler
[2011/05/07 10:14:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Safari
[2005/10/23 10:32:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Sigmatel
[2008/10/14 09:57:19 | 000,000,000 | -H-D | M] -- C:\Program Files\SiteAdvisor
[2008/12/20 17:54:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Softouch
[2011/05/15 07:02:07 | 000,000,000 | -H-D | M] -- C:\Program Files\somototoolbar
[2005/10/23 10:39:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2010/12/27 21:45:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony
[2008/04/06 19:08:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony Corporation
[2010/12/27 21:41:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony Media Go Install
[2010/08/06 14:11:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Symantec
[2005/11/06 14:35:09 | 000,000,000 | -H-D | M] -- C:\Program Files\TabIt
[2006/08/09 21:24:31 | 000,000,000 | -H-D | M] -- C:\Program Files\The Weather Channel FW
[2005/10/29 15:21:36 | 000,000,000 | -H-D | M] -- C:\Program Files\TrueSwitch
[2008/07/08 00:52:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Trymedia
[2011/01/29 11:02:25 | 000,000,000 | -H-D | M] -- C:\Program Files\TurboTax
[2004/08/19 17:14:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/03 00:11:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Universal
[2009/09/03 00:12:14 | 000,000,000 | -H-D | M] -- C:\Program Files\VersalSoft
[2007/04/14 14:13:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Viewpoint
[2009/07/05 15:55:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Virtual Earth 3D
[2008/04/12 22:16:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Visual Bible The Birth of Jesus_The Story Behind the Cross
[2005/10/23 10:43:51 | 000,000,000 | -H-D | M] -- C:\Program Files\WebCyberCoach
[2006/06/20 23:53:05 | 000,000,000 | -H-D | M] -- C:\Program Files\WildTangent
[2008/11/13 23:03:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live Toolbar
[2010/12/27 21:44:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2008/07/24 20:15:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2004/08/19 17:02:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Plus
[2009/08/23 16:39:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar
[2004/08/19 17:05:02 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/10/23 10:41:05 | 000,000,000 | -H-D | M] -- C:\Program Files\WordPerfect Office 12
[2007/06/16 19:08:10 | 000,000,000 | -H-D | M] -- C:\Program Files\WSfonts
[2004/08/19 17:07:50 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2010/02/18 00:55:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2010/09/11 21:33:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Yapta
[2005/10/23 10:37:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Your Company Name
[2009/08/21 14:54:27 | 000,000,000 | -H-D | M] -- C:\Program Files\ZyXEL Communications Corporation


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 06:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< CREATERESTOREPOINT >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)


========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\Book_Worm-Setup.exe:SummaryInformation
< End of report >

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Thu 23 Jun 2011, 3:29 pm

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Fri 24 Jun 2011, 10:13 am

hi,
i'm only able to do anything on the pc with the otl booting up first from the disc. I don't think any antivirus programs can run with this, can they? anyway, i didn't know how to disable them if they were. so i copied the commy, and the text, run, ok....got a popup asking if i agreed to the terms of combofix, i said agree, and immediately got another popup saying "Combofix error opening file for writing: x:\32788r22fwjfw\023.dat click abort to stop the installation,retry to try again, or ignore to skip this file..i tried ignore, and then another one popped up, this time 023.datx, and then many more, so i aborted..

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Fri 24 Jun 2011, 5:36 pm

Try running this:

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Sat 25 Jun 2011, 1:29 pm

hi, unfortunately i'm still getting an error about drive x...
x:\i386\system32\drivers\mbamswissarmy.sys
An error occurred while trying to create a file in the destination directory: access is denied
i had to abort

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Sat 25 Jun 2011, 2:09 pm

Are you not able to boot into Windows regularly at all?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Sat 25 Jun 2011, 2:24 pm

no, the windows login screen comes on (where i can click my user name), but the mouse won't work...not in safe mode or regular..

