espeak911 colexity777 37.220.36.44

by Hobo on Mon 20 Aug 2012, 12:25 pm

Malware attempts to connect to one of the following three sites about once or twice every minute: espeak911.com/x/ , colexity777.com/x/ , 37.220.36.44/x/ . So far Trend Micro Titanium has been able to block these attempts.

The malware does not allow me to go to google.com or do any searches on sites that use Google.

Toshiba Satellite laptop running Win XP. IE8. SpyHunter4 downloaded only to scan for problems.

Problems began about two days ago.

OTL

OTL logfile created on: 8/19/2012 6:12:28 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.73% Memory free
2.58 Gb Paging File | 1.97 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 6.03 Gb Free Space | 8.09% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: BCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 18:02:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL\OTL.com
PRC - [2012/07/22 09:43:39 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/07/11 14:58:22 | 005,076,416 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2012/07/11 14:58:12 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/02/27 07:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/08/02 17:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/03 03:07:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/07/03 02:57:04 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/07/02 23:50:32 | 000,700,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 13:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2006/04/25 18:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/16 14:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/03/02 16:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 13:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2006/01/20 16:14:20 | 001,122,412 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
PRC - [2005/12/16 03:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/05 23:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/08/16 12:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/21 19:38:24 | 000,901,120 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/04/26 13:26:14 | 000,266,240 | ---- | M] (FLIR Systems) -- C:\Program Files\FLIR Systems\QuickView\T3Mon.exe
PRC - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2006/07/02 23:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 23:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 15:07:08 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/01/17 19:52:10 | 000,659,456 | ---- | M] () -- C:\Program Files\NETGEAR\WG511SCU\Utility\UIResource.dll
MOD - [2006/01/04 19:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/23 15:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2004/07/20 18:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2004/04/26 13:25:16 | 000,003,584 | ---- | M] () -- c:\Program Files\FLIR Systems\QuickView\Resources\T3Mon.En

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/08/14 13:45:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:58:12 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/08/02 14:58:24 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/07/12 05:14:08 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/07/12 05:13:54 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/07/12 05:13:42 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/06/17 12:22:52 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/04/14 21:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/11/16 18:34:26 | 005,955,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/03/30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/08/25 17:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/22 11:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/13 11:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/03 01:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/28 17:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 12:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 17:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/03/18 08:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 19:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 15:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 15:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/07/25 18:48:36 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg511nd5.sys -- (NETGEAR_WG511_SERVICE)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 14:08:20 | 000,020,992 | ---- | M] (FLIR Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FLIRUSB.sys -- (FLIRUSBNET)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/11 19:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/27 07:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/03/05 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/27 07:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/22 09:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 09:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/22 09:45:10 | 000,000,000 | ---D | M]

[2009/10/14 00:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/30 10:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/05 03:15:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/25 16:39:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/12/30 10:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/07/22 09:44:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/05 03:15:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1464\6.6.1081\FIREFOXEXTENSION
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/22 09:43:48 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/09/10 01:06:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe ( )
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft PDF Professional 4-reminder] C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [T3Mon] C:\Program Files\FLIR Systems\QuickView\T3Mon.exe (FLIR Systems)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD89D79-D72C-4FB1-95C4-33FDAF4732F2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 20:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 17:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus
[2012/08/18 19:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Start Menu\Programs\SpyHunter
[2012/08/18 19:59:32 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/18 19:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/18 19:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/08/18 19:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\DriverCure
[2012/08/18 19:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\SpeedyPC Software
[2012/08/18 19:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Start Menu\Programs\SpeedyPC Software
[2012/08/18 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/08/18 19:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/08/18 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/08/18 09:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/18 09:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/16 22:32:09 | 000,000,000 | ---D | C] -- C:\2012 Election
[2012/08/05 19:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\My Documents\Backup IE and Outlook Express
[2012/07/29 00:35:55 | 000,000,000 | ---D | C] -- C:\Barber Shop
[2012/07/22 09:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/07/22 09:44:11 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/07/22 09:43:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/07/22 09:43:43 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/07/22 09:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 18:12:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 18:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/08/19 17:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/19 14:37:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/08/19 11:56:45 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/19 11:56:28 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/19 11:56:28 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/19 11:56:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/19 11:56:17 | 2137,034,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 01:50:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/08/19 01:25:19 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/08/18 19:59:36 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\SpyHunter.lnk
[2012/08/18 19:40:55 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\SpeedyPC Pro.lnk
[2012/08/18 19:29:15 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/18 16:52:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/16 12:37:59 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 02:34:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 22:16:07 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/14 13:45:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 13:45:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/05 18:46:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/28 23:40:07 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/07/26 11:21:08 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/22 09:45:05 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/07/22 09:44:12 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/07/22 09:43:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/07/22 09:43:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/07/22 09:43:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/18 19:59:36 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\SpyHunter.lnk
[2012/08/18 19:41:29 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/08/18 19:40:55 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\SpeedyPC Pro.lnk
[2012/08/18 19:40:54 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/18 19:40:54 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/08/18 19:40:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/07/22 09:45:05 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/07/21 08:14:49 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/17 21:18:32 | 000,034,776 | ---- | C] () -- C:\WINDOWS\System32\ClientPropertyPageLIB.dll
[2012/05/17 21:16:58 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2012/05/17 21:16:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2012/05/17 21:16:55 | 012,033,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2012/05/17 21:16:54 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2012/05/17 21:16:54 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2012/03/05 13:59:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2011/05/29 22:51:09 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/09/10 03:02:42 | 000,003,033 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/22 23:54:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\housecall.guid.cache
[2010/08/15 01:02:02 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml
[2008/02/13 01:50:36 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2006/12/14 03:02:10 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 03:02:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\fusioncache.dat

>>>>> CONTINUED NEXT POST <<<<<

by Hobo on Mon 20 Aug 2012, 12:25 pm

>>>>> CONTINUED <<<<<

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2006/04/10 08:22:50 | 000,050,776 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/10/14 00:48:34 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2006/04/10 08:22:50 | 000,050,776 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/10/14 00:48:34 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/04 08:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2012/06/03 10:44:46 | 000,005,504 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys

< %systemroot%\System32\config\*.sav >
[2006/07/18 13:27:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/07/18 13:27:17 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/07/18 13:27:17 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/05/29 22:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\321Studios
[2012/03/03 11:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/07/19 20:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2009/05/03 03:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Architectural Energy Corporation
[2012/07/30 17:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/07/31 23:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Chief Architect
[2012/08/18 19:58:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/07/18 20:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/01/19 17:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\DATA BECKER
[2006/08/11 15:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\DataLode
[2008/06/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\DesktopDialer
[2012/05/17 21:18:43 | 000,000,000 | ---D | M] -- C:\Program Files\DinoCapture 2.0
[2006/07/19 17:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2010/03/14 00:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Energy Conservatory
[2006/07/19 17:49:57 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2012/08/18 19:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/09/14 02:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2008/02/03 21:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2006/12/14 03:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\FLIR Systems
[2006/07/19 18:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2011/05/09 10:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/12/19 23:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Hasbro
[2006/07/19 20:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2012/05/17 21:16:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/12/14 02:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/08/16 02:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/12/14 02:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/09/02 15:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2011/12/30 10:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/07/19 17:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/17 21:23:29 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2006/07/19 19:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/03/12 21:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/07/19 20:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/07/18 20:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/03/26 19:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/07/19 20:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/07/19 20:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/09/10 03:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/18 20:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/24 01:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/26 19:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/07/18 20:32:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/07/18 20:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/06/11 00:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/03/05 22:16:03 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2009/03/12 09:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/09/07 19:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2006/07/18 20:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 02:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/09/24 20:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/08/13 00:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\PSD
[2006/07/19 20:39:38 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2008/09/01 12:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2012/07/22 09:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2010/06/17 17:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/24 01:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/02/13 01:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/01/31 19:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Selectsoft
[2008/08/15 21:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\SNC
[2012/08/18 19:40:43 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedyPC Software
[2011/03/05 15:42:48 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/07/19 16:57:47 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/12/14 03:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\ThermaCAM
[2006/08/17 11:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2006/07/19 17:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Games
[2012/03/05 13:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/07/18 20:42:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/31 18:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2006/07/19 20:39:47 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/07/19 17:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/06/14 21:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/12 09:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/07/18 20:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/07/18 20:35:37 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/08/19 14:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\WMV9_VCM
[2008/08/19 14:40:54 | 000,000,000 | ---D | M] -- C:\Program Files\Xara
[2006/07/18 20:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/08/11 15:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2006/07/18 13:28:16 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\BCB\Application Data\desktop.ini
[2010/09/08 23:34:36 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml

< MD5 for: AFD.SYS >
[2011/08/17 07:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 07:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 13:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 13:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 07:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 09:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 04:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 03:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/10 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 03:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 08:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 07:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 04:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 05:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 04:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 05:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 05:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 07:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/10 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/13 18:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/13 18:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 11:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 11:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2008/02/20 12:49:36 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=6333C7E182E5B6247500188D28214DEF -- C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
[2004/08/10 06:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
[2008/02/19 23:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=AAC8FFBFD61E784FA3BAC851D4A0BD5F -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/20 11:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/13 18:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/13 18:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2012/08/13 22:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
[2005/03/09 11:18:20 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=87D45DE924F9DEAE3886A270DE0097AA -- C:\WINDOWS\$NtUninstallKB902400$\es.dll
[2005/07/25 22:20:28 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=95F5FEA4C6DE2C3F28784D0DCC8F0DD3 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[2012/08/08 14:30:14 | 000,008,728 | ---- | M] () MD5=99CDEC2E14B16630C1FC85682625BF45 -- C:\Program Files\Google\Chrome\Application\21.0.1180.77\Locales\es.dll
[2008/07/07 14:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2004/08/10 06:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS\$NtUninstallKB895200$\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\ERDNT\cache\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 14:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/10 06:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/13 18:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 18:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/10 06:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBT.SYS >
[2004/08/10 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 13:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 13:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2005/08/22 12:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 12:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[2004/08/10 06:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtUninstallKB905414$\netman.dll

