espeak911 colexity777 37.220.36.44

**Hobo** · **Hobo** on 20th August 2012, 1:25 am

Malware attempts to connect to one of the following three sites about once or twice every minute: espeak911.com/x/ , colexity777.com/x/ , 37.220.36.44/x/ . So far Trend Micro Titanium has been able to block these attempts.

The malware does not allow me to go to google.com or do any searches on sites that use Google.

Toshiba Satellite laptop running Win XP. IE8. SpyHunter4 downloaded only to scan for problems.

Problems began about two days ago.

OTL

OTL logfile created on: 8/19/2012 6:12:28 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.73% Memory free
2.58 Gb Paging File | 1.97 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 6.03 Gb Free Space | 8.09% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: BCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 18:02:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL\OTL.com
PRC - [2012/07/22 09:43:39 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/07/11 14:58:22 | 005,076,416 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2012/07/11 14:58:12 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/02/27 07:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/08/02 17:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/03 03:07:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/07/03 02:57:04 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/07/02 23:50:32 | 000,700,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 13:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2006/04/25 18:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/16 14:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/03/02 16:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 13:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2006/01/20 16:14:20 | 001,122,412 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
PRC - [2005/12/16 03:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/05 23:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/08/16 12:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/21 19:38:24 | 000,901,120 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/04/26 13:26:14 | 000,266,240 | ---- | M] (FLIR Systems) -- C:\Program Files\FLIR Systems\QuickView\T3Mon.exe
PRC - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2006/07/02 23:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 23:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 15:07:08 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/01/17 19:52:10 | 000,659,456 | ---- | M] () -- C:\Program Files\NETGEAR\WG511SCU\Utility\UIResource.dll
MOD - [2006/01/04 19:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/23 15:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2004/07/20 18:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2004/04/26 13:25:16 | 000,003,584 | ---- | M] () -- c:\Program Files\FLIR Systems\QuickView\Resources\T3Mon.En

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/08/14 13:45:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:58:12 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/08/02 14:58:24 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/07/12 05:14:08 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/07/12 05:13:54 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/07/12 05:13:42 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/06/17 12:22:52 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/04/14 21:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/11/16 18:34:26 | 005,955,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/03/30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/08/25 17:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/22 11:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/13 11:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/03 01:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/28 17:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 12:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 17:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/03/18 08:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 19:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 15:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 15:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/07/25 18:48:36 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg511nd5.sys -- (NETGEAR_WG511_SERVICE)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 14:08:20 | 000,020,992 | ---- | M] (FLIR Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FLIRUSB.sys -- (FLIRUSBNET)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/11 19:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/27 07:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/03/05 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/27 07:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/22 09:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 09:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/22 09:45:10 | 000,000,000 | ---D | M]

[2009/10/14 00:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/30 10:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/05 03:15:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/25 16:39:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/12/30 10:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/07/22 09:44:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/05 03:15:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1464\6.6.1081\FIREFOXEXTENSION
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/22 09:43:48 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/09/10 01:06:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe ( )
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft PDF Professional 4-reminder] C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [T3Mon] C:\Program Files\FLIR Systems\QuickView\T3Mon.exe (FLIR Systems)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283916496671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD89D79-D72C-4FB1-95C4-33FDAF4732F2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 20:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 17:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus
[2012/08/18 19:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Start Menu\Programs\SpyHunter
[2012/08/18 19:59:32 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/18 19:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/18 19:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/08/18 19:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\DriverCure
[2012/08/18 19:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\SpeedyPC Software
[2012/08/18 19:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Start Menu\Programs\SpeedyPC Software
[2012/08/18 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/08/18 19:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/08/18 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/08/18 09:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/18 09:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/16 22:32:09 | 000,000,000 | ---D | C] -- C:\2012 Election
[2012/08/05 19:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\My Documents\Backup IE and Outlook Express
[2012/07/29 00:35:55 | 000,000,000 | ---D | C] -- C:\Barber Shop
[2012/07/22 09:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/07/22 09:44:11 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/07/22 09:43:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/07/22 09:43:43 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/07/22 09:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 18:12:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 18:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/08/19 17:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/19 14:37:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/08/19 11:56:45 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/19 11:56:28 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/19 11:56:28 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/19 11:56:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/19 11:56:17 | 2137,034,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 01:50:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/08/19 01:25:19 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/08/18 19:59:36 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\SpyHunter.lnk
[2012/08/18 19:40:55 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\SpeedyPC Pro.lnk
[2012/08/18 19:29:15 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/18 16:52:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/16 12:37:59 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 02:34:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 22:16:07 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/14 13:45:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 13:45:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/05 18:46:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/28 23:40:07 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/07/26 11:21:08 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/22 09:45:05 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/07/22 09:44:12 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/07/22 09:43:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/07/22 09:43:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/07/22 09:43:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/18 19:59:36 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\SpyHunter.lnk
[2012/08/18 19:41:29 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/08/18 19:40:55 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\SpeedyPC Pro.lnk
[2012/08/18 19:40:54 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/18 19:40:54 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/08/18 19:40:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/07/22 09:45:05 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/07/21 08:14:49 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/17 21:18:32 | 000,034,776 | ---- | C] () -- C:\WINDOWS\System32\ClientPropertyPageLIB.dll
[2012/05/17 21:16:58 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2012/05/17 21:16:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2012/05/17 21:16:55 | 012,033,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2012/05/17 21:16:54 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2012/05/17 21:16:54 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2012/03/05 13:59:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2011/05/29 22:51:09 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/09/10 03:02:42 | 000,003,033 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/22 23:54:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\housecall.guid.cache
[2010/08/15 01:02:02 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml
[2008/02/13 01:50:36 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2006/12/14 03:02:10 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 03:02:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\fusioncache.dat