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Sun 26 Jun 2011, 4:37 pm

Hi,

Please re-run OTL once again.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Tue 05 Jul 2011, 10:33 am

ok, i reran otlpe from the disk...inserted the fix code from the "read this before posting" section of the site...there was no extras.txt output, but here is the otl.txt output:
OTL logfile created on: 7/4/2011 8:15:01 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 98.48 Gb Free Space | 68.24% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1742.41 Gb Free Space | 93.53% Space Free | Partition Type: NTFS
Drive J: | 7.45 Gb Total Space | 6.49 Gb Free Space | 87.15% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2011/05/14 02:57:53 | 000,251,216 | -H-- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/05/14 02:57:53 | 000,206,160 | -H-- | M] (Computer Associates International, Inc.) [Auto] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/08/23 21:21:40 | 000,013,672 | -H-- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Disabled] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Disabled] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 000,076,848 | -H-- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PLCMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - [2011/01/25 03:57:04 | 000,009,072 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\24185 -- (24185)
DRV - [2010/11/22 12:03:58 | 000,009,072 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\19757 -- (19757)
DRV - [2010/09/24 11:16:18 | 000,146,000 | -H-- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2010/09/24 11:16:18 | 000,115,792 | -H-- | M] (CA) [Kernel | System] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2010/09/24 11:16:18 | 000,061,008 | -H-- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2010/09/24 11:16:18 | 000,061,008 | -H-- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2010/09/17 12:21:00 | 000,135,248 | -H-- | M] (CA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/06/09 06:54:38 | 000,244,304 | -H-- | M] (CA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/05/03 02:12:02 | 000,108,112 | -H-- | M] (CA) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart)
DRV - [2010/03/22 13:58:42 | 000,079,864 | -H-- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/11/19 15:33:20 | 000,051,200 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/10/14 10:59:38 | 000,022,696 | -H-- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/03/27 15:27:04 | 000,598,656 | -H-- | M] (Computer Associates International, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/12/20 07:32:10 | 000,016,694 | -H-- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/06 14:22:00 | 000,036,224 | -H-- | M] (ArcSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/07/30 21:59:14 | 000,017,280 | -H-- | M] (Intellon, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2007/04/25 09:55:02 | 000,134,912 | -H-- | M] (ArcSoft Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | -H-- | M] (ArcSoft Inc.) [Recognizer | System] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/10 16:05:00 | 000,018,688 | -H-- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/05 16:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/14 23:40:08 | 000,180,864 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/08 12:55:50 | 000,013,567 | -H-- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/06 05:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/17 15:30:46 | 000,017,005 | -H-- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/09/19 16:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/27 16:12:36 | 000,015,360 | RH-- | M] (CEntrance, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD)
DRV - [2002/06/24 10:00:00 | 000,053,412 | -H-- | M] (GEAR Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GEARASPISYS.SYS -- (GearAspiSys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\Nikko_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [2011/05/16 05:30:57 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [swg] File not found
O4 - HKU\Nikko_ON_C..\Run: [AIM] File not found
O4 - HKU\Nikko_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Nikko_ON_C..\Run: [swg] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [bdWruSduNKKJP] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1\kasperskysetup_9.0.0.722_27.05.2011_16-20\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DIANE_BLUMENFIELD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jesse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nikko_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 19:12:07 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Yahoo! Import WAB
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - WXcom Class
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - YbUploadFavsCtl Class
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 01:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2011/06/25 01:21:08 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/06/05 15:14:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2008/07/27 20:21:51 | 000,726,008 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\DIANE BLUMENFIELD\gotomypc_437.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 01:48:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 01:48:39 | 3479,326,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/25 01:45:33 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 01:38:33 | 000,000,542 | ---- | M] () -- C:\Malwarebytes' Anti-Malware.lnk
[2011/06/22 20:02:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job
[2011/06/18 12:58:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 01:47:01 | 3479,326,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/25 01:41:14 | 000,000,542 | ---- | C] () -- C:\Malwarebytes' Anti-Malware.lnk
[2011/05/25 08:17:43 | 000,000,400 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/01/30 12:52:49 | 000,300,848 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/21 06:36:09 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A5W.INI