< MD5 for: QMGR.DLL >
[2004/08/10 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/04/13 18:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 18:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004/08/10 06:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB895200$\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 04:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/25 22:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2005/04/28 13:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/03/09 11:18:21 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=E5F3AF7B092F23BA51E1F31096F12DC6 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SR.SYS >
[2008/04/13 12:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/13 12:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2004/08/10 06:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/10 06:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006/04/20 05:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 04:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 10:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 04:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 11:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 13:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 13:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/10 06:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/06/20 05:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 05:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 06:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 12:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 12:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/10 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/13 18:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 18:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2004/08/10 06:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2004/08/10 06:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2008/04/13 18:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 18:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/10 06:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/13 18:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/13 18:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

by Hobo on Mon 20 Aug 2012, 12:26 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 18:30:35
-----------------------------
18:30:35.328 OS Version: Windows 5.1.2600 Service Pack 3
18:30:35.328 Number of processors: 2 586 0xE08
18:30:35.328 ComputerName: TOSHIBA-USER UserName: BCB
18:30:36.421 Initialize success
18:31:03.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:31:03.640 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
18:31:03.640 Device \Driver\atapi -> DriverStartIo 8a7202e2
18:31:03.640 Disk 0 MBR read successfully
18:31:03.640 Disk 0 MBR scan
18:31:03.640 Disk 0 Windows XP default MBR code
18:31:03.640 Disk 0 MBR hidden
18:31:03.671 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
18:31:03.671 Disk 0 scanning sectors +156296385
18:31:03.750 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:14.265 Service scanning
18:31:33.546 Modules scanning
18:31:43.265 Disk 0 trace - called modules:
18:31:43.281 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a7204b1]<<
18:31:43.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a708ab8]
18:31:43.281 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008b[0x8a7aa510]
18:31:43.281 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a70c940]
18:31:43.296 \Driver\atapi[0x8a693a68] -> IRP_MJ_CREATE -> 0x8a7204b1
18:31:43.296 Scan finished successfully
18:32:53.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR\MBR.dat"
18:32:53.031 The log file has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR\aswMBR.txt"