>>>>> CONTINUED NEXT POST <<<<<

**Hobo** · **Hobo** on 20th August 2012, 1:25 am

>>>>> CONTINUED <<<<<

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2006/04/10 08:22:50 | 000,050,776 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/10/14 00:48:34 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2006/04/10 08:22:50 | 000,050,776 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/10/14 00:48:34 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/04 08:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2012/06/03 10:44:46 | 000,005,504 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys

< %systemroot%\System32\config\*.sav >
[2006/07/18 13:27:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/07/18 13:27:17 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/07/18 13:27:17 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/05/29 22:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\321Studios
[2012/03/03 11:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/07/19 20:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2009/05/03 03:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Architectural Energy Corporation
[2012/07/30 17:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/07/31 23:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Chief Architect
[2012/08/18 19:58:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/07/18 20:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/01/19 17:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\DATA BECKER
[2006/08/11 15:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\DataLode
[2008/06/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\DesktopDialer
[2012/05/17 21:18:43 | 000,000,000 | ---D | M] -- C:\Program Files\DinoCapture 2.0
[2006/07/19 17:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2010/03/14 00:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Energy Conservatory
[2006/07/19 17:49:57 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2012/08/18 19:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/09/14 02:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2008/02/03 21:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2006/12/14 03:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\FLIR Systems
[2006/07/19 18:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2011/05/09 10:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/12/19 23:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Hasbro
[2006/07/19 20:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2012/05/17 21:16:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/12/14 02:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/08/16 02:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/12/14 02:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/09/02 15:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2011/12/30 10:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/07/19 17:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/17 21:23:29 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2006/07/19 19:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/03/12 21:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/07/19 20:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/07/18 20:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/03/26 19:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/07/19 20:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/07/19 20:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/09/10 03:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/18 20:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/24 01:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/26 19:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/07/18 20:32:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/07/18 20:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/06/11 00:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/03/05 22:16:03 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2009/03/12 09:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/09/07 19:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2006/07/18 20:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 02:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/09/24 20:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/08/13 00:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\PSD
[2006/07/19 20:39:38 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2008/09/01 12:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2012/07/22 09:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2010/06/17 17:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/24 01:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/02/13 01:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/01/31 19:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Selectsoft
[2008/08/15 21:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\SNC
[2012/08/18 19:40:43 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedyPC Software
[2011/03/05 15:42:48 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/07/19 16:57:47 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/12/14 03:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\ThermaCAM
[2006/08/17 11:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2006/07/19 17:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Games
[2012/03/05 13:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/07/18 20:42:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/31 18:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2006/07/19 20:39:47 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/07/19 17:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/06/14 21:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/12 09:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/07/18 20:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/07/18 20:35:37 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/08/19 14:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\WMV9_VCM
[2008/08/19 14:40:54 | 000,000,000 | ---D | M] -- C:\Program Files\Xara
[2006/07/18 20:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/08/11 15:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2006/07/18 13:28:16 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\BCB\Application Data\desktop.ini
[2010/09/08 23:34:36 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml

< MD5 for: AFD.SYS >
[2011/08/17 07:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 07:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 13:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 13:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 07:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 09:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 04:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 03:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/10 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 03:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 08:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 07:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 04:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 05:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 04:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 05:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 05:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 07:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/10 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/13 18:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/13 18:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 11:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 11:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2008/02/20 12:49:36 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=6333C7E182E5B6247500188D28214DEF -- C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
[2004/08/10 06:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
[2008/02/19 23:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=AAC8FFBFD61E784FA3BAC851D4A0BD5F -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/20 11:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/13 18:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/13 18:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2012/08/13 22:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
[2005/03/09 11:18:20 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=87D45DE924F9DEAE3886A270DE0097AA -- C:\WINDOWS\$NtUninstallKB902400$\es.dll
[2005/07/25 22:20:28 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=95F5FEA4C6DE2C3F28784D0DCC8F0DD3 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[2012/08/08 14:30:14 | 000,008,728 | ---- | M] () MD5=99CDEC2E14B16630C1FC85682625BF45 -- C:\Program Files\Google\Chrome\Application\21.0.1180.77\Locales\es.dll
[2008/07/07 14:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2004/08/10 06:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS\$NtUninstallKB895200$\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\ERDNT\cache\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 14:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/10 06:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/13 18:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 18:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/10 06:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBT.SYS >
[2004/08/10 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 13:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 13:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2005/08/22 12:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 12:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[2004/08/10 06:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtUninstallKB905414$\netman.dll

< MD5 for: QMGR.DLL >
[2004/08/10 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/04/13 18:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 18:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004/08/10 06:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB895200$\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 04:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/25 22:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2005/04/28 13:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/03/09 11:18:21 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=E5F3AF7B092F23BA51E1F31096F12DC6 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SR.SYS >
[2008/04/13 12:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/13 12:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2004/08/10 06:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/10 06:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006/04/20 05:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 04:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 10:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 04:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 11:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 13:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 13:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/10 06:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/06/20 05:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 05:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 06:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 12:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 12:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/10 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/13 18:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 18:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2004/08/10 06:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2004/08/10 06:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2008/04/13 18:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 18:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/10 06:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/13 18:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/13 18:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