[2011/01/21 06:35:10 | 000,000,183 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/09/03 15:51:48 | 000,074,703 | -H-- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/07/31 12:47:03 | 000,005,636 | -H-- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2010/07/25 21:41:46 | 000,000,007 | -H-- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/07/25 21:40:49 | 001,054,032 | -H-- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/06/05 07:19:48 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/01/09 12:10:10 | 000,115,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/08 21:39:13 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2009/07/08 19:57:22 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Launch Internet Explorer Browser.lnk
[2009/07/08 19:44:19 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/08 19:44:19 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/08 19:43:23 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/08 19:43:23 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/08 19:43:22 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/19 20:31:59 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2009/05/19 20:31:20 | 000,000,255 | -H-- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2008/11/13 23:06:43 | 000,108,712 | -H-- | C] () -- C:\WINDOWS\TrueInstall.exe
[2008/11/12 19:59:17 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/12 20:29:27 | 000,091,648 | -H-- | C] () -- C:\WINDOWS\gzip.exe
[2008/04/06 19:09:11 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/06 19:36:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/25 23:25:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2007/12/25 23:15:52 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007/11/25 21:02:49 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/06 20:57:57 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/06 20:57:03 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2007/10/29 15:25:47 | 000,001,214 | -H-- | C] () -- C:\WINDOWS\checkip.dat
[2007/10/21 01:21:07 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.PAUL NEWMAN.ini
[2007/09/23 17:37:57 | 000,000,299 | -H-- | C] () -- C:\WINDOWS\EReg184.dat
[2007/02/04 22:34:15 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/01 17:52:34 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 16:04:00 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 23:03:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\REWCACHE.DAT
[2006/10/07 07:57:55 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/28 23:42:17 | 000,001,759 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/23 17:24:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JPR.{PB
[2006/04/23 17:24:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JCM.{PB
[2006/03/25 14:38:41 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/03/25 14:18:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 22:26:38 | 000,000,014 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/09 17:07:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/28 23:58:11 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\066CD7E7C2.sys
[2005/11/28 23:58:10 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/19 09:17:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JPR.{PB
[2005/11/19 09:17:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JCM.{PB
[2005/11/09 23:25:38 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JPR.{PB
[2005/11/09 23:25:38 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JCM.{PB
[2005/11/06 14:39:06 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/05 17:06:06 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\fusioncache.dat
[2005/11/05 16:50:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\fusioncache.dat
[2005/10/31 22:13:04 | 000,000,134 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\fusioncache.dat
[2005/10/29 16:32:57 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/10/29 16:15:27 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/10/29 15:14:48 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/10/29 14:50:42 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/29 14:47:13 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\fusioncache.dat
[2005/10/23 10:48:13 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/23 10:45:41 | 000,149,504 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/23 10:39:58 | 000,000,860 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/23 10:37:38 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/23 10:12:14 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/23 10:11:52 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 18:04:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 17:20:39 | 000,000,908 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:16:24 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 17:01:43 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 16:57:50 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,490,680 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:58 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/19 16:49:51 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 16:49:47 | 000,491,160 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 16:49:47 | 000,088,640 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:47 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 16:49:47 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 16:49:44 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 16:49:43 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 16:49:38 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 16:49:38 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 16:49:30 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 16:49:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/05/31 20:43:38 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\TrueProcess.exe
[1999/01/22 14:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/03/17 22:44:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2005/12/01 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Aim
[2010/11/01 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CallingID
[2010/10/30 11:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CBS Interactive
[2011/05/15 07:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\dtband