by Hobo on Mon 20 Aug 2012, 12:27 pm

Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
AOL Spyware Protection
SpyHunter
HijackThis 2.0.2
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 9.0.115.0 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (3.0.10) Firefox out of Date!
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
````````Process Check: objlist.exe by Laurent````````
BCB Desktop Aug 2012 espeak911 virus SecurityCheck\SecurityCheck.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

by **Superdave** on Tue 21 Aug 2012, 12:02 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
The Security Check log shows that your AV is disabled. Please enable it now.
The log also show that you only have 8.09% free space on your hard drive. Windows require 15% or more to operate efficiently. You will need to free up more space(11 Gb). You can do this by transferring music, videos, pictures and other important data to an external harddrive or DVD's. You can use RW's because they are re-usable. You can also uninstall any programs no longer used or needed.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

by Hobo on Wed 22 Aug 2012, 10:03 am

I am using a computer at the library to read your instructions and download any needed software. I will report back once I have completed your above instructions. Thank you.

by Hobo on Thu 23 Aug 2012, 2:45 am

Installed SuperAntiSpyware. Did not appear to update from update file downloaded onto thumb drive from another computer.

NOTE - SuperAntiSpyware update file later found by Malwarebytes to be infected!!

Scan log below:

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 08/21/2012 at 11:46 PM

Application Version : 5.5.1012

Core Rules Database Version : 9098
Trace Rules Database Version: 6910

Scan type : Complete Scan
Total Scan Time : 03:22:17

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 35471
Registry threats detected : 0
File items scanned : 131882
File threats detected : 388

Adware.Tracking Cookie
C:\Documents and Settings\BCB\Cookies\bcb@a.total-media[1].txt [ /a.total-media ]
C:\Documents and Settings\BCB\Cookies\bcb@ad-beta.thehill[1].txt [ /ad-beta.thehill ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.blockshopper[1].txt [ /ad.blockshopper ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.ench.kyodonews[1].txt [ /ad.ench.kyodonews ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.epochtimes[2].txt [ /ad.epochtimes ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.telegraf[1].txt [ /ad.telegraf ]
C:\Documents and Settings\BCB\Cookies\bcb@ad1.adtitan[1].txt [ /ad1.adtitan ]
C:\Documents and Settings\BCB\Cookies\bcb@ad4.adfarm1.adition[2].txt [ /ad4.adfarm1.adition ]
C:\Documents and Settings\BCB\Cookies\bcb@adcentriconline[2].txt [ /adcentriconline ]
C:\Documents and Settings\BCB\Cookies\bcb@adecn[1].txt [ /adecn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.abovetopsecret[1].txt [ /ads.abovetopsecret ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.apn.co[2].txt [ /ads.apn.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.artsopolis[1].txt [ /ads.artsopolis ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.bleepingcomputer[1].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.cnn[2].txt [ /ads.cnn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.coastalcourier[2].txt [ /ads.coastalcourier ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.comcorpusa[1].txt [ /ads.comcorpusa ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.dixcom[1].txt [ /ads.dixcom ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.foodbuzz[1].txt [ /ads.foodbuzz ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.heraldnet[1].txt [ /ads.heraldnet ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.imgur[2].txt [ /ads.imgur ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.madeinwork[2].txt [ /ads.madeinwork ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.mail[1].txt [ /ads.mail ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.n-ws[1].txt [ /ads.n-ws ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.news-gazette[2].txt [ /ads.news-gazette ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.oregonnewsjournal[2].txt [ /ads.oregonnewsjournal ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pgatour[2].txt [ /ads.pgatour ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pixiq[2].txt [ /ads.pixiq ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.react2media[2].txt [ /ads.react2media ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcmdb[1].txt [ /ads.tcmdb ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcm[1].txt [ /ads.tcm ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.telegraph.co[1].txt [ /ads.telegraph.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thefrisky[1].txt [ /ads.thefrisky ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thesmokinggun[1].txt [ /ads.thesmokinggun ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tmnetads[1].txt [ /ads.tmnetads ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.trutv[1].txt [ /ads.trutv ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.wabi[2].txt [ /ads.wabi ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.xtra[1].txt [ /ads.xtra ]
C:\Documents and Settings\BCB\Cookies\bcb@adserv.brandaffinity[1].txt [ /adserv.brandaffinity ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.clicklish[2].txt [ /adserver.clicklish ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.neworleans[2].txt [ /adserver.neworleans ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.nsadev[1].txt [ /adserver.nsadev ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.whiznews[1].txt [ /adserver.whiznews ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver2.news-journalonline[1].txt [ /adserver2.news-journalonline ]
C:\Documents and Settings\BCB\Cookies\bcb@advertising.goldseek[2].txt [ /advertising.goldseek ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.brighthouse[1].txt [ /adverts.brighthouse ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.timesofmalta[1].txt [ /adverts.timesofmalta ]
C:\Documents and Settings\BCB\Cookies\bcb@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\BCB\Cookies\bcb@allbritton.122.2o7[1].txt [ /allbritton.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@am-newyokmint-live.122.2o7[1].txt [ /am-newyokmint-live.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@amex-insights[1].txt [ /amex-insights ]
C:\Documents and Settings\BCB\Cookies\bcb@analytics.rogersmedia[1].txt [ /analytics.rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@apnonline.112.2o7[1].txt [ /apnonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@arkansasonline.112.2o7[1].txt [ /arkansasonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@asianmedia[2].txt [ /asianmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@atlanticmedia.122.2o7[1].txt [ /atlanticmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bannerads.forsythnews[2].txt [ /bannerads.forsythnews ]
C:\Documents and Settings\BCB\Cookies\bcb@banners.andomedia[2].txt [ /banners.andomedia ]
C:\Documents and Settings\BCB\Cookies\bcb@banners1.sninews[1].txt [ /banners1.sninews ]
C:\Documents and Settings\BCB\Cookies\bcb@bassproshops.122.2o7[1].txt [ /bassproshops.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@beacon.dmsinsights[1].txt [ /beacon.dmsinsights ]
C:\Documents and Settings\BCB\Cookies\bcb@beacons.hottraffic[1].txt [ /beacons.hottraffic ]
C:\Documents and Settings\BCB\Cookies\bcb@bellglobemediapublishing.122.2o7[1].txt [ /bellglobemediapublishing.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@biglots.112.2o7[1].txt [ /biglots.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@blethenmaine.112.2o7[1].txt [ /blethenmaine.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bluemango.solution.weborama[2].txt [ /bluemango.solution.weborama ]
C:\Documents and Settings\BCB\Cookies\bcb@bonniercorp.122.2o7[1].txt [ /bonniercorp.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@brighthouse.122.2o7[1].txt [ /brighthouse.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@buycom.122.2o7[1].txt [ /buycom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@c.gigcount[1].txt [ /c.gigcount ]
C:\Documents and Settings\BCB\Cookies\bcb@canoe.112.2o7[1].txt [ /canoe.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@care2.112.2o7[1].txt [ /care2.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbcnewmedia.112.2o7[1].txt [ /cbcnewmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbsdigitalmedia.112.2o7[1].txt [ /cbsdigitalmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn1.trafficmp[1].txt [ /cdn1.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn4.specificclick[2].txt [ /cdn4.specificclick ]
C:\Documents and Settings\BCB\Cookies\bcb@centralmediaserver[2].txt [ /centralmediaserver ]
C:\Documents and Settings\BCB\Cookies\bcb@chicagosuntimes.122.2o7[1].txt [ /chicagosuntimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@click2houston[2].txt [ /click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@clickbooth[1].txt [ /clickbooth ]
C:\Documents and Settings\BCB\Cookies\bcb@clickondetroit[1].txt [ /clickondetroit ]
C:\Documents and Settings\BCB\Cookies\bcb@cmn.adbureau[2].txt [ /cmn.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@cms.trafficmp[1].txt [ /cms.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@csm.rotator.hadj7.adjuggler[2].txt [ /csm.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@dailyheraldpaddockpublication.112.2o7[1].txt [ /dailyheraldpaddockpublication.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@dmtracker[2].txt [ /dmtracker ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aek4sgczcao.stats.esomniture[2].txt [ /e-2dj6aek4sgczcao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekiqidjmgp.stats.esomniture[2].txt [ /e-2dj6aekiqidjmgp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekoslcjagp.stats.esomniture[2].txt [ /e-2dj6aekoslcjagp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekygkajidq.stats.esomniture[2].txt [ /e-2dj6aekygkajidq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykmazalp.stats.esomniture[2].txt [ /e-2dj6aekykmazalp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykoajwgq.stats.esomniture[1].txt [ /e-2dj6aekykoajwgq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekyukdpwep.stats.esomniture[2].txt [ /e-2dj6aekyukdpwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aelielczmlo.stats.esomniture[1].txt [ /e-2dj6aelielczmlo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aeliklcjwkp.stats.esomniture[2].txt [ /e-2dj6aeliklcjwkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wakokhdpidp.stats.esomniture[2].txt [ /e-2dj6wakokhdpidp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6walogjdzmfo.stats.esomniture[2].txt [ /e-2dj6walogjdzmfo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wamysod5gap.stats.esomniture[2].txt [ /e-2dj6wamysod5gap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wbliojdjedp.stats.esomniture[2].txt [ /e-2dj6wbliojdjedp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wckycgdzecq.stats.esomniture[2].txt [ /e-2dj6wckycgdzecq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wcl4woc5mdp.stats.esomniture[2].txt [ /e-2dj6wcl4woc5mdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdkiagcjako.stats.esomniture[2].txt [ /e-2dj6wdkiagcjako.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdlionazmkp.stats.esomniture[2].txt [ /e-2dj6wdlionazmkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdmigiazadp.stats.esomniture[2].txt [ /e-2dj6wdmigiazadp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4ehcpcgo.stats.esomniture[2].txt [ /e-2dj6wfk4ehcpcgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4qpc5mbp.stats.esomniture[2].txt [ /e-2dj6wfk4qpc5mbp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkicjazsho.stats.esomniture[1].txt [ /e-2dj6wfkicjazsho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkygjczogp.stats.esomniture[2].txt [ /e-2dj6wfkygjczogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkyuiczkbq.stats.esomniture[2].txt [ /e-2dj6wfkyuiczkbq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfliuldpieq.stats.esomniture[2].txt [ /e-2dj6wfliuldpieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoaicjokq.stats.esomniture[2].txt [ /e-2dj6wgkoaicjokq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoomdpgfq.stats.esomniture[2].txt [ /e-2dj6wgkoomdpgfq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4khazwbo.stats.esomniture[2].txt [ /e-2dj6wjk4khazwbo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4kidjklp.stats.esomniture[2].txt [ /e-2dj6wjk4kidjklp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4ojazkao.stats.esomniture[2].txt [ /e-2dj6wjk4ojazkao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4uldpikq.stats.esomniture[1].txt [ /e-2dj6wjk4uldpikq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkokic5wdp.stats.esomniture[2].txt [ /e-2dj6wjkokic5wdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkoqid5clp.stats.esomniture[1].txt [ /e-2dj6wjkoqid5clp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajcdo.stats.esomniture[2].txt [ /e-2dj6wjkyanajcdo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajwep.stats.esomniture[2].txt [ /e-2dj6wjkyanajwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkycic5gho.stats.esomniture[2].txt [ /e-2dj6wjkycic5gho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyckdpklo.stats.esomniture[2].txt [ /e-2dj6wjkyckdpklo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkygpd5efq.stats.esomniture[2].txt [ /e-2dj6wjkygpd5efq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkykjc5efp.stats.esomniture[2].txt [ /e-2dj6wjkykjc5efp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyknczwgo.stats.esomniture[2].txt [ /e-2dj6wjkyknczwgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqndzwlp.stats.esomniture[2].txt [ /e-2dj6wjkyqndzwlp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqpc5ieq.stats.esomniture[2].txt [ /e-2dj6wjkyqpc5ieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyundpadq.stats.esomniture[2].txt [ /e-2dj6wjkyundpadq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkywkczaeq.stats.esomniture[1].txt [ /e-2dj6wjkywkczaeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4cncpiap.stats.esomniture[2].txt [ /e-2dj6wjl4cncpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4eic5ogp.stats.esomniture[2].txt [ /e-2dj6wjl4eic5ogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4qjdzibp.stats.esomniture[2].txt [ /e-2dj6wjl4qjdzibp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliegcpmhp.stats.esomniture[2].txt [ /e-2dj6wjliegcpmhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlikgajgho.stats.esomniture[2].txt [ /e-2dj6wjlikgajgho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliohd5mhq.stats.esomniture[1].txt [ /e-2dj6wjliohd5mhq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlychczggp.stats.esomniture[2].txt [ /e-2dj6wjlychczggp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlyemdzwao.stats.esomniture[2].txt [ /e-2dj6wjlyemdzwao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiohdzkhp.stats.esomniture[2].txt [ /e-2dj6wjmiohdzkhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiumczcco.stats.esomniture[2].txt [ /e-2dj6wjmiumczcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmychajcdp.stats.esomniture[1].txt [ /e-2dj6wjmychajcdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1gczab.stats.esomniture[1].txt [ /e-2dj6wjny-1gczab.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1pcjml.stats.esomniture[1].txt [ /e-2dj6wjny-1pcjml.