**Hobo** · **Hobo** on 20th August 2012, 1:26 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 18:30:35
-----------------------------
18:30:35.328 OS Version: Windows 5.1.2600 Service Pack 3
18:30:35.328 Number of processors: 2 586 0xE08
18:30:35.328 ComputerName: TOSHIBA-USER UserName: BCB
18:30:36.421 Initialize success
18:31:03.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:31:03.640 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
18:31:03.640 Device \Driver\atapi -> DriverStartIo 8a7202e2
18:31:03.640 Disk 0 MBR read successfully
18:31:03.640 Disk 0 MBR scan
18:31:03.640 Disk 0 Windows XP default MBR code
18:31:03.640 Disk 0 MBR hidden
18:31:03.671 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
18:31:03.671 Disk 0 scanning sectors +156296385
18:31:03.750 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:14.265 Service scanning
18:31:33.546 Modules scanning
18:31:43.265 Disk 0 trace - called modules:
18:31:43.281 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a7204b1]<<
18:31:43.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a708ab8]
18:31:43.281 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008b[0x8a7aa510]
18:31:43.281 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a70c940]
18:31:43.296 \Driver\atapi[0x8a693a68] -> IRP_MJ_CREATE -> 0x8a7204b1
18:31:43.296 Scan finished successfully
18:32:53.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR\MBR.dat"
18:32:53.031 The log file has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR\aswMBR.txt"

**Hobo** · **Hobo** on 20th August 2012, 1:27 am

Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
AOL Spyware Protection
SpyHunter
HijackThis 2.0.2
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 9.0.115.0 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (3.0.10) Firefox out of Date!
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
````````Process Check: objlist.exe by Laurent````````
BCB Desktop Aug 2012 espeak911 virus SecurityCheck\SecurityCheck.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

**Superdave** · **Superdave** on 21st August 2012, 1:02 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
The Security Check log shows that your AV is disabled. Please enable it now.
The log also show that you only have 8.09% free space on your hard drive. Windows require 15% or more to operate efficiently. You will need to free up more space(11 Gb). You can do this by transferring music, videos, pictures and other important data to an external harddrive or DVD's. You can use RW's because they are re-usable. You can also uninstall any programs no longer used or needed.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

**Hobo** · **Hobo** on 21st August 2012, 11:03 pm

I am using a computer at the library to read your instructions and download any needed software. I will report back once I have completed your above instructions. Thank you.

**Hobo** · **Hobo** on 22nd August 2012, 3:45 pm

Installed SuperAntiSpyware. Did not appear to update from update file downloaded onto thumb drive from another computer.

NOTE - SuperAntiSpyware update file later found by Malwarebytes to be infected!!

Scan log below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2012 at 11:46 PM

Application Version : 5.5.1012

Core Rules Database Version : 9098
Trace Rules Database Version: 6910

Scan type : Complete Scan
Total Scan Time : 03:22:17

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 35471
Registry threats detected : 0
File items scanned : 131882
File threats detected : 388

Adware.Tracking Cookie
C:\Documents and Settings\BCB\Cookies\bcb@a.total-media[1].txt [ /a.total-media ]
C:\Documents and Settings\BCB\Cookies\bcb@ad-beta.thehill[1].txt [ /ad-beta.thehill ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.blockshopper[1].txt [ /ad.blockshopper ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.ench.kyodonews[1].txt [ /ad.ench.kyodonews ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.epochtimes[2].txt [ /ad.epochtimes ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.telegraf[1].txt [ /ad.telegraf ]
C:\Documents and Settings\BCB\Cookies\bcb@ad1.adtitan[1].txt [ /ad1.adtitan ]
C:\Documents and Settings\BCB\Cookies\bcb@ad4.adfarm1.adition[2].txt [ /ad4.adfarm1.adition ]
C:\Documents and Settings\BCB\Cookies\bcb@adcentriconline[2].txt [ /adcentriconline ]
C:\Documents and Settings\BCB\Cookies\bcb@adecn[1].txt [ /adecn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.abovetopsecret[1].txt [ /ads.abovetopsecret ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.apn.co[2].txt [ /ads.apn.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.artsopolis[1].txt [ /ads.artsopolis ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.bleepingcomputer[1].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.cnn[2].txt [ /ads.cnn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.coastalcourier[2].txt [ /ads.coastalcourier ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.comcorpusa[1].txt [ /ads.comcorpusa ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.dixcom[1].txt [ /ads.dixcom ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.foodbuzz[1].txt [ /ads.foodbuzz ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.heraldnet[1].txt [ /ads.heraldnet ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.imgur[2].txt [ /ads.imgur ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.madeinwork[2].txt [ /ads.madeinwork ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.mail[1].txt [ /ads.mail ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.n-ws[1].txt [ /ads.n-ws ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.news-gazette[2].txt [ /ads.news-gazette ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.oregonnewsjournal[2].txt [ /ads.oregonnewsjournal ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pgatour[2].txt [ /ads.pgatour ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pixiq[2].txt [ /ads.pixiq ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.react2media[2].txt [ /ads.react2media ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcmdb[1].txt [ /ads.tcmdb ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcm[1].txt [ /ads.tcm ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.telegraph.co[1].txt [ /ads.telegraph.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thefrisky[1].txt [ /ads.thefrisky ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thesmokinggun[1].txt [ /ads.thesmokinggun ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tmnetads[1].txt [ /ads.tmnetads ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.trutv[1].txt [ /ads.trutv ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.wabi[2].txt [ /ads.wabi ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.xtra[1].txt [ /ads.xtra ]
C:\Documents and Settings\BCB\Cookies\bcb@adserv.brandaffinity[1].txt [ /adserv.brandaffinity ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.clicklish[2].txt [ /adserver.clicklish ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.neworleans[2].txt [ /adserver.neworleans ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.nsadev[1].txt [ /adserver.nsadev ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.whiznews[1].txt [ /adserver.whiznews ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver2.news-journalonline[1].txt [ /adserver2.news-journalonline ]
C:\Documents and Settings\BCB\Cookies\bcb@advertising.goldseek[2].txt [ /advertising.goldseek ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.brighthouse[1].txt [ /adverts.brighthouse ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.timesofmalta[1].txt [ /adverts.timesofmalta ]
C:\Documents and Settings\BCB\Cookies\bcb@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\BCB\Cookies\bcb@allbritton.122.2o7[1].txt [ /allbritton.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@am-newyokmint-live.122.2o7[1].txt [ /am-newyokmint-live.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@amex-insights[1].txt [ /amex-insights ]
C:\Documents and Settings\BCB\Cookies\bcb@analytics.rogersmedia[1].txt [ /analytics.rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@apnonline.112.2o7[1].txt [ /apnonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@arkansasonline.112.2o7[1].txt [ /arkansasonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@asianmedia[2].txt [ /asianmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@atlanticmedia.122.2o7[1].txt [ /atlanticmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bannerads.forsythnews[2].txt [ /bannerads.forsythnews ]
C:\Documents and Settings\BCB\Cookies\bcb@banners.andomedia[2].txt [ /banners.andomedia ]
C:\Documents and Settings\BCB\Cookies\bcb@banners1.sninews[1].txt [ /banners1.sninews ]
C:\Documents and Settings\BCB\Cookies\bcb@bassproshops.122.2o7[1].txt [ /bassproshops.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@beacon.dmsinsights[1].txt [ /beacon.dmsinsights ]
C:\Documents and Settings\BCB\Cookies\bcb@beacons.hottraffic[1].txt [ /beacons.hottraffic ]
C:\Documents and Settings\BCB\Cookies\bcb@bellglobemediapublishing.122.2o7[1].txt [ /bellglobemediapublishing.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@biglots.112.2o7[1].txt [ /biglots.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@blethenmaine.112.2o7[1].txt [ /blethenmaine.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bluemango.solution.weborama[2].txt [ /bluemango.solution.weborama ]
C:\Documents and Settings\BCB\Cookies\bcb@bonniercorp.122.2o7[1].txt [ /bonniercorp.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@brighthouse.122.2o7[1].txt [ /brighthouse.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@buycom.122.2o7[1].txt [ /buycom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@c.gigcount[1].txt [ /c.gigcount ]
C:\Documents and Settings\BCB\Cookies\bcb@canoe.112.2o7[1].txt [ /canoe.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@care2.112.2o7[1].txt [ /care2.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbcnewmedia.112.2o7[1].txt [ /cbcnewmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbsdigitalmedia.112.2o7[1].txt [ /cbsdigitalmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn1.trafficmp[1].txt [ /cdn1.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn4.specificclick[2].txt [ /cdn4.specificclick ]
C:\Documents and Settings\BCB\Cookies\bcb@centralmediaserver[2].txt [ /centralmediaserver ]
C:\Documents and Settings\BCB\Cookies\bcb@chicagosuntimes.122.2o7[1].txt [ /chicagosuntimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@click2houston[2].txt [ /click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@clickbooth[1].txt [ /clickbooth ]
C:\Documents and Settings\BCB\Cookies\bcb@clickondetroit[1].txt [ /clickondetroit ]
C:\Documents and Settings\BCB\Cookies\bcb@cmn.adbureau[2].txt [ /cmn.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@cms.trafficmp[1].txt [ /cms.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@csm.rotator.hadj7.adjuggler[2].txt [ /csm.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@dailyheraldpaddockpublication.112.2o7[1].txt [ /dailyheraldpaddockpublication.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@dmtracker[2].txt [ /dmtracker ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aek4sgczcao.stats.esomniture[2].txt [ /e-2dj6aek4sgczcao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekiqidjmgp.stats.esomniture[2].txt [ /e-2dj6aekiqidjmgp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekoslcjagp.stats.esomniture[2].txt [ /e-2dj6aekoslcjagp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekygkajidq.stats.esomniture[2].txt [ /e-2dj6aekygkajidq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykmazalp.stats.esomniture[2].txt [ /e-2dj6aekykmazalp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykoajwgq.stats.esomniture[1].txt [ /e-2dj6aekykoajwgq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekyukdpwep.stats.esomniture[2].txt [ /e-2dj6aekyukdpwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aelielczmlo.stats.esomniture[1].txt [ /e-2dj6aelielczmlo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aeliklcjwkp.stats.esomniture[2].txt [ /e-2dj6aeliklcjwkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wakokhdpidp.stats.esomniture[2].txt [ /e-2dj6wakokhdpidp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6walogjdzmfo.stats.esomniture[2].txt [ /e-2dj6walogjdzmfo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wamysod5gap.stats.esomniture[2].txt [ /e-2dj6wamysod5gap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wbliojdjedp.stats.esomniture[2].txt [ /e-2dj6wbliojdjedp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wckycgdzecq.stats.esomniture[2].txt [ /e-2dj6wckycgdzecq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wcl4woc5mdp.stats.esomniture[2].txt [ /e-2dj6wcl4woc5mdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdkiagcjako.stats.esomniture[2].txt [ /e-2dj6wdkiagcjako.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdlionazmkp.stats.esomniture[2].txt [ /e-2dj6wdlionazmkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdmigiazadp.stats.esomniture[2].txt [ /e-2dj6wdmigiazadp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4ehcpcgo.stats.esomniture[2].txt [ /e-2dj6wfk4ehcpcgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4qpc5mbp.stats.esomniture[2].txt [ /e-2dj6wfk4qpc5mbp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkicjazsho.stats.esomniture[1].txt [ /e-2dj6wfkicjazsho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkygjczogp.stats.esomniture[2].txt [ /e-2dj6wfkygjczogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkyuiczkbq.stats.esomniture[2].txt [ /e-2dj6wfkyuiczkbq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfliuldpieq.stats.esomniture[2].txt [ /e-2dj6wfliuldpieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoaicjokq.stats.esomniture[2].txt [ /e-2dj6wgkoaicjokq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoomdpgfq.stats.esomniture[2].txt [ /e-2dj6wgkoomdpgfq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4khazwbo.stats.esomniture[2].txt [ /e-2dj6wjk4khazwbo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4kidjklp.stats.esomniture[2].txt [ /e-2dj6wjk4kidjklp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4ojazkao.stats.esomniture[2].txt [ /e-2dj6wjk4ojazkao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4uldpikq.stats.esomniture[1].txt [ /e-2dj6wjk4uldpikq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkokic5wdp.stats.esomniture[2].txt [ /e-2dj6wjkokic5wdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkoqid5clp.stats.esomniture[1].txt [ /e-2dj6wjkoqid5clp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajcdo.stats.esomniture[2].txt [ /e-2dj6wjkyanajcdo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajwep.stats.esomniture[2].txt [ /e-2dj6wjkyanajwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkycic5gho.stats.esomniture[2].txt [ /e-2dj6wjkycic5gho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyckdpklo.stats.esomniture[2].txt [ /e-2dj6wjkyckdpklo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkygpd5efq.stats.esomniture[2].txt [ /e-2dj6wjkygpd5efq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkykjc5efp.stats.esomniture[2].txt [ /e-2dj6wjkykjc5efp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyknczwgo.stats.esomniture[2].txt [ /e-2dj6wjkyknczwgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqndzwlp.stats.esomniture[2].txt [ /e-2dj6wjkyqndzwlp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqpc5ieq.stats.esomniture[2].txt [ /e-2dj6wjkyqpc5ieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyundpadq.stats.esomniture[2].txt [ /e-2dj6wjkyundpadq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkywkczaeq.stats.esomniture[1].txt [ /e-2dj6wjkywkczaeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4cncpiap.stats.esomniture[2].txt [ /e-2dj6wjl4cncpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4eic5ogp.stats.esomniture[2].txt [ /e-2dj6wjl4eic5ogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4qjdzibp.stats.esomniture[2].txt [ /e-2dj6wjl4qjdzibp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliegcpmhp.stats.esomniture[2].txt [ /e-2dj6wjliegcpmhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlikgajgho.stats.esomniture[2].txt [ /e-2dj6wjlikgajgho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliohd5mhq.stats.esomniture[1].txt [ /e-2dj6wjliohd5mhq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlychczggp.stats.esomniture[2].txt [ /e-2dj6wjlychczggp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlyemdzwao.stats.esomniture[2].txt [ /e-2dj6wjlyemdzwao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiohdzkhp.stats.esomniture[2].txt [ /e-2dj6wjmiohdzkhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiumczcco.stats.esomniture[2].txt [ /e-2dj6wjmiumczcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmychajcdp.stats.esomniture[1].txt [ /e-2dj6wjmychajcdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1gczab.stats.esomniture[1].txt [ /e-2dj6wjny-1gczab.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1pcjml.stats.esomniture[1].txt [ /e-2dj6wjny-1pcjml.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyagc5gao.stats.esomniture[1].txt [ /e-2dj6wjnyagc5gao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyamczmcq.stats.esomniture[2].txt [ /e-2dj6wjnyamczmcq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycldjahq.stats.esomniture[2].txt [ /e-2dj6wjnycldjahq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycndzcco.stats.esomniture[2].txt [ /e-2dj6wjnycndzcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycoajacp.stats.esomniture[1].txt [ /e-2dj6wjnycoajacp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycocpodp.stats.esomniture[2].txt [ /e-2dj6wjnycocpodp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyegd5ekp.stats.esomniture[2].txt [ /e-2dj6wjnyegd5ekp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyejdjkcp.stats.esomniture[2].txt [ /e-2dj6wjnyejdjkcp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygldpoap.stats.esomniture[1].txt [ /e-2dj6wjnygldpoap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygmajmgo.stats.esomniture[2].txt [ /e-2dj6wjnygmajmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyonc5sko.stats.esomniture[2].txt [ /e-2dj6wjnyonc5sko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyooc5oeo.stats.esomniture[2].txt [ /e-2dj6wjnyooc5oeo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopaziko.stats.esomniture[2].txt [ /e-2dj6wjnyopaziko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopc5gco.stats.esomniture[2].txt [ /e-2dj6wjnyopc5gco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqgcpmgo.stats.esomniture[2].txt [ /e-2dj6wjnyqgcpmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqpc5ieo.stats.esomniture[2].txt [ /e-2dj6wjnyqpc5ieo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnywgcjgdq.stats.esomniture[2].txt [ /e-2dj6wjnywgcjgdq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoejcpofo.stats.esomniture[2].txt [ /e-2dj6wmkoejcpofo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoeoazweo.stats.esomniture[2].txt [ /e-2dj6wmkoeoazweo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4qjc5ocq.stats.esomniture[2].txt [ /e-2dj6wml4qjc5ocq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4ugcpiap.stats.esomniture[2].txt [ /e-2dj6wml4ugcpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wnmywpdpkeq.stats.esomniture[2].txt [ /e-2dj6wnmywpdpkeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@earthlink.122.2o7[2].txt [ /earthlink.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@edgeadx[2].txt [ /edgeadx ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-emmiscommunications.hitbox[2].txt [ /ehg-emmiscommunications.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-mgnlimited.hitbox[1].txt [ /ehg-mgnlimited.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@enterprisemediagroup.112.2o7[1].txt [ /enterprisemediagroup.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@entrepreneur[2].txt [ /entrepreneur ]
C:\Documents and Settings\BCB\Cookies\bcb@eveningpostdigital.112.2o7[1].txt [ /eveningpostdigital.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@ewstv.112.2o7[1].txt [ /ewstv.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@examinercom.122.2o7[1].txt [ /examinercom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@f.blogads[1].txt [ /f.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@f2network.112.2o7[1].txt [ /f2network.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@fim.122.2o7[1].txt [ /fim.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@find.myrecipes[1].txt [ /find.myrecipes ]
C:\Documents and Settings\BCB\Cookies\bcb@findarticles[2].txt [ /findarticles ]
C:\Documents and Settings\BCB\Cookies\bcb@findlinks.addresses[2].txt [ /findlinks.addresses ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.adn[2].txt [ /findnsave.adn ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.mercedsunstar[1].txt [ /findnsave.mercedsunstar ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.thenewstribune[1].txt [ /findnsave.thenewstribune ]
C:\Documents and Settings\BCB\Cookies\bcb@firsttracksonline[1].txt [ /firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@forum.rotator.hadj7.adjuggler[2].txt [ /forum.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@foxinteractivemedia.122.2o7[1].txt [ /foxinteractivemedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@friendquestions[1].txt [ /friendquestions ]
C:\Documents and Settings\BCB\Cookies\bcb@g.blogads[2].txt [ /g.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[1].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[2].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@generalelectric.112.2o7[1].txt [ /generalelectric.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@gsicace.112.2o7[1].txt [ /gsicace.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hammacher.112.2o7[1].txt [ /hammacher.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@harpo.122.2o7[1].txt [ /harpo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@haymarketbusinesspublications.122.2o7[1].txt [ /haymarketbusinesspublications.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@healthgrades.112.2o7[1].txt [ /healthgrades.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearst.112.2o7[1].txt [ /hearst.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@highbeam.122.2o7[1].txt [ /highbeam.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@htmlgear.tripod[1].txt [ /htmlgear.tripod ]
C:\Documents and Settings\BCB\Cookies\bcb@hurricanetrack[1].txt [ /hurricanetrack ]
C:\Documents and Settings\BCB\Cookies\bcb@idfact.adservinginternational[2].txt [ /idfact.adservinginternational ]
C:\Documents and Settings\BCB\Cookies\bcb@idgenterprise.112.2o7[1].txt [ /idgenterprise.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@imagevenue.advertserve[2].txt [ /imagevenue.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@imrworldwide[1].txt [ /imrworldwide ]
C:\Documents and Settings\BCB\Cookies\bcb@in.getclicky[1].txt [ /in.getclicky ]
C:\Documents and Settings\BCB\Cookies\bcb@inl.adbureau[2].txt [ /inl.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@interchangecorporation.122.2o7[1].txt [ /interchangecorporation.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\BCB\Cookies\bcb@ipcmedia.122.2o7[1].txt [ /ipcmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@journalregistercompany.122.2o7[1].txt [ /journalregistercompany.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@jra.advertserve[1].txt [ /jra.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@kontera[1].txt [ /kontera ]
C:\Documents and Settings\BCB\Cookies\bcb@leeenterprises.112.2o7[1].txt [ /leeenterprises.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[10].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[11].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[8].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[9].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@lockedonmedia[2].txt [ /lockedonmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[3].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[4].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@magellan.highcountrync[1].txt [ /magellan.highcountrync ]
C:\Documents and Settings\BCB\Cookies\bcb@media.angelfire.lycos[1].txt [ /media.angelfire.lycos ]
C:\Documents and Settings\BCB\Cookies\bcb@media.mtvnservices[2].txt [ /media.mtvnservices ]
C:\Documents and Settings\BCB\Cookies\bcb@media.theage.com[1].txt [ /media.theage.com ]
C:\Documents and Settings\BCB\Cookies\bcb@media.www.deltacollegian[2].txt [ /media.www.deltacollegian ]
C:\Documents and Settings\BCB\Cookies\bcb@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\BCB\Cookies\bcb@mediadecoder.blogs.nytimes[2].txt [ /mediadecoder.blogs.nytimes ]
C:\Documents and Settings\BCB\Cookies\bcb@mediaonenetwork[1].txt [ /mediaonenetwork ]
C:\Documents and Settings\BCB\Cookies\bcb@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@mlbam.112.2o7[1].txt [ /mlbam.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@molawyersmedia[1].txt [ /molawyersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@montgomeryadvertiser[1].txt [ /montgomeryadvertiser ]
C:\Documents and Settings\BCB\Cookies\bcb@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nandomedia.112.2o7[1].txt [ /nandomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@netcentral.advertserve[1].txt [ /netcentral.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@network.alluremedia.com[2].txt [ /network.alluremedia.com ]
C:\Documents and Settings\BCB\Cookies\bcb@newsday.122.2o7[1].txt [ /newsday.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@newsquestdigitalmedia.122.2o7[1].txt [ /newsquestdigitalmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nexstar.122.2o7[1].txt [ /nexstar.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@northjersey.112.2o7[1].txt [ /northjersey.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pajamasmedia[1].txt [ /pajamasmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pennwellcorp.112.2o7[1].txt [ /pennwellcorp.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pentonmedia.122.2o7[1].txt [ /pentonmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@piercecountyherald[3].txt [ /piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@pmamedia.sitescout[1].txt [ /pmamedia.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@premiumtv.122.2o7[2].txt [ /premiumtv.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@r.unicornmedia[1].txt [ /r.unicornmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@rainbowmedia.122.2o7[1].txt [ /rainbowmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@rogersmedia[1].txt [ /rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@samsclub.112.2o7[1].txt [ /samsclub.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoadmc.122.2o7[1].txt [ /saxoadmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoeverett.122.2o7[1].txt [ /saxoeverett.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxofosters.122.2o7[1].txt [ /saxofosters.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxotoledo.122.2o7[1].txt [ /saxotoledo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@skinsecretsexposed[2].txt [ /skinsecretsexposed ]
C:\Documents and Settings\BCB\Cookies\bcb@smokinggun.122.2o7[1].txt [ /smokinggun.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@sonyelectronicssupportus.112.2o7[1].txt [ /sonyelectronicssupportus.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@specificmedia[2].txt [ /specificmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@sportingnews.122.2o7[1].txt [ /sportingnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stat.onestat[2].txt [ /stat.onestat ]
C:\Documents and Settings\BCB\Cookies\bcb@stateofgeorgia.122.2o7[1].txt [ /stateofgeorgia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stats-newyork1.bloxcms[3].txt [ /stats-newyork1.bloxcms ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.dallasnews[1].txt [ /stats.dallasnews ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.hostclear[1].txt [ /stats.hostclear ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.justhost[1].txt [ /stats.justhost ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.synapa[1].txt [ /stats.synapa ]
C:\Documents and Settings\BCB\Cookies\bcb@statsadv.dadapro[1].txt [ /statsadv.dadapro ]
C:\Documents and Settings\BCB\Cookies\bcb@stocks.advertserve[1].txt [ /stocks.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@stpetersburgtimes.122.2o7[1].txt [ /stpetersburgtimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@surveymonkey.122.2o7[1].txt [ /surveymonkey.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tangomedia.112.2o7[1].txt [ /tangomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@thecountdownclock[2].txt [ /thecountdownclock ]
C:\Documents and Settings\BCB\Cookies\bcb@timeinc.122.2o7[1].txt [ /timeinc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@timesofindia.indiatimes[2].txt [ /timesofindia.indiatimes ]
C:\Documents and Settings\BCB\Cookies\bcb@torstardigital.122.2o7[1].txt [ /torstardigital.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.foxnews[2].txt [ /tracking.foxnews ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.hostgator[2].txt [ /tracking.hostgator ]
C:\Documents and Settings\BCB\Cookies\bcb@trackit.sitescout[2].txt [ /trackit.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@traffic.prod.cobaltgroup[1].txt [ /traffic.prod.cobaltgroup ]
C:\Documents and Settings\BCB\Cookies\bcb@tribuneinteractive.122.2o7[1].txt [ /tribuneinteractive.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trinitymirror.112.2o7[1].txt [ /trinitymirror.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trvlnet.adbureau[1].txt [ /trvlnet.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@twc.rotator.hadj7.adjuggler[2].txt [ /twc.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@twctsg.122.2o7[1].txt [ /twctsg.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usatoday1.112.2o7[1].txt [ /usatoday1.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usnews.122.2o7[1].txt [ /usnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@videoegg.adbureau[1].txt [ /videoegg.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@vpmc.122.2o7[1].txt [ /vpmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@walmart.112.2o7[1].txt [ /walmart.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@webmasterplan[2].txt [ /webmasterplan ]
C:\Documents and Settings\BCB\Cookies\bcb@wpni.112.2o7[1].txt [ /wpni.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@www.3dstats[1].txt [ /www.3dstats ]
C:\Documents and Settings\BCB\Cookies\bcb@www.click2houston[1].txt [ /www.click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@www.firsttracksonline[2].txt [ /www.firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@www.piercecountyherald[1].txt [ /www.piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@www.seeclickfix[1].txt [ /www.seeclickfix ]
C:\Documents and Settings\BCB\Cookies\bcb@www.visitor-track[1].txt [ /www.visitor-track ]
C:\Documents and Settings\BCB\Cookies\bcb@www3.addfreestats[2].txt [ /www3.addfreestats ]
C:\Documents and Settings\BCB\Cookies\bcb@xiti[1].txt [ /xiti ]
C:\Documents and Settings\BCB\Cookies\bcb@yieldmanager[2].txt [ /yieldmanager ]
C:\Documents and Settings\BCB\Cookies\bcb@zbox.zanox[1].txt [ /zbox.zanox ]
C:\Documents and Settings\BCB\Cookies\CLKDNZQR.txt [ /at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\AMRKM6AW.txt [ /imrworldwide.com ]
C:\Documents and Settings\BCB\Cookies\0JNUFLBS.txt [ /ads.pointroll.com ]
C:\Documents and Settings\BCB\Cookies\YQT14NC0.txt [ /a1.interclick.com ]
C:\Documents and Settings\BCB\Cookies\OEXR9DTC.txt [ /lucidmedia.com ]
C:\Documents and Settings\BCB\Cookies\DKU7UT6J.txt [ /c.atdmt.com ]
C:\Documents and Settings\BCB\Cookies\KV8K2OAZ.txt [ /findnsave.sacbee.com ]
C:\Documents and Settings\BCB\Cookies\BSJL0C3B.txt [ /adxpose.com ]
C:\Documents and Settings\BCB\Cookies\H3S983XE.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\BCB\Cookies\7J75M1ZH.txt [ /ads.adultwebads.net ]
C:\Documents and Settings\BCB\Cookies\MLZP9U29.txt [ /advertising.com ]
C:\Documents and Settings\BCB\Cookies\EHV58CFM.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\MIWVLFBY.txt [ /zedo.com ]
C:\Documents and Settings\BCB\Cookies\VH97S1L4.txt [ /pointroll.com ]
C:\Documents and Settings\BCB\Cookies\ZWA7KB2S.txt [ /tribalfusion.com ]
C:\Documents and Settings\BCB\Cookies\4XSW59P2.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\BCB\Cookies\HK7EOQQU.txt [ /insightexpressai.com ]
C:\Documents and Settings\BCB\Cookies\C5NHM6C1.txt [ /yieldmanager.net ]
C:\Documents and Settings\BCB\Cookies\DQKDC9PU.txt [ /invitemedia.com ]
C:\Documents and Settings\BCB\Cookies\40E3QHFO.txt [ /apmebf.com ]
C:\Documents and Settings\BCB\Cookies\KO0CUATR.txt [ /saymedia.com ]
C:\Documents and Settings\BCB\Cookies\MYZ20EY3.txt [ /histats.com ]
C:\Documents and Settings\BCB\Cookies\89YSJM8L.txt [ /burstnet.com ]
C:\Documents and Settings\BCB\Cookies\22SSNTTG.txt [ /network.realmedia.com ]
C:\Documents and Settings\BCB\Cookies\XUA1KXLT.txt [ /www.burstnet.com ]
C:\Documents and Settings\BCB\Cookies\SDODJWYR.txt [ /adinterax.com ]
C:\Documents and Settings\BCB\Cookies\TTBHUCXW.txt [ /statcounter.com ]
C:\Documents and Settings\BCB\Cookies\HEN3T7WS.txt [ /collective-media.net ]
C:\Documents and Settings\BCB\Cookies\XG7OU6N9.txt [ /ads.cnn.com ]
C:\Documents and Settings\BCB\Cookies\G8IGRR48.txt [ /overture.com ]
C:\Documents and Settings\BCB\Cookies\XA32JZ42.txt [ /doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\I2CCLK7F.txt [ /media6degrees.com ]
C:\Documents and Settings\BCB\Cookies\VVWC2W7K.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\BCB\Cookies\EIASTTSX.txt [ /ads.undertone.com ]
C:\Documents and Settings\BCB\Cookies\JRGKBDG8.txt [ /fastclick.net ]
C:\Documents and Settings\BCB\Cookies\J2QW3FU5.txt [ /2o7.net ]
C:\Documents and Settings\BCB\Cookies\5F62HV28.txt [ /realmedia.com ]
C:\Documents and Settings\BCB\Cookies\GRNJZLJ5.txt [ /legolas-media.com ]
C:\Documents and Settings\BCB\Cookies\A83UDHJ9.txt [ /revsci.net ]
C:\Documents and Settings\BCB\Cookies\S9NFIXUS.txt [ /questionmarket.com ]
C:\Documents and Settings\BCB\Cookies\YXVNBLWB.txt [ /kanoodle.com ]
C:\Documents and Settings\BCB\Cookies\PSC7NFMQ.txt [ /adbrite.com ]
C:\Documents and Settings\BCB\Cookies\39JRSRFM.txt [ /accounts.google.com ]
C:\Documents and Settings\BCB\Cookies\4A0GVPUL.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\BCB\Cookies\FX5XJRJZ.txt [ /serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\GHXVZY78.txt [ /casalemedia.com ]
C:\Documents and Settings\BCB\Cookies\GBJH2GZI.txt [ /mediaplex.com ]
C:\Documents and Settings\BCB\Cookies\S2TXIUC6.txt [ /interclick.com ]
C:\Documents and Settings\BCB\Cookies\EUWZQYCW.txt [ /pro-market.net ]
C:\Documents and Settings\BCB\Cookies\N08DDUXN.txt [ /ru4.com ]
C:\Documents and Settings\BCB\Cookies\JUHCZS7U.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\GK59DQDE.txt [ /atdmt.com ]
C:\Documents and Settings\BCB\Cookies\N2M7N696.txt [ /specificclick.net ]
C:\Documents and Settings\BCB\Cookies\GCQ7O1PQ.txt [ /ads.wheresgeorge.com ]
C:\Documents and Settings\BCB\Cookies\JNB0BVUN.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\BCB\Cookies\NE4SAKNV.txt [ /earthlink.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\I1BF3VQO.txt [ /rtst.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\H599CV5W.txt [ /ads.gainesvilletimes.com ]
C:\Documents and Settings\BCB\Cookies\AA3LVW9N.txt [ /countrymusic.about.com ]
C:\Documents and Settings\BCB\Cookies\58WSV02I.txt [ /mycountdown.org ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\2BU671Q0.txt [ Cookie:bcb@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\35IB4D6E.txt [ Cookie:bcb@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\DH01I0U4.txt [ Cookie:bcb@www.google.com/accounts ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkyaocjefo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcmiumcpefp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4elc5kfo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.earthlink.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VBLRHRP5 ]

Trojan.Agent/Gen-Frauder
C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\TEMP\79B.TMP

**Hobo** · **Hobo** on 22nd August 2012, 3:52 pm

After scan completed was not able to follow instructions given. No choice to quarantine selected items. Only choices were "Manage Allowed Items", "View Scan Log", "Remove Threats", "Cancel".

Closed SuperAntiSpyware, rebooted and moved on to Malwarebytes.

Installed Malwarebytes but did not appear to update from update file downloaded to thumb drive on another computer.

Malwarebytes scan log below:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
BCB :: TOSHIBA-USER [administrator]

8/22/2012 1:00:32 AM
mbam-log-2012-08-22 (01-00-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391263
Time elapsed: 3 hour(s), 19 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\SuperAntiSpyware\Updates\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)

**Hobo** · **Hobo** on 22nd August 2012, 4:02 pm

NOTE

Phony antivirus program now resident on my laptop.

SpeedyPC Pro

Created August 18, 2012 7:40:55 PM
Has a desktop shortcut and appeared in tray before Malwarebytes deleted malicious files.

SpeedyPC Pro appears to still be installed on laptop. It is still included on the list of installed programs although it does not appear in my tray at the moment.

Malwarebytes does not appear to find anything suspicious about SpeedyPC Pro.

I will now await further instructions.

Also, I uninstalled SpywareHunter4 after completing the above steps.

**Hobo** · **Hobo** on 22nd August 2012, 4:27 pm

TrendMicro Titanium continues to block attempts to connect to several sites.

http://espeak911.com/x/
http://colexity777.com/x/
http://37.220.36.44/x/

These attempts have slowed down to about one attempt every two minutes as compared to two attempts per minutes earlier.

I took a photo of my laptop screen when the SpeedyPC Pro was running. How do I upload the photo so you can see it?