[2010/11/03 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Free Upload Manager
[2010/06/05 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\GARMIN
[2007/12/20 07:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\HotSync
[2011/01/24 07:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo
[2005/11/27 19:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Leadertech
[2011/05/15 08:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\MP3Rocket
[2010/10/30 11:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\OpenCandy
[2008/12/20 17:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Softouch
[2011/05/15 07:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\somototoolbar
[2010/10/30 14:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Spyware Terminator
[2007/02/15 09:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Viewpoint
[2007/07/15 21:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\WildTangent
[2008/05/12 22:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Yapta
[2010/10/27 18:27:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\CallingID
[2011/05/19 18:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\dtband
[2010/06/30 13:36:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\FCTB000062125
[2009/03/07 08:44:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\GOODSEARCH
[2007/12/25 16:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\HotSync
[2010/09/13 07:02:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\iolo
[2008/01/25 08:24:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Leadertech
[2011/05/19 18:13:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\somototoolbar
[2010/12/27 21:00:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Sony
[2008/05/22 06:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Yapta
[2010/09/03 15:53:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/07/07 22:37:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2005/11/05 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Aim
[2006/10/29 17:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Cakewalk
[2010/10/30 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\CallingID
[2011/05/21 08:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\dtband
[2010/06/28 12:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\FCTB000062125
[2008/12/31 19:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\GOODSEARCH
[2007/12/21 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\HotSync
[2010/12/13 08:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\iolo
[2011/05/21 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\somototoolbar
[2010/10/30 16:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Spyware Terminator
[2007/02/02 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Viewpoint
[2008/05/13 15:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Yapta
[2005/11/19 16:20:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Aim
[2006/10/24 16:54:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Cakewalk
[2010/11/01 14:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\CallingID
[2011/05/16 19:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\dtband
[2010/06/25 18:44:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\FCTB000062125
[2009/03/23 22:41:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GARMIN
[2010/09/11 21:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GOODSEARCH
[2007/12/20 23:45:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\HotSync
[2010/11/25 07:51:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\iolo
[2007/12/25 23:08:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Leadertech
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Ludia
[2009/07/08 20:51:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\MSNInstaller
[2010/12/10 14:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\QuickVerse10
[2011/02/25 09:47:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Raintree
[2011/05/16 19:36:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\somototoolbar
[2010/12/27 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Sony
[2007/01/17 00:12:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Viewpoint
[2006/06/20 23:47:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\WildTangent
[2009/03/06 10:33:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Yapta
[2010/11/01 18:07:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/07/25 19:36:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/05/27 23:18:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/23 23:06:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/12/13 05:14:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\hOdMj05700
[2007/12/20 07:33:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/05/26 22:31:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2005/10/29 16:33:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MCA219.tmp
[2010/02/27 00:53:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/05/27 23:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/01 15:13:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/13 22:03:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/12/20 17:54:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Softouch
[2008/02/03 02:42:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/13 22:04:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2007/04/14 14:13:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/20 23:47:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/02/29 00:36:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2007/06/16 19:08:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2009/03/14 09:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/06/16 19:08:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{10659AF2-4F35-499C-A058-D29D27AEE138}
[2010/04/08 18:07:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/06 22:08:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/16 17:36:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/14 22:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/30 18:01:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/18 12:58:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/06/22 20:02:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