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyagc5gao.stats.esomniture[1].txt [ /e-2dj6wjnyagc5gao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyamczmcq.stats.esomniture[2].txt [ /e-2dj6wjnyamczmcq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycldjahq.stats.esomniture[2].txt [ /e-2dj6wjnycldjahq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycndzcco.stats.esomniture[2].txt [ /e-2dj6wjnycndzcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycoajacp.stats.esomniture[1].txt [ /e-2dj6wjnycoajacp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycocpodp.stats.esomniture[2].txt [ /e-2dj6wjnycocpodp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyegd5ekp.stats.esomniture[2].txt [ /e-2dj6wjnyegd5ekp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyejdjkcp.stats.esomniture[2].txt [ /e-2dj6wjnyejdjkcp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygldpoap.stats.esomniture[1].txt [ /e-2dj6wjnygldpoap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygmajmgo.stats.esomniture[2].txt [ /e-2dj6wjnygmajmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyonc5sko.stats.esomniture[2].txt [ /e-2dj6wjnyonc5sko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyooc5oeo.stats.esomniture[2].txt [ /e-2dj6wjnyooc5oeo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopaziko.stats.esomniture[2].txt [ /e-2dj6wjnyopaziko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopc5gco.stats.esomniture[2].txt [ /e-2dj6wjnyopc5gco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqgcpmgo.stats.esomniture[2].txt [ /e-2dj6wjnyqgcpmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqpc5ieo.stats.esomniture[2].txt [ /e-2dj6wjnyqpc5ieo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnywgcjgdq.stats.esomniture[2].txt [ /e-2dj6wjnywgcjgdq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoejcpofo.stats.esomniture[2].txt [ /e-2dj6wmkoejcpofo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoeoazweo.stats.esomniture[2].txt [ /e-2dj6wmkoeoazweo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4qjc5ocq.stats.esomniture[2].txt [ /e-2dj6wml4qjc5ocq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4ugcpiap.stats.esomniture[2].txt [ /e-2dj6wml4ugcpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wnmywpdpkeq.stats.esomniture[2].txt [ /e-2dj6wnmywpdpkeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@earthlink.122.2o7[2].txt [ /earthlink.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@edgeadx[2].txt [ /edgeadx ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-emmiscommunications.hitbox[2].txt [ /ehg-emmiscommunications.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-mgnlimited.hitbox[1].txt [ /ehg-mgnlimited.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@enterprisemediagroup.112.2o7[1].txt [ /enterprisemediagroup.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@entrepreneur[2].txt [ /entrepreneur ]
C:\Documents and Settings\BCB\Cookies\bcb@eveningpostdigital.112.2o7[1].txt [ /eveningpostdigital.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@ewstv.112.2o7[1].txt [ /ewstv.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@examinercom.122.2o7[1].txt [ /examinercom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@f.blogads[1].txt [ /f.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@f2network.112.2o7[1].txt [ /f2network.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@fim.122.2o7[1].txt [ /fim.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@find.myrecipes[1].txt [ /find.myrecipes ]
C:\Documents and Settings\BCB\Cookies\bcb@findarticles[2].txt [ /findarticles ]
C:\Documents and Settings\BCB\Cookies\bcb@findlinks.addresses[2].txt [ /findlinks.addresses ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.adn[2].txt [ /findnsave.adn ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.mercedsunstar[1].txt [ /findnsave.mercedsunstar ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.thenewstribune[1].txt [ /findnsave.thenewstribune ]
C:\Documents and Settings\BCB\Cookies\bcb@firsttracksonline[1].txt [ /firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@forum.rotator.hadj7.adjuggler[2].txt [ /forum.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@foxinteractivemedia.122.2o7[1].txt [ /foxinteractivemedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@friendquestions[1].txt [ /friendquestions ]
C:\Documents and Settings\BCB\Cookies\bcb@g.blogads[2].txt [ /g.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[1].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[2].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@generalelectric.112.2o7[1].txt [ /generalelectric.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@gsicace.112.2o7[1].txt [ /gsicace.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hammacher.112.2o7[1].txt [ /hammacher.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@harpo.122.2o7[1].txt [ /harpo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@haymarketbusinesspublications.122.2o7[1].txt [ /haymarketbusinesspublications.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@healthgrades.112.2o7[1].txt [ /healthgrades.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearst.112.2o7[1].txt [ /hearst.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@highbeam.122.2o7[1].txt [ /highbeam.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@htmlgear.tripod[1].txt [ /htmlgear.tripod ]
C:\Documents and Settings\BCB\Cookies\bcb@hurricanetrack[1].txt [ /hurricanetrack ]
C:\Documents and Settings\BCB\Cookies\bcb@idfact.adservinginternational[2].txt [ /idfact.adservinginternational ]
C:\Documents and Settings\BCB\Cookies\bcb@idgenterprise.112.2o7[1].txt [ /idgenterprise.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@imagevenue.advertserve[2].txt [ /imagevenue.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@imrworldwide[1].txt [ /imrworldwide ]
C:\Documents and Settings\BCB\Cookies\bcb@in.getclicky[1].txt [ /in.getclicky ]
C:\Documents and Settings\BCB\Cookies\bcb@inl.adbureau[2].txt [ /inl.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@interchangecorporation.122.2o7[1].txt [ /interchangecorporation.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\BCB\Cookies\bcb@ipcmedia.122.2o7[1].txt [ /ipcmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@journalregistercompany.122.2o7[1].txt [ /journalregistercompany.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@jra.advertserve[1].txt [ /jra.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@kontera[1].txt [ /kontera ]
C:\Documents and Settings\BCB\Cookies\bcb@leeenterprises.112.2o7[1].txt [ /leeenterprises.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[10].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[11].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[8].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[9].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@lockedonmedia[2].txt [ /lockedonmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[3].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[4].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@magellan.highcountrync[1].txt [ /magellan.highcountrync ]
C:\Documents and Settings\BCB\Cookies\bcb@media.angelfire.lycos[1].txt [ /media.angelfire.lycos ]
C:\Documents and Settings\BCB\Cookies\bcb@media.mtvnservices[2].txt [ /media.mtvnservices ]
C:\Documents and Settings\BCB\Cookies\bcb@media.theage.com[1].txt [ /media.theage.com ]
C:\Documents and Settings\BCB\Cookies\bcb@media.www.deltacollegian[2].txt [ /media.www.deltacollegian ]
C:\Documents and Settings\BCB\Cookies\bcb@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\BCB\Cookies\bcb@mediadecoder.blogs.nytimes[2].txt [ /mediadecoder.blogs.nytimes ]
C:\Documents and Settings\BCB\Cookies\bcb@mediaonenetwork[1].txt [ /mediaonenetwork ]
C:\Documents and Settings\BCB\Cookies\bcb@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@mlbam.112.2o7[1].txt [ /mlbam.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@molawyersmedia[1].txt [ /molawyersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@montgomeryadvertiser[1].txt [ /montgomeryadvertiser ]
C:\Documents and Settings\BCB\Cookies\bcb@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nandomedia.112.2o7[1].txt [ /nandomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@netcentral.advertserve[1].txt [ /netcentral.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@network.alluremedia.com[2].txt [ /network.alluremedia.com ]
C:\Documents and Settings\BCB\Cookies\bcb@newsday.122.2o7[1].txt [ /newsday.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@newsquestdigitalmedia.122.2o7[1].txt [ /newsquestdigitalmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nexstar.122.2o7[1].txt [ /nexstar.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@northjersey.112.2o7[1].txt [ /northjersey.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pajamasmedia[1].txt [ /pajamasmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pennwellcorp.112.2o7[1].txt [ /pennwellcorp.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pentonmedia.122.2o7[1].txt [ /pentonmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@piercecountyherald[3].txt [ /piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@pmamedia.sitescout[1].txt [ /pmamedia.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@premiumtv.122.2o7[2].txt [ /premiumtv.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@r.unicornmedia[1].txt [ /r.unicornmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@rainbowmedia.122.2o7[1].txt [ /rainbowmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@rogersmedia[1].txt [ /rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@samsclub.112.2o7[1].txt [ /samsclub.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoadmc.122.2o7[1].txt [ /saxoadmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoeverett.122.2o7[1].txt [ /saxoeverett.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxofosters.122.2o7[1].txt [ /saxofosters.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxotoledo.122.2o7[1].txt [ /saxotoledo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@skinsecretsexposed[2].txt [ /skinsecretsexposed ]
C:\Documents and Settings\BCB\Cookies\bcb@smokinggun.122.2o7[1].txt [ /smokinggun.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@sonyelectronicssupportus.112.2o7[1].txt [ /sonyelectronicssupportus.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@specificmedia[2].txt [ /specificmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@sportingnews.122.2o7[1].txt [ /sportingnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stat.onestat[2].txt [ /stat.onestat ]
C:\Documents and Settings\BCB\Cookies\bcb@stateofgeorgia.122.2o7[1].txt [ /stateofgeorgia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stats-newyork1.bloxcms[3].txt [ /stats-newyork1.bloxcms ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.dallasnews[1].txt [ /stats.dallasnews ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.hostclear[1].txt [ /stats.hostclear ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.justhost[1].txt [ /stats.justhost ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.synapa[1].txt [ /stats.synapa ]
C:\Documents and Settings\BCB\Cookies\bcb@statsadv.dadapro[1].txt [ /statsadv.dadapro ]
C:\Documents and Settings\BCB\Cookies\bcb@stocks.advertserve[1].txt [ /stocks.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@stpetersburgtimes.122.2o7[1].txt [ /stpetersburgtimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@surveymonkey.122.2o7[1].txt [ /surveymonkey.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tangomedia.112.2o7[1].txt [ /tangomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@thecountdownclock[2].txt [ /thecountdownclock ]
C:\Documents and Settings\BCB\Cookies\bcb@timeinc.122.2o7[1].txt [ /timeinc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@timesofindia.indiatimes[2].txt [ /timesofindia.indiatimes ]
C:\Documents and Settings\BCB\Cookies\bcb@torstardigital.122.2o7[1].txt [ /torstardigital.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.foxnews[2].txt [ /tracking.foxnews ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.hostgator[2].txt [ /tracking.hostgator ]
C:\Documents and Settings\BCB\Cookies\bcb@trackit.sitescout[2].txt [ /trackit.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@traffic.prod.cobaltgroup[1].txt [ /traffic.prod.cobaltgroup ]
C:\Documents and Settings\BCB\Cookies\bcb@tribuneinteractive.122.2o7[1].txt [ /tribuneinteractive.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trinitymirror.112.2o7[1].txt [ /trinitymirror.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trvlnet.adbureau[1].txt [ /trvlnet.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@twc.rotator.hadj7.adjuggler[2].txt [ /twc.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@twctsg.122.2o7[1].txt [ /twctsg.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usatoday1.112.2o7[1].txt [ /usatoday1.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usnews.122.2o7[1].txt [ /usnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@videoegg.adbureau[1].txt [ /videoegg.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@vpmc.122.2o7[1].txt [ /vpmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@walmart.112.2o7[1].txt [ /walmart.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@webmasterplan[2].txt [ /webmasterplan ]
C:\Documents and Settings\BCB\Cookies\bcb@wpni.112.2o7[1].txt [ /wpni.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.3dstats ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.seeclickfix ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.visitor-track ]
C:\Documents and Settings\BCB\Cookies\bcb@www3.addfreestats[2].txt [ /www3.addfreestats ]
C:\Documents and Settings\BCB\Cookies\bcb@xiti[1].txt [ /xiti ]
C:\Documents and Settings\BCB\Cookies\bcb@yieldmanager[2].txt [ /yieldmanager ]
C:\Documents and Settings\BCB\Cookies\bcb@zbox.zanox[1].txt [ /zbox.zanox ]
C:\Documents and Settings\BCB\Cookies\CLKDNZQR.txt [ /at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\AMRKM6AW.txt [ /imrworldwide.com ]
C:\Documents and Settings\BCB\Cookies\0JNUFLBS.txt [ /ads.pointroll.com ]
C:\Documents and Settings\BCB\Cookies\YQT14NC0.txt [ /a1.interclick.com ]
C:\Documents and Settings\BCB\Cookies\OEXR9DTC.txt [ /lucidmedia.com ]
C:\Documents and Settings\BCB\Cookies\DKU7UT6J.txt [ /c.atdmt.com ]
C:\Documents and Settings\BCB\Cookies\KV8K2OAZ.txt [ /findnsave.sacbee.com ]
C:\Documents and Settings\BCB\Cookies\BSJL0C3B.txt [ /adxpose.com ]
C:\Documents and Settings\BCB\Cookies\H3S983XE.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\BCB\Cookies\7J75M1ZH.txt [ /ads.adultwebads.net ]
C:\Documents and Settings\BCB\Cookies\MLZP9U29.txt [ /advertising.com ]
C:\Documents and Settings\BCB\Cookies\EHV58CFM.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\MIWVLFBY.txt [ /zedo.com ]
C:\Documents and Settings\BCB\Cookies\VH97S1L4.txt [ /pointroll.com ]
C:\Documents and Settings\BCB\Cookies\ZWA7KB2S.txt [ /tribalfusion.com ]
C:\Documents and Settings\BCB\Cookies\4XSW59P2.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\BCB\Cookies\HK7EOQQU.txt [ /insightexpressai.com ]
C:\Documents and Settings\BCB\Cookies\C5NHM6C1.txt [ /yieldmanager.net ]
C:\Documents and Settings\BCB\Cookies\DQKDC9PU.txt [ /invitemedia.com ]
C:\Documents and Settings\BCB\Cookies\40E3QHFO.txt [ /apmebf.com ]
C:\Documents and Settings\BCB\Cookies\KO0CUATR.txt [ /saymedia.com ]
C:\Documents and Settings\BCB\Cookies\MYZ20EY3.txt [ /histats.com ]
C:\Documents and Settings\BCB\Cookies\89YSJM8L.txt [ /burstnet.com ]
C:\Documents and Settings\BCB\Cookies\22SSNTTG.txt [ /network.realmedia.com ]
C:\Documents and Settings\BCB\Cookies\XUA1KXLT.txt [ /www.burstnet.com ]
C:\Documents and Settings\BCB\Cookies\SDODJWYR.txt [ /adinterax.com ]
C:\Documents and Settings\BCB\Cookies\TTBHUCXW.txt [ /statcounter.com ]
C:\Documents and Settings\BCB\Cookies\HEN3T7WS.txt [ /collective-media.net ]
C:\Documents and Settings\BCB\Cookies\XG7OU6N9.txt [ /ads.cnn.com ]
C:\Documents and Settings\BCB\Cookies\G8IGRR48.txt [ /overture.com ]
C:\Documents and Settings\BCB\Cookies\XA32JZ42.txt [ /doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\I2CCLK7F.txt [ /media6degrees.com ]
C:\Documents and Settings\BCB\Cookies\VVWC2W7K.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\BCB\Cookies\EIASTTSX.txt [ /ads.undertone.com ]
C:\Documents and Settings\BCB\Cookies\JRGKBDG8.txt [ /fastclick.net ]
C:\Documents and Settings\BCB\Cookies\J2QW3FU5.txt [ /2o7.net ]
C:\Documents and Settings\BCB\Cookies\5F62HV28.txt [ /realmedia.com ]
C:\Documents and Settings\BCB\Cookies\GRNJZLJ5.txt [ /legolas-media.com ]
C:\Documents and Settings\BCB\Cookies\A83UDHJ9.txt [ /revsci.net ]
C:\Documents and Settings\BCB\Cookies\S9NFIXUS.txt [ /questionmarket.com ]
C:\Documents and Settings\BCB\Cookies\YXVNBLWB.txt [ /kanoodle.com ]
C:\Documents and Settings\BCB\Cookies\PSC7NFMQ.txt [ /adbrite.com ]
C:\Documents and Settings\BCB\Cookies\39JRSRFM.txt [ /accounts.google.com ]
C:\Documents and Settings\BCB\Cookies\4A0GVPUL.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\BCB\Cookies\FX5XJRJZ.txt [ /serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\GHXVZY78.txt [ /casalemedia.com ]
C:\Documents and Settings\BCB\Cookies\GBJH2GZI.txt [ /mediaplex.com ]
C:\Documents and Settings\BCB\Cookies\S2TXIUC6.txt [ /interclick.com ]
C:\Documents and Settings\BCB\Cookies\EUWZQYCW.txt [ /pro-market.net ]
C:\Documents and Settings\BCB\Cookies\N08DDUXN.txt [ /ru4.com ]
C:\Documents and Settings\BCB\Cookies\JUHCZS7U.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\GK59DQDE.txt [ /atdmt.com ]
C:\Documents and Settings\BCB\Cookies\N2M7N696.txt [ /specificclick.net ]
C:\Documents and Settings\BCB\Cookies\GCQ7O1PQ.txt [ /ads.wheresgeorge.com ]
C:\Documents and Settings\BCB\Cookies\JNB0BVUN.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\BCB\Cookies\NE4SAKNV.txt [ /earthlink.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\I1BF3VQO.txt [ /rtst.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\H599CV5W.txt [ /ads.gainesvilletimes.com ]
C:\Documents and Settings\BCB\Cookies\AA3LVW9N.txt [ /countrymusic.about.com ]
C:\Documents and Settings\BCB\Cookies\58WSV02I.txt [ /mycountdown.org ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\2BU671Q0.txt [ Cookie:bcb@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\35IB4D6E.txt [ Cookie:bcb@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\DH01I0U4.txt [ Cookie:bcb@[You must be registered and logged in to see this link.] ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkyaocjefo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcmiumcpefp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4elc5kfo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.earthlink.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VBLRHRP5 ]

Trojan.Agent/Gen-Frauder
C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\TEMP\79B.TMP

by Hobo on Thu 23 Aug 2012, 2:52 am

After scan completed was not able to follow instructions given. No choice to quarantine selected items. Only choices were "Manage Allowed Items", "View Scan Log", "Remove Threats", "Cancel".

Closed SuperAntiSpyware, rebooted and moved on to Malwarebytes.

Installed Malwarebytes but did not appear to update from update file downloaded to thumb drive on another computer.

Malwarebytes scan log below:

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
BCB :: TOSHIBA-USER [administrator]

8/22/2012 1:00:32 AM
mbam-log-2012-08-22 (01-00-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391263
Time elapsed: 3 hour(s), 19 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\SuperAntiSpyware\Updates\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)

by Hobo on Thu 23 Aug 2012, 3:02 am

NOTE

Phony antivirus program now resident on my laptop.

SpeedyPC Pro

Created August 18, 2012 7:40:55 PM
Has a desktop shortcut and appeared in tray before Malwarebytes deleted malicious files.

SpeedyPC Pro appears to still be installed on laptop. It is still included on the list of installed programs although it does not appear in my tray at the moment.

Malwarebytes does not appear to find anything suspicious about SpeedyPC Pro.

I will now await further instructions.

Also, I uninstalled SpywareHunter4 after completing the above steps.

by Hobo on Thu 23 Aug 2012, 3:27 am

TrendMicro Titanium continues to block attempts to connect to several sites.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

These attempts have slowed down to about one attempt every two minutes as compared to two attempts per minutes earlier.

I took a photo of my laptop screen when the SpeedyPC Pro was running. How do I upload the photo so you can see it?

by **Superdave** on Thu 23 Aug 2012, 6:00 am

SuperAntiSpyware update file later found by Malwarebytes to be infected!!

How are you transferring the programs from the library to your computer; USB or CD?

Those sites are non-existant.

I took a photo of my laptop screen when the SpeedyPC Pro was running. How do I upload the photo so you can see it?

How to post screenshots or images

SpeedyPC Pro is just a nuisance program which is useless. You can uninstall it.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

by Hobo on Thu 23 Aug 2012, 6:16 am

Superdave wrote:
SuperAntiSpyware update file later found by Malwarebytes to be infected!!
How are you transferring the programs from the library to your computer; USB or CD?

USB (thumb drive). I don't think I am able to burn a CD on the library's computer but I will find out and will do that if it is possible.

by Hobo on Thu 23 Aug 2012, 8:42 am

Security Check by screen 317 log:

Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
AOL Spyware Protection
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 9.0.115.0 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (3.0.10) Firefox out of Date!
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
BCB Desktop Aug 2012 espeak911 virus SecurityCheck\Screen317 SecurityCheck\SecurityCheck.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

ComboFix log:

ComboFix 12-08-22.03 - BCB 08/22/2012 15:00:36.2.2 - x86
Running from: c:\documents and settings\BCB\Desktop\Aug 2012 espeak911 virus\ComboFix\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\BCB\WINDOWS
c:\documents and settings\Default User\WINDOWS
C:\Internet Explorer
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\service
c:\windows\system32\service\02102010_TIS17_SfFniAU.log
c:\windows\system32\service\06122010_TIS17_SfFniAU.log
c:\windows\system32\service\25012011_TIS17_SfFniAU.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 06:45 . 2012-08-22 06:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-22 06:45 . 2012-07-03 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 01:25 . 2012-08-22 01:25 -------- d-----w- c:\documents and settings\BCB\Application Data\SUPERAntiSpyware.com
2012-08-22 01:25 . 2012-08-22 01:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-22 01:25 . 2012-08-22 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-19 01:59 . 2012-08-19 01:59 -------- d-----w- c:\program files\Enigma Software Group
2012-08-19 01:58 . 2012-08-22 15:05 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-19 01:58 . 2012-08-19 01:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-19 01:41 . 2012-08-19 01:41 -------- d-----w- c:\documents and settings\BCB\Application Data\DriverCure
2012-08-19 01:41 . 2012-08-19 01:41 -------- d-----w- c:\documents and settings\BCB\Application Data\SpeedyPC Software
2012-08-19 01:40 . 2012-08-22 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-08-17 04:32 . 2012-08-20 03:44 -------- d-----w- C:\2012 Election
2012-07-29 06:35 . 2012-07-29 06:36 -------- d-----w- C:\Barber Shop
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 19:45 . 2012-04-16 16:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 19:45 . 2011-05-20 01:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2006-07-19 00:46 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2006-07-19 02:32 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2006-07-19 00:48 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-07-19 00:48 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-07-19 00:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-07-19 00:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-07-19 00:47 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2008-08-21 19:40 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-07-19 00:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-07-19 00:47 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-03 16:44 . 2011-05-30 04:51 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-06-02 21:19 . 2007-07-31 01:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2007-07-31 01:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2006-07-19 02:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2006-07-19 02:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2006-07-19 02:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2007-07-31 01:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2007-07-31 01:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2006-07-19 02:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2006-07-19 02:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2006-07-19 00:46 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2007-07-31 01:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2006-07-19 02:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2006-07-19 02:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-07-19 00:46 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TFncKy"="TFncKy.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2006-01-20 1122412]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2007-01-17 46632]
"ScanSoft PDF Professional 4-reminder"="c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" [2006-11-16 35368]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-12 18782720]
"T3Mon"="c:\program files\FLIR Systems\QuickView\T3Mon.exe" [2004-04-26 266240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-07-22 296096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153363098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FLIR Systems\\QuickView\\QuickView.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/5/2012 2:05 PM 68368]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 12:50 PM 98816]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [3/5/2007 10:16 PM 16194]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/5/2012 1:57 PM 200632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2011 10:53 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 10:16 AM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/17/2010 5:05 PM 1684736]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [6/17/2010 12:22 PM 23456]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FLIRUSBNET;FLIR USB Network Adapter;c:\windows\system32\drivers\FLIRUSB.sys [9/19/2003 2:08 PM 20992]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2011 10:53 AM 136176]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [3/5/2007 10:16 PM 449888]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 10:52 AM 176384]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 9:29 PM 32408]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:45]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 16:52]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 16:52]
.
2012-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 18:00]
.
2012-08-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 18:00]
.
2012-08-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 709e9f33-52d1-40f1-b122-75da7806aae9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a075a8e1-dbe1-49dc-892b-e2b5118fde95.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
FF - ProfilePath - c:\documents and settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-HijackThis - c:\documents and settings\BCB\Desktop\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-08-22 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: HTS541080G9SA00 rev.MB4OC60R -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A3E42E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\WININET.dll
.
Completion time: 2012-08-22 15:18:55
ComboFix-quarantined-files.txt 2012-08-22 21:18
ComboFix2.txt 2010-09-10 07:22
.
Pre-Run: 12,618,219,520 bytes free
Post-Run: 13,432,659,968 bytes free
.
- - End Of File - - 6242428104C6671AE43CBC37B14C0174

NOTE:

Malware continues to attempt to connect to the three non-existant sites about once every two minutes.

System appears to heve slowed down after running Security Check and ComboFix.

by **Superdave** on Fri 24 Aug 2012, 6:30 am

USB (thumb drive). I don't think I am able to burn a CD on the library's computer but I will find out and will do that if it is possible.

Your thumb drive could be infected.
Why do you still have to use the computer at the library? Can't you get on-line with your computer?

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

by Hobo on Fri 24 Aug 2012, 11:30 am

[quote="Superdave"]

Why do you still have to use the computer at the library? Can't you get on-line with your computer?

I am able to get on-line now.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-23 18:20:27
-----------------------------
18:20:27.734 OS Version: Windows 5.1.2600 Service Pack 3
18:20:27.734 Number of processors: 2 586 0xE08
18:20:27.734 ComputerName: TOSHIBA-USER UserName: BCB
18:20:31.312 Initialize success
18:20:59.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:20:59.624 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
18:20:59.624 Device \Driver\atapi -> DriverStartIo 8a68a2e2
18:20:59.624 Disk 0 MBR read successfully
18:20:59.624 Disk 0 MBR scan
18:20:59.624 Disk 0 Windows XP default MBR code
18:20:59.624 Disk 0 MBR hidden
18:20:59.624 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
18:20:59.640 Disk 0 scanning sectors +156296385
18:20:59.687 Disk 0 scanning C:\WINDOWS\system32\drivers
18:21:09.734 Service scanning
18:21:30.312 Modules scanning
18:21:38.406 Disk 0 trace - called modules:
18:21:38.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a68a4b1]<<
18:21:38.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a76fab8]
18:21:38.421 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008d[0x8a730268]
18:21:38.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a773940]
18:21:38.421 \Driver\atapi[0x8a74b218] -> IRP_MJ_CREATE -> 0x8a68a4b1
18:21:38.421 Scan finished successfully
18:24:22.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR_8-23\Log\MBR.dat"
18:24:22.312 The log file has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR_8-23\Log\aswMBR.txt"

by **Superdave** on Fri 24 Aug 2012, 11:55 am

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

***************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

by Hobo on Fri 24 Aug 2012, 2:15 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 9B4D5000
Module End: 9B4ED000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: 9BD23000
Module End: 9BD25000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: 8A470C34
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateMutant
Address: 8A63473C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcess
Address: 8A18122C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcessEx
Address: 8A2A474C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 8A2F21E4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 8A1ED354
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: 8A45EEDC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: 8A44DC14
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDuplicateObject
Address: 8A14809C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 8A2D084C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 8A315184
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 8A2BD334
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 8A31D324
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRenameKey
Address: 8A4720B4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: 8A4727B4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 8A3F8F54
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: 8A42A0EC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8A29FAA4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 8A52B0FC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 8A3EF6E4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: PsGetThreadWin32Thread
At Address: 804E6BFC
Jump To: F5806135
Module Name: _unknown_

Hooked Function: PsGetProcessWin32Process
At Address: 804E6BFC
Jump To: F5806135
Module Name: _unknown_

Hooked Function: PsGetCurrentProcessSessionId
At Address: 804EA47C
Jump To: 72CF044B
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

by Hobo on Fri 24 Aug 2012, 3:14 pm

I am currently able to get on-line and go to google.com (and Google News) but I cannot:

* sign in at Google
* conduct a search on Google

by **Superdave** on Sat 25 Aug 2012, 6:24 am

I am currently able to get on-line and go to google.com (and Google News) but I cannot:

* sign in at Google
* conduct a search on Google

You might try uninstalling and re-installing Google.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

by Hobo on Sat 25 Aug 2012, 11:38 am

Results of ESET scan:

No threats found. No report to generate or post.

I am still infected because the malware continues to try to connect to the three nonexistant web sites.

by **Superdave** on Sat 25 Aug 2012, 12:28 pm

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:: :OTL IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz= :COMMANDS [resethosts] [purity] [start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

by Hobo on Sat 25 Aug 2012, 1:03 pm

OTL logfile created on: 8/24/2012 7:49:15 PM - Run 4
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.27% Memory free
2.58 Gb Paging File | 1.90 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 11.90 Gb Free Space | 15.97% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: BCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 18:02:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL\OTL.com
PRC - [2012/07/22 09:43:39 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/02/27 07:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 14:58:12 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/08/02 14:58:12 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/08/02 17:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/03 03:07:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/07/03 02:57:04 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/07/02 23:50:32 | 000,700,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 13:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2006/04/25 18:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/16 14:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/03/02 16:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 13:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2006/01/20 16:14:20 | 001,122,412 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
PRC - [2005/12/16 03:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/05 23:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/08/16 12:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/21 19:38:24 | 000,901,120 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/04/26 13:26:14 | 000,266,240 | ---- | M] (FLIR Systems) -- C:\Program Files\FLIR Systems\QuickView\T3Mon.exe
PRC - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/02 14:58:14 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2011/08/02 14:58:14 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2011/08/02 14:58:12 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/08/02 14:58:12 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2011/08/02 14:58:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2006/07/02 23:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 23:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 15:07:08 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/01/17 19:52:10 | 000,659,456 | ---- | M] () -- C:\Program Files\NETGEAR\WG511SCU\Utility\UIResource.dll
MOD - [2006/01/04 19:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/23 15:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2004/07/20 18:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2004/04/26 13:25:16 | 000,003,584 | ---- | M] () -- c:\Program Files\FLIR Systems\QuickView\Resources\T3Mon.En

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/08/14 13:45:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BCB\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/08/02 14:58:24 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 05:14:08 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/07/12 05:13:54 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/07/12 05:13:42 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/06/17 12:22:52 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/04/14 21:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/11/16 18:34:26 | 005,955,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/03/30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/08/25 17:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/22 11:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/13 11:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/03 01:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/28 17:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 12:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 17:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/03/18 08:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 19:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 15:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 15:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/07/25 18:48:36 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg511nd5.sys -- (NETGEAR_WG511_SERVICE)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 14:08:20 | 000,020,992 | ---- | M] (FLIR Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FLIRUSB.sys -- (FLIRUSBNET)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/11 19:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/27 07:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/03/05 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/27 07:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/22 09:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 09:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/23 20:43:12 | 000,000,000 | ---D | M]

[2009/10/14 00:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/23 20:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/05 03:15:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/25 16:39:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/08/23 20:43:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/07/22 09:44:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/08/23 20:42:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1464\6.6.1081\FIREFOXEXTENSION
[2012/07/22 09:43:48 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/08/22 15:13:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe ( )
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft PDF Professional 4-reminder] C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [T3Mon] C:\Program Files\FLIR Systems\QuickView\T3Mon.exe (FLIR Systems)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_34)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_34)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD89D79-D72C-4FB1-95C4-33FDAF4732F2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 20:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 13:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/23 20:43:12 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/23 20:43:12 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/23 20:43:12 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/23 20:43:11 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/23 19:54:40 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/23 19:45:50 | 000,000,000 | ---D | C] -- C:\Java
[2012/08/22 14:56:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/22 14:56:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/22 14:56:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/22 14:56:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/22 14:55:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/22 00:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/22 00:45:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/22 00:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/21 19:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\SUPERAntiSpyware.com
[2012/08/21 19:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/08/21 19:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/08/21 19:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/19 17:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus
[2012/08/18 19:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/18 19:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/08/18 19:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\DriverCure
[2012/08/18 19:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\SpeedyPC Software
[2012/08/18 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/08/18 09:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/18 09:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/16 22:32:09 | 000,000,000 | ---D | C] -- C:\2012 Election
[2012/08/05 19:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\My Documents\Backup IE and Outlook Express
[2012/07/29 00:35:55 | 000,000,000 | ---D | C] -- C:\Barber Shop
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/24 19:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/24 19:26:01 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a075a8e1-dbe1-49dc-892b-e2b5118fde95.job
[2012/08/24 19:12:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/24 12:06:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/08/24 11:48:31 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/24 11:48:10 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/24 11:48:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/24 11:48:00 | 2137,034,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/23 21:09:52 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/23 20:42:49 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/23 20:42:49 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/23 20:42:49 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/23 20:42:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/23 20:42:48 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/23 20:42:48 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/23 20:07:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/23 19:54:00 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/22 23:23:35 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\Microsoft Excel.lnk
[2012/08/22 15:13:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/22 10:16:02 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/22 02:00:05 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 709e9f33-52d1-40f1-b122-75da7806aae9.job
[2012/08/22 00:57:41 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 19:25:16 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/21 18:22:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/16 12:37:59 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 02:34:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 13:45:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 13:45:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/28 23:40:07 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/07/26 11:21:08 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/22 14:56:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/22 14:56:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/22 14:56:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/22 14:56:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/22 14:56:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/22 00:45:56 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 19:26:21 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a075a8e1-dbe1-49dc-892b-e2b5118fde95.job
[2012/08/21 19:26:20 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 709e9f33-52d1-40f1-b122-75da7806aae9.job
[2012/08/21 19:25:16 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/20 12:28:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/17 21:18:32 | 000,034,776 | ---- | C] () -- C:\WINDOWS\System32\ClientPropertyPageLIB.dll
[2012/05/17 21:16:58 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2012/05/17 21:16:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2012/05/17 21:16:55 | 012,033,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2012/05/17 21:16:54 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2012/05/17 21:16:54 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2012/03/05 13:59:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2011/05/29 22:51:09 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/09/10 03:02:42 | 000,003,033 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/22 23:54:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\housecall.guid.cache
[2010/08/15 01:02:02 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml
[2008/02/13 01:50:36 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2006/12/14 03:02:10 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 03:02:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\fusioncache.dat

========== Custom Scans ==========

< :OTL >

< >

< IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} >

< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.] >

< IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.] >

< IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5} >

< IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.] >

< IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = [You must be registered and logged in to see this link.] >

< >

< :COMMANDS >

< [resethosts] >

< [purity] >

< [start explorer] >

< >

< >

< End of report >

by Hobo on Sun 26 Aug 2012, 3:56 am

Laptop has frozen a couple of times the last day or two.

SAS scan indicates Trojan.Agent/Gen-Nullo[Short]

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 08/25/2012 at 05:12 AM

Application Version : 5.5.1012

Core Rules Database Version : 9123
Trace Rules Database Version: 6935

Scan type : Complete Scan
Total Scan Time : 03:05:03

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 529
Memory threats detected : 0
Registry items scanned : 35497
Registry threats detected : 0
File items scanned : 126175
File threats detected : 399

Adware.Tracking Cookie
C:\Documents and Settings\BCB\Cookies\bcb@a.total-media[1].txt [ /a.total-media ]
C:\Documents and Settings\BCB\Cookies\bcb@ad-beta.thehill[1].txt [ /ad-beta.thehill ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.blockshopper[1].txt [ /ad.blockshopper ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.ench.kyodonews[1].txt [ /ad.ench.kyodonews ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.epochtimes[2].txt [ /ad.epochtimes ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.telegraf[1].txt [ /ad.telegraf ]
C:\Documents and Settings\BCB\Cookies\bcb@ad1.adtitan[1].txt [ /ad1.adtitan ]
C:\Documents and Settings\BCB\Cookies\bcb@ad4.adfarm1.adition[2].txt [ /ad4.adfarm1.adition ]
C:\Documents and Settings\BCB\Cookies\bcb@adcentriconline[2].txt [ /adcentriconline ]
C:\Documents and Settings\BCB\Cookies\bcb@adecn[1].txt [ /adecn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.abovetopsecret[1].txt [ /ads.abovetopsecret ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.apn.co[2].txt [ /ads.apn.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.artsopolis[1].txt [ /ads.artsopolis ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.bleepingcomputer[1].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.cnn[2].txt [ /ads.cnn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.coastalcourier[2].txt [ /ads.coastalcourier ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.comcorpusa[1].txt [ /ads.comcorpusa ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.dixcom[1].txt [ /ads.dixcom ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.foodbuzz[1].txt [ /ads.foodbuzz ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.heraldnet[1].txt [ /ads.heraldnet ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.imgur[2].txt [ /ads.imgur ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.madeinwork[2].txt [ /ads.madeinwork ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.mail[1].txt [ /ads.mail ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.n-ws[1].txt [ /ads.n-ws ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.news-gazette[2].txt [ /ads.news-gazette ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.oregonnewsjournal[2].txt [ /ads.oregonnewsjournal ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pgatour[2].txt [ /ads.pgatour ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pixiq[2].txt [ /ads.pixiq ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.react2media[2].txt [ /ads.react2media ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcmdb[1].txt [ /ads.tcmdb ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcm[1].txt [ /ads.tcm ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.telegraph.co[1].txt [ /ads.telegraph.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thefrisky[1].txt [ /ads.thefrisky ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thesmokinggun[1].txt [ /ads.thesmokinggun ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tmnetads[1].txt [ /ads.tmnetads ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.trutv[1].txt [ /ads.trutv ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.wabi[2].txt [ /ads.wabi ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.xtra[1].txt [ /ads.xtra ]
C:\Documents and Settings\BCB\Cookies\bcb@adserv.brandaffinity[1].txt [ /adserv.brandaffinity ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.clicklish[2].txt [ /adserver.clicklish ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.neworleans[2].txt [ /adserver.neworleans ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.nsadev[1].txt [ /adserver.nsadev ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.whiznews[1].txt [ /adserver.whiznews ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver2.news-journalonline[1].txt [ /adserver2.news-journalonline ]
C:\Documents and Settings\BCB\Cookies\bcb@advertising.goldseek[2].txt [ /advertising.goldseek ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.brighthouse[1].txt [ /adverts.brighthouse ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.timesofmalta[1].txt [ /adverts.timesofmalta ]
C:\Documents and Settings\BCB\Cookies\bcb@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\BCB\Cookies\bcb@allbritton.122.2o7[1].txt [ /allbritton.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@am-newyokmint-live.122.2o7[1].txt [ /am-newyokmint-live.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@amex-insights[1].txt [ /amex-insights ]
C:\Documents and Settings\BCB\Cookies\bcb@analytics.rogersmedia[1].txt [ /analytics.rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@apnonline.112.2o7[1].txt [ /apnonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@arkansasonline.112.2o7[1].txt [ /arkansasonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@asianmedia[2].txt [ /asianmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@atlanticmedia.122.2o7[1].txt [ /atlanticmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bannerads.forsythnews[2].txt [ /bannerads.forsythnews ]
C:\Documents and Settings\BCB\Cookies\bcb@banners.andomedia[2].txt [ /banners.andomedia ]
C:\Documents and Settings\BCB\Cookies\bcb@banners1.sninews[1].txt [ /banners1.sninews ]
C:\Documents and Settings\BCB\Cookies\bcb@bassproshops.122.2o7[1].txt [ /bassproshops.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@beacon.dmsinsights[1].txt [ /beacon.dmsinsights ]
C:\Documents and Settings\BCB\Cookies\bcb@beacons.hottraffic[1].txt [ /beacons.hottraffic ]
C:\Documents and Settings\BCB\Cookies\bcb@bellglobemediapublishing.122.2o7[1].txt [ /bellglobemediapublishing.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@biglots.112.2o7[1].txt [ /biglots.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@blethenmaine.112.2o7[1].txt [ /blethenmaine.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bluemango.solution.weborama[2].txt [ /bluemango.solution.weborama ]
C:\Documents and Settings\BCB\Cookies\bcb@bonniercorp.122.2o7[1].txt [ /bonniercorp.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@brighthouse.122.2o7[1].txt [ /brighthouse.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@buycom.122.2o7[1].txt [ /buycom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@c.gigcount[1].txt [ /c.gigcount ]
C:\Documents and Settings\BCB\Cookies\bcb@canoe.112.2o7[1].txt [ /canoe.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@care2.112.2o7[1].txt [ /care2.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbcnewmedia.112.2o7[1].txt [ /cbcnewmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbsdigitalmedia.112.2o7[1].txt [ /cbsdigitalmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn1.trafficmp[1].txt [ /cdn1.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn4.specificclick[2].txt [ /cdn4.specificclick ]
C:\Documents and Settings\BCB\Cookies\bcb@centralmediaserver[2].txt [ /centralmediaserver ]
C:\Documents and Settings\BCB\Cookies\bcb@chicagosuntimes.122.2o7[1].txt [ /chicagosuntimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@click2houston[2].txt [ /click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@clickbooth[1].txt [ /clickbooth ]
C:\Documents and Settings\BCB\Cookies\bcb@clickondetroit[1].txt [ /clickondetroit ]
C:\Documents and Settings\BCB\Cookies\bcb@cmn.adbureau[2].txt [ /cmn.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@cms.trafficmp[1].txt [ /cms.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@csm.rotator.hadj7.adjuggler[2].txt [ /csm.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@dailyheraldpaddockpublication.112.2o7[1].txt [ /dailyheraldpaddockpublication.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@dmtracker[2].txt [ /dmtracker ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aek4sgczcao.stats.esomniture[2].txt [ /e-2dj6aek4sgczcao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekiqidjmgp.stats.esomniture[2].txt [ /e-2dj6aekiqidjmgp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekoslcjagp.stats.esomniture[2].txt [ /e-2dj6aekoslcjagp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekygkajidq.stats.esomniture[2].txt [ /e-2dj6aekygkajidq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykmazalp.stats.esomniture[2].txt [ /e-2dj6aekykmazalp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykoajwgq.stats.esomniture[1].txt [ /e-2dj6aekykoajwgq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekyukdpwep.stats.esomniture[2].txt [ /e-2dj6aekyukdpwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aelielczmlo.stats.esomniture[1].txt [ /e-2dj6aelielczmlo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aeliklcjwkp.stats.esomniture[2].txt [ /e-2dj6aeliklcjwkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wakokhdpidp.stats.esomniture[2].txt [ /e-2dj6wakokhdpidp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6walogjdzmfo.stats.esomniture[2].txt [ /e-2dj6walogjdzmfo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wamysod5gap.stats.esomniture[2].txt [ /e-2dj6wamysod5gap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wbliojdjedp.stats.esomniture[2].txt [ /e-2dj6wbliojdjedp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wckycgdzecq.stats.esomniture[2].txt [ /e-2dj6wckycgdzecq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wcl4woc5mdp.stats.esomniture[2].txt [ /e-2dj6wcl4woc5mdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdkiagcjako.stats.esomniture[2].txt [ /e-2dj6wdkiagcjako.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdlionazmkp.stats.esomniture[2].txt [ /e-2dj6wdlionazmkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdmigiazadp.stats.esomniture[2].txt [ /e-2dj6wdmigiazadp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4ehcpcgo.stats.esomniture[2].txt [ /e-2dj6wfk4ehcpcgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4qpc5mbp.stats.esomniture[2].txt [ /e-2dj6wfk4qpc5mbp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkicjazsho.stats.esomniture[1].txt [ /e-2dj6wfkicjazsho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkygjczogp.stats.esomniture[2].txt [ /e-2dj6wfkygjczogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkyuiczkbq.stats.esomniture[2].txt [ /e-2dj6wfkyuiczkbq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfliuldpieq.stats.esomniture[2].txt [ /e-2dj6wfliuldpieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoaicjokq.stats.esomniture[2].txt [ /e-2dj6wgkoaicjokq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoomdpgfq.stats.esomniture[2].txt [ /e-2dj6wgkoomdpgfq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4khazwbo.stats.esomniture[2].txt [ /e-2dj6wjk4khazwbo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4kidjklp.stats.esomniture[2].txt [ /e-2dj6wjk4kidjklp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4ojazkao.stats.esomniture[2].txt [ /e-2dj6wjk4ojazkao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4uldpikq.stats.esomniture[1].txt [ /e-2dj6wjk4uldpikq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkokic5wdp.stats.esomniture[2].txt [ /e-2dj6wjkokic5wdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkoqid5clp.stats.esomniture[1].txt [ /e-2dj6wjkoqid5clp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajcdo.stats.esomniture[2].txt [ /e-2dj6wjkyanajcdo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajwep.stats.esomniture[2].txt [ /e-2dj6wjkyanajwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkycic5gho.stats.esomniture[2].txt [ /e-2dj6wjkycic5gho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyckdpklo.stats.esomniture[2].txt [ /e-2dj6wjkyckdpklo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkygpd5efq.stats.esomniture[2].txt [ /e-2dj6wjkygpd5efq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkykjc5efp.stats.esomniture[2].txt [ /e-2dj6wjkykjc5efp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyknczwgo.stats.esomniture[2].txt [ /e-2dj6wjkyknczwgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqndzwlp.stats.esomniture[2].txt [ /e-2dj6wjkyqndzwlp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqpc5ieq.stats.esomniture[2].txt [ /e-2dj6wjkyqpc5ieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyundpadq.stats.esomniture[2].txt [ /e-2dj6wjkyundpadq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkywkczaeq.stats.esomniture[1].txt [ /e-2dj6wjkywkczaeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4cncpiap.stats.esomniture[2].txt [ /e-2dj6wjl4cncpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4eic5ogp.stats.esomniture[2].txt [ /e-2dj6wjl4eic5ogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4qjdzibp.stats.esomniture[2].txt [ /e-2dj6wjl4qjdzibp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliegcpmhp.stats.esomniture[2].txt [ /e-2dj6wjliegcpmhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlikgajgho.stats.esomniture[2].txt [ /e-2dj6wjlikgajgho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliohd5mhq.stats.esomniture[1].txt [ /e-2dj6wjliohd5mhq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlychczggp.stats.esomniture[2].txt [ /e-2dj6wjlychczggp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlyemdzwao.stats.esomniture[2].txt [ /e-2dj6wjlyemdzwao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiohdzkhp.stats.esomniture[2].txt [ /e-2dj6wjmiohdzkhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiumczcco.stats.esomniture[2].txt [ /e-2dj6wjmiumczcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmychajcdp.stats.esomniture[1].txt [ /e-2dj6wjmychajcdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1gczab.stats.esomniture[1].txt [ /e-2dj6wjny-1gczab.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1pcjml.stats.esomniture[1].txt [ /e-2dj6wjny-1pcjml.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyagc5gao.stats.esomniture[1].txt [ /e-2dj6wjnyagc5gao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyamczmcq.stats.esomniture[2].txt [ /e-2dj6wjnyamczmcq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycldjahq.stats.esomniture[2].txt [ /e-2dj6wjnycldjahq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycndzcco.stats.esomniture[2].txt [ /e-2dj6wjnycndzcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycoajacp.stats.esomniture[1].txt [ /e-2dj6wjnycoajacp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycocpodp.stats.esomniture[2].txt [ /e-2dj6wjnycocpodp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyegd5ekp.stats.esomniture[2].txt [ /e-2dj6wjnyegd5ekp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyejdjkcp.stats.esomniture[2].txt [ /e-2dj6wjnyejdjkcp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygldpoap.stats.esomniture[1].txt [ /e-2dj6wjnygldpoap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygmajmgo.stats.esomniture[2].txt [ /e-2dj6wjnygmajmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyonc5sko.stats.esomniture[2].txt [ /e-2dj6wjnyonc5sko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyooc5oeo.stats.esomniture[2].txt [ /e-2dj6wjnyooc5oeo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopaziko.stats.esomniture[2].txt [ /e-2dj6wjnyopaziko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopc5gco.stats.esomniture[2].txt [ /e-2dj6wjnyopc5gco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqgcpmgo.stats.esomniture[2].txt [ /e-2dj6wjnyqgcpmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqpc5ieo.stats.esomniture[2].txt [ /e-2dj6wjnyqpc5ieo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnywgcjgdq.stats.esomniture[2].txt [ /e-2dj6wjnywgcjgdq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoejcpofo.stats.esomniture[2].txt [ /e-2dj6wmkoejcpofo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoeoazweo.stats.esomniture[2].txt [ /e-2dj6wmkoeoazweo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4qjc5ocq.stats.esomniture[2].txt [ /e-2dj6wml4qjc5ocq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4ugcpiap.stats.esomniture[2].txt [ /e-2dj6wml4ugcpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wnmywpdpkeq.stats.esomniture[2].txt [ /e-2dj6wnmywpdpkeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@earthlink.122.2o7[2].txt [ /earthlink.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@edgeadx[2].txt [ /edgeadx ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-emmiscommunications.hitbox[2].txt [ /ehg-emmiscommunications.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-mgnlimited.hitbox[1].txt [ /ehg-mgnlimited.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@enterprisemediagroup.112.2o7[1].txt [ /enterprisemediagroup.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@entrepreneur[2].txt [ /entrepreneur ]
C:\Documents and Settings\BCB\Cookies\bcb@eveningpostdigital.112.2o7[1].txt [ /eveningpostdigital.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@ewstv.112.2o7[1].txt [ /ewstv.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@examinercom.122.2o7[1].txt [ /examinercom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@f.blogads[1].txt [ /f.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@f2network.112.2o7[1].txt [ /f2network.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@fim.122.2o7[1].txt [ /fim.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@find.myrecipes[1].txt [ /find.myrecipes ]
C:\Documents and Settings\BCB\Cookies\bcb@findarticles[2].txt [ /findarticles ]
C:\Documents and Settings\BCB\Cookies\bcb@findlinks.addresses[2].txt [ /findlinks.addresses ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.adn[2].txt [ /findnsave.adn ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.mercedsunstar[1].txt [ /findnsave.mercedsunstar ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.thenewstribune[1].txt [ /findnsave.thenewstribune ]
C:\Documents and Settings\BCB\Cookies\bcb@firsttracksonline[1].txt [ /firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@forum.rotator.hadj7.adjuggler[2].txt [ /forum.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@foxinteractivemedia.122.2o7[1].txt [ /foxinteractivemedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@friendquestions[1].txt [ /friendquestions ]
C:\Documents and Settings\BCB\Cookies\bcb@g.blogads[2].txt [ /g.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[1].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[2].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@generalelectric.112.2o7[1].txt [ /generalelectric.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@gsicace.112.2o7[1].txt [ /gsicace.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hammacher.112.2o7[1].txt [ /hammacher.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@harpo.122.2o7[1].txt [ /harpo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@haymarketbusinesspublications.122.2o7[1].txt [ /haymarketbusinesspublications.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@healthgrades.112.2o7[1].txt [ /healthgrades.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearst.112.2o7[1].txt [ /hearst.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@highbeam.122.2o7[1].txt [ /highbeam.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@htmlgear.tripod[1].txt [ /htmlgear.tripod ]
C:\Documents and Settings\BCB\Cookies\bcb@hurricanetrack[1].txt [ /hurricanetrack ]
C:\Documents and Settings\BCB\Cookies\bcb@idfact.adservinginternational[2].txt [ /idfact.adservinginternational ]
C:\Documents and Settings\BCB\Cookies\bcb@idgenterprise.112.2o7[1].txt [ /idgenterprise.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@imagevenue.advertserve[2].txt [ /imagevenue.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@imrworldwide[1].txt [ /imrworldwide ]
C:\Documents and Settings\BCB\Cookies\bcb@in.getclicky[1].txt [ /in.getclicky ]
C:\Documents and Settings\BCB\Cookies\bcb@inl.adbureau[2].txt [ /inl.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@interchangecorporation.122.2o7[1].txt [ /interchangecorporation.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\BCB\Cookies\bcb@ipcmedia.122.2o7[1].txt [ /ipcmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@journalregistercompany.122.2o7[1].txt [ /journalregistercompany.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@jra.advertserve[1].txt [ /jra.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@kontera[1].txt [ /kontera ]
C:\Documents and Settings\BCB\Cookies\bcb@leeenterprises.112.2o7[1].txt [ /leeenterprises.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[10].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[11].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[8].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[9].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@lockedonmedia[2].txt [ /lockedonmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[3].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[4].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@magellan.highcountrync[1].txt [ /magellan.highcountrync ]
C:\Documents and Settings\BCB\Cookies\bcb@media.angelfire.lycos[1].txt [ /media.angelfire.lycos ]
C:\Documents and Settings\BCB\Cookies\bcb@media.mtvnservices[2].txt [ /media.mtvnservices ]
C:\Documents and Settings\BCB\Cookies\bcb@media.theage.com[1].txt [ /media.theage.com ]
C:\Documents and Settings\BCB\Cookies\bcb@media.www.deltacollegian[2].txt [ /media.www.deltacollegian ]
C:\Documents and Settings\BCB\Cookies\bcb@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\BCB\Cookies\bcb@mediadecoder.blogs.nytimes[2].txt [ /mediadecoder.blogs.nytimes ]
C:\Documents and Settings\BCB\Cookies\bcb@mediaonenetwork[1].txt [ /mediaonenetwork ]
C:\Documents and Settings\BCB\Cookies\bcb@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@mlbam.112.2o7[1].txt [ /mlbam.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@molawyersmedia[1].txt [ /molawyersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@montgomeryadvertiser[1].txt [ /montgomeryadvertiser ]
C:\Documents and Settings\BCB\Cookies\bcb@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nandomedia.112.2o7[1].txt [ /nandomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@netcentral.advertserve[1].txt [ /netcentral.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@network.alluremedia.com[2].txt [ /network.alluremedia.com ]
C:\Documents and Settings\BCB\Cookies\bcb@newsday.122.2o7[1].txt [ /newsday.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@newsquestdigitalmedia.122.2o7[1].txt [ /newsquestdigitalmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nexstar.122.2o7[1].txt [ /nexstar.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@northjersey.112.2o7[1].txt [ /northjersey.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pajamasmedia[1].txt [ /pajamasmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pennwellcorp.112.2o7[1].txt [ /pennwellcorp.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pentonmedia.122.2o7[1].txt [ /pentonmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@piercecountyherald[3].txt [ /piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@pmamedia.sitescout[1].txt [ /pmamedia.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@premiumtv.122.2o7[2].txt [ /premiumtv.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@r.unicornmedia[1].txt [ /r.unicornmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@rainbowmedia.122.2o7[1].txt [ /rainbowmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@rogersmedia[1].txt [ /rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@samsclub.112.2o7[1].txt [ /samsclub.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoadmc.122.2o7[1].txt [ /saxoadmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoeverett.122.2o7[1].txt [ /saxoeverett.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxofosters.122.2o7[1].txt [ /saxofosters.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxotoledo.122.2o7[1].txt [ /saxotoledo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@skinsecretsexposed[2].txt [ /skinsecretsexposed ]
C:\Documents and Settings\BCB\Cookies\bcb@smokinggun.122.2o7[1].txt [ /smokinggun.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@sonyelectronicssupportus.112.2o7[1].txt [ /sonyelectronicssupportus.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@specificmedia[2].txt [ /specificmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@sportingnews.122.2o7[1].txt [ /sportingnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stat.onestat[2].txt [ /stat.onestat ]
C:\Documents and Settings\BCB\Cookies\bcb@stateofgeorgia.122.2o7[1].txt [ /stateofgeorgia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stats-newyork1.bloxcms[3].txt [ /stats-newyork1.bloxcms ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.dallasnews[1].txt [ /stats.dallasnews ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.hostclear[1].txt [ /stats.hostclear ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.justhost[1].txt [ /stats.justhost ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.synapa[1].txt [ /stats.synapa ]
C:\Documents and Settings\BCB\Cookies\bcb@statsadv.dadapro[1].txt [ /statsadv.dadapro ]
C:\Documents and Settings\BCB\Cookies\bcb@stocks.advertserve[1].txt [ /stocks.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@stpetersburgtimes.122.2o7[1].txt [ /stpetersburgtimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@surveymonkey.122.2o7[1].txt [ /surveymonkey.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tangomedia.112.2o7[1].txt [ /tangomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@thecountdownclock[2].txt [ /thecountdownclock ]
C:\Documents and Settings\BCB\Cookies\bcb@timeinc.122.2o7[1].txt [ /timeinc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@timesofindia.indiatimes[2].txt [ /timesofindia.indiatimes ]
C:\Documents and Settings\BCB\Cookies\bcb@torstardigital.122.2o7[1].txt [ /torstardigital.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.foxnews[2].txt [ /tracking.foxnews ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.hostgator[2].txt [ /tracking.hostgator ]
C:\Documents and Settings\BCB\Cookies\bcb@trackit.sitescout[2].txt [ /trackit.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@traffic.prod.cobaltgroup[1].txt [ /traffic.prod.cobaltgroup ]
C:\Documents and Settings\BCB\Cookies\bcb@tribuneinteractive.122.2o7[1].txt [ /tribuneinteractive.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trinitymirror.112.2o7[1].txt [ /trinitymirror.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trvlnet.adbureau[1].txt [ /trvlnet.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@twc.rotator.hadj7.adjuggler[2].txt [ /twc.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@twctsg.122.2o7[1].txt [ /twctsg.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usatoday1.112.2o7[1].txt [ /usatoday1.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usnews.122.2o7[1].txt [ /usnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@videoegg.adbureau[1].txt [ /videoegg.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@vpmc.122.2o7[1].txt [ /vpmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@walmart.112.2o7[1].txt [ /walmart.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@webmasterplan[2].txt [ /webmasterplan ]
C:\Documents and Settings\BCB\Cookies\bcb@wpni.112.2o7[1].txt [ /wpni.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.3dstats ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.seeclickfix ]
C:\Documents and Settings\BCB\Cookies\bcb@[You must be registered and logged in to see this link.] [ /www.visitor-track ]
C:\Documents and Settings\BCB\Cookies\bcb@www3.addfreestats[2].txt [ /www3.addfreestats ]
C:\Documents and Settings\BCB\Cookies\bcb@xiti[1].txt [ /xiti ]
C:\Documents and Settings\BCB\Cookies\bcb@yieldmanager[2].txt [ /yieldmanager ]
C:\Documents and Settings\BCB\Cookies\bcb@zbox.zanox[1].txt [ /zbox.zanox ]
C:\Documents and Settings\BCB\Cookies\XB32BA2G.txt [ /at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\AMRKM6AW.txt [ /imrworldwide.com ]
C:\Documents and Settings\BCB\Cookies\SW34JD00.txt [ /ads.pointroll.com ]
C:\Documents and Settings\BCB\Cookies\DGE01A2J.txt [ /a1.interclick.com ]
C:\Documents and Settings\BCB\Cookies\OW9AJ3GF.txt [ /lucidmedia.com ]
C:\Documents and Settings\BCB\Cookies\FHQGU425.txt [ /c.atdmt.com ]
C:\Documents and Settings\BCB\Cookies\4IYTV9EJ.txt [ /findnsave.sacbee.com ]
C:\Documents and Settings\BCB\Cookies\BSJL0C3B.txt [ /adxpose.com ]
C:\Documents and Settings\BCB\Cookies\SGZ2EX4C.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\BCB\Cookies\P5B2A9VS.txt [ /ads.adultwebads.net ]
C:\Documents and Settings\BCB\Cookies\JBHNZOOU.txt [ /advertising.com ]
C:\Documents and Settings\BCB\Cookies\EHV58CFM.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\2RCXGZYD.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\354784MQ.txt [ /zedo.com ]
C:\Documents and Settings\BCB\Cookies\PJ0WDKP7.txt [ /pointroll.com ]
C:\Documents and Settings\BCB\Cookies\LVJY18A7.txt [ /tribalfusion.com ]
C:\Documents and Settings\BCB\Cookies\RH1BR3ZL.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\BCB\Cookies\F8Q8O3LT.txt [ /insightexpressai.com ]
C:\Documents and Settings\BCB\Cookies\C5NHM6C1.txt [ /yieldmanager.net ]
C:\Documents and Settings\BCB\Cookies\RA0AOWK3.txt [ /invitemedia.com ]
C:\Documents and Settings\BCB\Cookies\VKW0L7NA.txt [ /survey.g.doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\3S7ZTAG6.txt [ /apmebf.com ]
C:\Documents and Settings\BCB\Cookies\KO0CUATR.txt [ /saymedia.com ]
C:\Documents and Settings\BCB\Cookies\MYZ20EY3.txt [ /histats.com ]
C:\Documents and Settings\BCB\Cookies\6KU2PTLO.txt [ /adinterax.com ]
C:\Documents and Settings\BCB\Cookies\QVK258UP.txt [ /statcounter.com ]
C:\Documents and Settings\BCB\Cookies\2WCX1CY3.txt [ /collective-media.net ]
C:\Documents and Settings\BCB\Cookies\XG7OU6N9.txt [ /ads.cnn.com ]
C:\Documents and Settings\BCB\Cookies\HCB4AD84.txt [ /overture.com ]
C:\Documents and Settings\BCB\Cookies\RICF4ZSW.txt [ /doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\GX6236ZZ.txt [ /media6degrees.com ]
C:\Documents and Settings\BCB\Cookies\Z4OQ191S.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\BCB\Cookies\ANXYIR0Z.txt [ /ads.undertone.com ]
C:\Documents and Settings\BCB\Cookies\2DA62X2F.txt [ /fastclick.net ]
C:\Documents and Settings\BCB\Cookies\E90C78V8.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\BCB\Cookies\BK5JIRJS.txt [ /2o7.net ]
C:\Documents and Settings\BCB\Cookies\LDFIWSDS.txt [ /realmedia.com ]
C:\Documents and Settings\BCB\Cookies\IT9UH1I6.txt [ /legolas-media.com ]
C:\Documents and Settings\BCB\Cookies\VYVDKG7N.txt [ /questionmarket.com ]
C:\Documents and Settings\BCB\Cookies\YXVNBLWB.txt [ /kanoodle.com ]
C:\Documents and Settings\BCB\Cookies\ZQSW8B6M.txt [ /adbrite.com ]
C:\Documents and Settings\BCB\Cookies\VCW6X5C7.txt [ /www.googleadservices.com ]
C:\Documents and Settings\BCB\Cookies\TQK7U9P0.txt [ /accounts.google.com ]
C:\Documents and Settings\BCB\Cookies\R7TKUXG3.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\BCB\Cookies\JDHALWFC.txt [ /serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\FV0MVQRK.txt [ /casalemedia.com ]
C:\Documents and Settings\BCB\Cookies\ZHDB8IL5.txt [ /ad.360yield.com ]
C:\Documents and Settings\BCB\Cookies\X9GZ20UT.txt [ /mediaplex.com ]
C:\Documents and Settings\BCB\Cookies\BGQE1R2L.txt [ /ar.atwola.com ]
C:\Documents and Settings\BCB\Cookies\YS9UISIY.txt [ /interclick.com ]
C:\Documents and Settings\BCB\Cookies\0JK6DFAQ.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\4C54UY5E.txt [ /ru4.com ]
C:\Documents and Settings\BCB\Cookies\02B561PJ.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\6OJ59MBR.txt [ /atdmt.com ]
C:\Documents and Settings\BCB\Cookies\GCQ7O1PQ.txt [ /ads.wheresgeorge.com ]
C:\Documents and Settings\BCB\Cookies\QVUSXH0R.txt [ /stats.townnews.com ]
C:\Documents and Settings\BCB\Cookies\JNB0BVUN.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\BCB\Cookies\NE4SAKNV.txt [ /earthlink.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\KVR9MW7S.txt [ /kontera.com ]
C:\Documents and Settings\BCB\Cookies\9ZJIOFWK.txt [ /clickorlando.com ]
C:\Documents and Settings\BCB\Cookies\PV1X47G2.txt [ /gntbcstglobal.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\I1BF3VQO.txt [ /rtst.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\6CPQBJRQ.txt [ /www.clickorlando.com ]
C:\Documents and Settings\BCB\Cookies\H599CV5W.txt [ /ads.gainesvilletimes.com ]
C:\Documents and Settings\BCB\Cookies\AA3LVW9N.txt [ /countrymusic.about.com ]
C:\Documents and Settings\BCB\Cookies\58WSV02I.txt [ /mycountdown.org ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\IBUTFFT1.txt [ Cookie:bcb@4.docs.google.com/comments/d/AAHRpnXto8RlTI8e-uP8k25Ll2y6TJR12tk_ITTUgseXMKDZztbuAOIXCoQ_29yiT8oWtiwnQNRZQ17tOFgKZHyxu8j7e0oX0aRtTuuOLk8ul8MBJp0eVdh1hZwc9Wk0zzXO36XZgbBJe ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\D45T22TO.txt [ Cookie:bcb@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\JZWDK2YR.txt [ Cookie:bcb@raproducts.org/click/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\35IB4D6E.txt [ Cookie:bcb@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\DH01I0U4.txt [ Cookie:bcb@[You must be registered and logged in to see this link.] ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkyaocjefo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcmiumcpefp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4elc5kfo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.earthlink.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VBLRHRP5 ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP3\A0000282.EXE

by **Superdave** on Sun 26 Aug 2012, 6:39 am

The OTL fix wasn't done correctly. Please go back and review the instructions to run the fix.

by Hobo on Sun 26 Aug 2012, 7:05 am

My mistake. I clicked 'Run Scan' instead of 'Run Fix'.

Below is the Run Fix log:

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08252012_140043

by Sponsored content Today at 11:15 pm

espeak911 colexity777 37.220.36.44

espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44

Re: espeak911 colexity777 37.220.36.44