2nd half of last otl.txt

Post by dmn3331 on Tue 05 Jul 2011, 10:34 am


========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %systemroot%\system32\config\systemprofile\*.dat /x >

Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

Invalid Environment Variable: %USERPROFILE%\My Documents\*.exe

Invalid Environment Variable: %USERPROFILE%\*.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/03/03 02:55:19 | 000,149,504 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/02/22 19:06:28 | 011,080,704 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/02/22 19:06:28 | 001,991,680 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:37 | 008,462,336 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/08/06 09:03:55 | 000,000,000 | -H-D | M] -- C:\Program Files\AAdvantage eShoppingSM Toolbar
[2010/08/14 16:59:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2006/03/04 23:58:07 | 000,000,000 | -H-D | M] -- C:\Program Files\AIM
[2005/11/11 13:09:01 | 000,000,000 | -H-D | M] -- C:\Program Files\AOD
[2005/12/01 19:24:09 | 000,000,000 | -H-D | M] -- C:\Program Files\AOL
[2008/08/23 14:43:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2006/03/25 14:38:41 | 000,000,000 | -H-D | M] -- C:\Program Files\ArcSoft
[2011/03/08 07:53:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Ask.com
[2008/02/29 00:36:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Bible Explorer 4
[2011/05/27 20:23:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2010/07/25 21:42:34 | 000,000,000 | -H-D | M] -- C:\Program Files\CA
[2007/08/21 12:43:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Cakewalk
[2011/05/18 23:28:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Canon
[2007/10/20 12:33:16 | 000,000,000 | -H-D | M] -- C:\Program Files\CDKnet
[2010/12/27 21:46:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2004/08/19 17:02:56 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2011/05/15 08:46:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Conduit
[2011/05/15 08:46:04 | 000,000,000 | -H-D | M] -- C:\Program Files\ConduitEngine
[2010/08/07 10:29:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Coupons
[2005/10/23 10:34:49 | 000,000,000 | -H-D | M] -- C:\Program Files\CyberLink
[2005/10/23 10:46:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell
[2009/05/19 20:31:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell A920
[2009/08/21 12:00:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell AIO Printer A920
[2008/02/03 02:41:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell Support Center
[2007/04/11 20:50:15 | 000,000,000 | -H-D | M] -- C:\Program Files\DellSupport
[2010/09/12 13:22:52 | 000,000,000 | -H-D | M] -- C:\Program Files\DIFX
[2007/08/28 12:41:31 | 000,000,000 | -H-D | M] -- C:\Program Files\DigiTech
[2008/02/28 08:11:19 | 000,000,000 | -H-D | M] -- C:\Program Files\e-Sword
[2005/10/23 10:38:40 | 000,000,000 | -H-D | M] -- C:\Program Files\EarthLink Setup
[2010/11/02 21:43:32 | 000,000,000 | -H-D | M] -- C:\Program Files\EasyGPS
[2007/09/24 22:06:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Encountering the New Testament 2
[2004/08/19 17:16:18 | 000,000,000 | -H-D | M] -- C:\Program Files\EnglishOtto
[2011/01/10 21:04:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Finale NotePad 2007
[2010/09/12 13:22:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Garmin
[2004/08/19 17:16:22 | 000,000,000 | -H-D | M] -- C:\Program Files\GemMaster
[2009/03/15 07:34:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2010/06/19 15:21:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Hanes T-ShirtMaker Premier
[2008/05/12 20:29:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Homestead
[2005/10/29 15:16:26 | 000,000,000 | -H-D | M] -- C:\Program Files\illiminable
[2011/01/21 06:30:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/10/23 10:34:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel
[2011/04/15 03:12:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2005/10/23 10:39:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Intuit
[2010/09/03 15:52:54 | 000,000,000 | -H-D | M] -- C:\Program Files\iolo
[2011/05/07 10:24:18 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2010/11/01 18:02:43 | 000,000,000 | -H-D | M] -- C:\Program Files\ISSThirdParty
[2011/05/07 10:25:26 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2010/09/10 07:28:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2010/05/22 13:34:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2008/02/29 00:35:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Laridian
[2005/10/23 10:38:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Learn2.com
[2007/10/29 15:54:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Linksys
[2008/07/08 00:52:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Ludia
[2011/05/27 20:52:48 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 01:23:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2009/08/19 18:27:39 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee
[2009/08/19 18:27:37 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee.com
[2007/08/31 17:56:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Memorex exPressit Label Design Studio
[2008/08/13 18:18:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2008/11/06 13:14:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/02/22 18:39:55 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2007/08/15 00:30:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Games
[2009/09/01 20:28:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2005/10/23 10:36:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/10/23 10:36:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2011/04/22 15:30:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2008/11/05 00:06:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2005/12/01 22:05:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Streets and Trips
[2006/10/23 19:57:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2010/09/11 21:33:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Modem Helper
[2005/10/23 10:34:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Modem On Hold
[2010/08/11 17:36:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2007/02/27 23:36:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2011/05/15 08:43:26 | 000,000,000 | -H-D | M] -- C:\Program Files\MP3 Rocket
[2011/05/15 07:02:12 | 000,000,000 | -H-D | M] -- C:\Program Files\MP3 Rocket FileBulldog Toolbar
[2009/08/21 21:35:33 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2009/09/01 20:28:19 | 000,000,000 | -H-D | M] -- C:\Program Files\MSECache
[2009/01/06 19:43:37 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2004/08/19 17:01:48 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/26 20:53:36 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2008/11/13 22:39:48 | 000,000,000 | -H-D | M] -- C:\Program Files\MUSICMATCH
[2009/02/28 19:53:48 | 000,000,000 | -H-D | M] -- C:\Program Files\MySpace
[2008/07/24 20:15:49 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2008/07/25 08:20:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Oberon Media
[2006/10/23 20:26:26 | 000,000,000 | -H-D | M] -- C:\Program Files\OfficeUpdate11
[2004/08/19 17:02:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/16 04:01:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2011/01/27 08:06:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Palm
[2006/03/25 14:29:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Panasonic
[2007/09/21 18:18:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Parsons
[2011/05/13 22:03:03 | 000,000,000 | -H-D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2008/04/06 19:10:45 | 000,000,000 | -H-D | M] -- C:\Program Files\PIXELA
[2007/08/28 12:57:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Pro Tracks
[2010/12/18 10:21:05 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2010/12/10 14:28:48 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickVerse 2006
[2011/05/15 08:46:01 | 000,000,000 | -H-D | M] -- C:\Program Files\quixley_v2
[2005/10/23 10:38:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2009/08/21 21:35:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2004/08/19 17:20:24 | 000,000,000 | -H-D | M] -- C:\Program Files\RGB
[2008/11/01 08:41:09 | 000,000,000 | RH-D | M] -- C:\Program Files\rnamfler
[2011/05/07 10:14:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Safari
[2005/10/23 10:32:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Sigmatel
[2008/10/14 09:57:19 | 000,000,000 | -H-D | M] -- C:\Program Files\SiteAdvisor
[2008/12/20 17:54:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Softouch
[2011/05/15 07:02:07 | 000,000,000 | -H-D | M] -- C:\Program Files\somototoolbar
[2005/10/23 10:39:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2010/12/27 21:45:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony
[2008/04/06 19:08:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony Corporation
[2010/12/27 21:41:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony Media Go Install
[2010/08/06 14:11:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Symantec
[2005/11/06 14:35:09 | 000,000,000 | -H-D | M] -- C:\Program Files\TabIt
[2006/08/09 21:24:31 | 000,000,000 | -H-D | M] -- C:\Program Files\The Weather Channel FW
[2005/10/29 15:21:36 | 000,000,000 | -H-D | M] -- C:\Program Files\TrueSwitch
[2008/07/08 00:52:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Trymedia
[2011/01/29 11:02:25 | 000,000,000 | -H-D | M] -- C:\Program Files\TurboTax
[2004/08/19 17:14:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/03 00:11:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Universal
[2009/09/03 00:12:14 | 000,000,000 | -H-D | M] -- C:\Program Files\VersalSoft
[2007/04/14 14:13:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Viewpoint
[2009/07/05 15:55:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Virtual Earth 3D
[2008/04/12 22:16:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Visual Bible The Birth of Jesus_The Story Behind the Cross
[2005/10/23 10:43:51 | 000,000,000 | -H-D | M] -- C:\Program Files\WebCyberCoach
[2006/06/20 23:53:05 | 000,000,000 | -H-D | M] -- C:\Program Files\WildTangent
[2008/11/13 23:03:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live Toolbar
[2010/12/27 21:44:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2008/07/24 20:15:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2004/08/19 17:02:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Plus
[2009/08/23 16:39:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar
[2004/08/19 17:05:02 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/10/23 10:41:05 | 000,000,000 | -H-D | M] -- C:\Program Files\WordPerfect Office 12
[2007/06/16 19:08:10 | 000,000,000 | -H-D | M] -- C:\Program Files\WSfonts
[2004/08/19 17:07:50 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2010/02/18 00:55:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2010/09/11 21:33:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Yapta
[2005/10/23 10:37:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Your Company Name
[2009/08/21 14:54:27 | 000,000,000 | -H-D | M] -- C:\Program Files\ZyXEL Communications Corporation


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 06:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< CREATERESTOREPOINT >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | -H-- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\Book_Worm-Setup.exe:SummaryInformation
< End of report >

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sponsored content Today at 11:15 pm


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum