OTL logfile created on: 10/1/2010 9:16:14 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\debra\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 177.99 Gb Free Space | 59.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SELF-29AB0C6D32
Current User Name: debra
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\debra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files\LSICim\javaserv.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\debra\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe File not found
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File not found
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (LSICIMProvider) -- C:\Program Files\LSICim\javaserv.exe ()
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Norton AntiVirus Server) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100730.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100730.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (PCGenFAM) -- C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys (Soluto LTD.)
DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Pnp680r) -- C:\WINDOWS\system32\DRIVERS\pnp680r.sys (Silicon Image, Inc)
DRV - (UBFWNet) -- C:\WINDOWS\system32\drivers\ubfwnet.sys (Unibrain S.A.)
DRV - (ubohci) -- C:\WINDOWS\system32\drivers\ubohci.sys (Unibrain S.A.)
DRV - (ubumapi) -- C:\WINDOWS\system32\drivers\UBUMAPI.sys (Unibrain S.A.)
DRV - (ubsbm) -- C:\WINDOWS\system32\drivers\UBSBM.sys (Unibrain S.A.)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)
DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (SoC PC-Camera Service) -- C:\WINDOWS\system32\drivers\pfc027.sys ()
DRV - (NAVAPEL) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys (Symantec Corporation)
DRV - (NAVAP) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.5.0.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/27 15:42:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/15 10:59:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/26 10:43:59 | 000,000,000 | ---D | M]
[2010/01/24 12:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Mozilla\Extensions
[2009/11/25 11:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/06 10:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Mozilla\Firefox\Profiles\xycdoetz.default\extensions
[2010/05/09 23:30:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\debra\Application Data\Mozilla\Firefox\Profiles\xycdoetz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/11 12:35:11 | 000,000,000 | ---D | M] (Billeo) -- C:\Documents and Settings\debra\Application Data\Mozilla\Firefox\Profiles\xycdoetz.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2010/09/26 10:44:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/24 17:47:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/05/18 11:19:12 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/09/24 17:47:03 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Billeo) - {465E08E7-F005-4389-980F-1D8764B3486C} - C:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696}
http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034}
http://intel-drv-cdn.systemrequirements ... b_srlx.cab (System Requirements Lab Class)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448}
http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77}
http://www.nero.com/doc/NeroVersionCheckerControl.cab (NeroVersionCheckerControl Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 0262021093 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\debra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\debra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/19 21:20:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/24 11:47:50 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ========== [2010/10/01 21:07:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\debra\Desktop\OTL.exe
[2010/10/01 15:54:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/01 15:54:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/01 15:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/30 17:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debra\Desktop\tdsskiller
[2010/09/26 11:03:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/26 10:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/26 08:09:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/26 08:07:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/26 08:07:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/26 08:07:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/26 08:07:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/26 08:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/26 08:06:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/26 08:01:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\debra\Desktop\TFC.exe
[2010/09/25 17:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debra\My Documents\mikes work
[2010/09/25 16:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/12 11:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\EMET
[2010/09/07 09:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/09/07 09:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2010/09/06 10:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/08/31 18:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/08/28 16:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/08/27 18:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010/08/16 11:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/16 11:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/08/08 12:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/08/08 12:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/08/08 12:51:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/08/08 11:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/05 17:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/05 15:37:26 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/08/01 11:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/01 11:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/27 16:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debra\Application Data\Broderbund
[2010/07/27 15:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/07/20 12:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/20 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/20 12:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/11 12:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Billeo
[2010/07/08 17:07:24 | 000,083,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/08 17:07:24 | 000,073,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/08 17:07:06 | 000,000,000 | ---D | C] -- C:\VirDefs
[2010/07/08 06:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debra\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/07 16:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/07 15:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2010/07/07 15:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help
[2010/07/07 14:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debra\Local Settings\Application Data\Real
[2010/07/07 14:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/07/07 14:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/07 14:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/07/07 14:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debra\Application Data\Real
========== Files - Modified Within 90 Days ========== [2010/10/01 21:15:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-492894223-682003330-1003.job
[2010/10/01 21:15:14 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-492894223-682003330-1003.job
[2010/10/01 21:07:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debra\Desktop\OTL.exe
[2010/10/01 21:05:57 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\debra\Desktop\traceroute_malwarebytes_cdn.exe
[2010/10/01 20:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/01 20:19:39 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{10F31AF9-7D8F-44B2-935E-1AEE982D53D5}.job
[2010/10/01 15:54:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 15:53:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/01 15:51:00 | 000,000,060 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/10/01 15:50:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 15:50:13 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2010/10/01 15:50:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/10/01 15:50:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/01 15:50:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/01 15:50:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/01 15:50:09 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/01 15:49:17 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\debra\ntuser.dat
[2010/10/01 15:49:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\debra\ntuser.ini
[2010/09/30 20:00:12 | 001,568,656 | -H-- | M] () -- C:\Documents and Settings\debra\Local Settings\Application Data\IconCache.db
[2010/09/30 19:59:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/30 17:07:00 | 001,206,412 | ---- | M] () -- C:\Documents and Settings\debra\Desktop\tdsskiller.zip
[2010/09/27 17:24:57 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\debra\Desktop\MBRCheck.exe
[2010/09/26 10:45:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/26 08:09:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/26 08:06:16 | 003,854,198 | R--- | M] () -- C:\Documents and Settings\debra\Desktop\ComboFix.exe
[2010/09/26 08:01:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debra\Desktop\TFC.exe
[2010/09/24 15:02:14 | 000,000,314 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/09/22 17:04:55 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/22 15:30:03 | 000,000,973 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/22 15:30:03 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/21 17:49:21 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\debra\My Documents\stinger1010854.opt
[2010/09/16 19:30:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/15 16:43:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 09:57:18 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/09/02 17:27:27 | 000,613,362 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/02 17:27:27 | 000,526,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/02 17:27:27 | 000,095,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/23 07:14:41 | 000,000,096 | ---- | M] () -- C:\pwd_vault.dat
[2010/08/22 19:47:04 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\debra\My Documents\sales meeting agenda 8-23-10[1].doc
[2010/08/21 22:09:26 | 005,181,253 | ---- | M] () -- C:\Documents and Settings\debra\My Documents\472a605c.scan
[2010/08/21 14:14:27 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/19 04:25:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/12 05:19:57 | 000,317,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/31 17:39:16 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\debra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 18:17:09 | 002,320,896 | ---- | M] () -- C:\Documents and Settings\debra\My Documents\big poster.sig
[2010/07/27 16:34:40 | 000,012,984 | ---- | M] () -- C:\Documents and Settings\debra\My Documents\Untitled.vi
[2010/07/27 16:34:27 | 000,000,023 | ---- | M] () -- C:\WINDOWS\VI20.set
[2010/07/27 16:02:42 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\debra\default.pls
[2010/07/27 15:41:45 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/12 16:58:26 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/07/08 17:06:22 | 000,124,167 | ---- | M] () -- C:\WINDOWS\System32\SYMEVNT.386
[2010/07/08 17:06:22 | 000,083,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/08 17:06:22 | 000,073,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
========== Files Created - No Company Name ========== [2010/10/01 21:05:57 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\debra\Desktop\traceroute_malwarebytes_cdn.exe
[2010/10/01 15:54:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 05:16:23 | 2138,296,320 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/30 17:06:59 | 001,206,412 | ---- | C] () -- C:\Documents and Settings\debra\Desktop\tdsskiller.zip
[2010/09/27 17:24:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\debra\Desktop\MBRCheck.exe
[2010/09/26 08:09:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/26 08:09:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/26 08:07:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/26 08:07:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/26 08:07:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/26 08:07:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/26 08:07:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/26 08:06:16 | 003,854,198 | R--- | C] () -- C:\Documents and Settings\debra\Desktop\ComboFix.exe
[2010/09/22 17:04:55 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/07 09:43:43 | 000,000,544 | ---- | C] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2010/09/04 15:30:40 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-492894223-682003330-1003.job
[2010/08/23 07:14:41 | 000,000,096 | ---- | C] () -- C:\pwd_vault.dat
[2010/08/22 19:47:04 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\debra\My Documents\sales meeting agenda 8-23-10[1].doc
[2010/08/21 22:09:46 | 005,181,253 | ---- | C] () -- C:\Documents and Settings\debra\My Documents\472a605c.scan
[2010/08/16 11:51:36 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/08 14:05:52 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\debra\My Documents\stinger1010854.opt
[2010/07/28 04:37:58 | 002,320,896 | ---- | C] () -- C:\Documents and Settings\debra\My Documents\big poster.sig
[2010/07/27 16:34:40 | 000,012,984 | ---- | C] () -- C:\Documents and Settings\debra\My Documents\Untitled.vi
[2010/07/27 16:30:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\VI20.set
[2010/07/08 17:07:24 | 000,124,167 | ---- | C] () -- C:\WINDOWS\System32\SYMEVNT.386
[2010/07/07 14:26:25 | 000,000,314 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/07 14:26:05 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-492894223-682003330-1003.job
[2010/06/23 03:17:32 | 004,959,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/21 09:29:34 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/27 16:45:28 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/12/27 13:07:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/11/19 17:05:11 | 000,000,387 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2009/11/11 16:05:13 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/11/04 15:56:01 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/04 15:56:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/30 13:29:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/14 20:10:33 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\debra\Application Data\default.rss
[2009/09/05 11:04:01 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 10:38:54 | 000,000,060 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/08/31 09:41:49 | 000,241,713 | ---- | C] () -- C:\WINDOWS\System32\LsiNative.dll
[2009/08/31 09:41:49 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lsicimmsg.dll
[2009/08/30 16:39:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/08/30 16:28:27 | 000,000,021 | ---- | C] () -- C:\Program Files\Common Files\appop.log
[2009/08/22 21:54:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/30 21:17:15 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009/07/04 10:07:36 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/06/14 22:18:32 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2009/06/02 20:25:38 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\debra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/01 12:00:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/01 11:49:24 | 000,013,270 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/04/28 11:22:18 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\debra\Application Data\Setup.txt
[2009/04/21 18:59:06 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/04/21 18:59:06 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/04/21 18:59:00 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/04/21 18:59:00 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/04/20 18:10:22 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/04/20 17:03:19 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\697C466700.sys
[2009/04/20 16:52:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/04/20 16:52:10 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/01/04 04:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/28 10:08:58 | 000,136,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2004/01/08 10:30:22 | 000,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2003/10/07 11:30:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/08/22 08:52:14 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\smsc.ini
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ========== [2009/04/19 22:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2009/04/19 22:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/05/15 15:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2009/08/01 10:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/08/16 11:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/12/26 14:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/09/05 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/09/07 09:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2009/05/01 11:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/22 05:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2009/11/04 15:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/25 16:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/28 15:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/04/13 00:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/30 22:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/27 16:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Broderbund
[2010/07/08 06:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/18 11:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\E-centives
[2010/03/26 20:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Facebook
[2010/05/12 03:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\FileZilla
[2009/08/01 10:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\GetRightToGo
[2010/08/01 10:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Image Zone Express
[2009/06/14 22:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Leadertech
[2009/12/26 01:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\MP3Rocket
[2009/11/03 14:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Opera
[2010/02/12 18:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Research In Motion
[2009/04/28 11:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Simple Star
[2009/04/20 18:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Windows Desktop Search
[2009/08/09 22:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra\Application Data\Windows Search
[2010/10/01 15:53:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/01 15:50:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/10/01 15:50:13 | 000,000,544 | ---- | M] () -- C:\WINDOWS\Tasks\PandaUSBVaccine.job
[2010/10/01 20:19:39 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{10F31AF9-7D8F-44B2-935E-1AEE982D53D5}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2009/08/01 10:05:26 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2009/04/19 21:20:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/22 15:30:03 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/26 08:09:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/26 10:49:17 | 000,035,404 | ---- | M] () -- C:\ComboFix.txt
[2009/04/19 21:20:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/13 22:35:00 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/01 15:50:09 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/07/30 21:17:16 | 000,001,119 | ---- | M] () -- C:\INSTALL.LOG
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/04/19 21:20:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/19 21:20:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/01 15:50:08 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/08/23 07:14:41 | 000,000,096 | ---- | M] () -- C:\pwd_vault.dat
[2010/05/10 14:27:15 | 000,000,984 | ---- | M] () -- C:\screensaverenabledisable.vbs
[2009/04/19 22:45:11 | 000,000,199 | ---- | M] () -- C:\setup.log
[2010/08/16 10:59:28 | 000,078,754 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_16.08.2010_10.58.50_log.txt
[2010/09/30 17:10:55 | 000,039,918 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_30.09.2010_17.08.57_log.txt
[2009/04/19 22:45:04 | 000,000,851 | ---- | M] () -- C:\tempbmm.iss
[2010/10/01 21:06:45 | 000,000,858 | ---- | M] () -- C:\traceroute_malwarebytes_cdn.txt
[2001/01/10 12:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/07/08 17:10:38 | 000,098,673 | -H-- | M] () -- C:\_NavCClt.Log
< %systemroot%\Fonts\*.com >[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini >[2009/04/19 21:20:11 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* >[2010/08/08 09:51:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7eI179q.dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/02/09 15:43:24 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2006/10/26 11:26:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr >[2006/05/18 15:20:35 | 000,319,488 | ---- | M] (Nero AG / Nero Inc.) -- C:\WINDOWS\Nero PhotoShow.scr
[2009/02/06 20:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav >[2009/04/19 01:58:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/19 01:58:49 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/19 01:58:49 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[2009/04/19 21:20:36 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[2009/04/19 21:25:30 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\debra\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/04/19 21:25:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >[2010/09/26 08:06:16 | 003,854,198 | R--- | M] () -- C:\Documents and Settings\debra\Desktop\ComboFix.exe
[2010/09/27 17:24:57 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\debra\Desktop\MBRCheck.exe
[2010/10/01 21:07:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debra\Desktop\OTL.exe
[2010/09/26 08:01:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debra\Desktop\TFC.exe
[2010/10/01 21:05:57 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\debra\Desktop\traceroute_malwarebytes_cdn.exe
< %PROGRAMFILES%\Common Files\*.* >[2009/08/31 10:37:40 | 000,000,021 | ---- | M] () -- C:\Program Files\Common Files\appop.log
< %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe >[2009/08/31 10:20:38 | 018,346,984 | ---- | M] (Nero AG) -- C:\Documents and Settings\debra\My Documents\InCDReader-5.9.4.0.exe
[2009/11/03 14:12:50 | 012,580,696 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\debra\My Documents\mm20enu.exe
[2009/11/03 21:49:25 | 002,808,639 | ---- | M] (movtowmv.com ) -- C:\Documents and Settings\debra\My Documents\movtowmv_setup.exe
[2009/11/03 14:10:52 | 002,110,781 | ---- | M] (Digital River) -- C:\Documents and Settings\debra\My Documents\movtrial.exe
[2009/08/31 10:12:20 | 406,903,544 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\debra\My Documents\Nero-7.11.10.0_all_update.exe
[2009/09/05 10:53:08 | 400,705,448 | ---- | M] () -- C:\Documents and Settings\debra\My Documents\Nero-9.4.13.2d_trial.exe
[2009/09/29 19:35:44 | 004,129,799 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\debra\My Documents\stinger1001624.exe
[2009/09/16 17:54:35 | 025,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\debra\My Documents\wmp11-windowsxp-x86-enu.exe
< %USERPROFILE%\*.exe > < %systemroot%\ADDINS\*.* > < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x >[2009/04/19 21:25:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\debra\Favorites\Desktop.ini
< %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x >[2010/10/01 21:15:14 | 000,098,304 | -HS- | M] () -- C:\Documents and Settings\debra\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* > < %systemroot%\system32\winlog\*.* > < %systemroot%\system32\Language\*.* > < %systemroot%\system32\Settings\*.* > < %systemroot%\system32\*.quo > < %SYSTEMROOT%\AppPatch\*.exe > < %SYSTEMROOT%\inf\*.exe >[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe > < %systemroot%\system32\config\*.bak2 > < %systemroot%\system32\Computers\*.* > < %SystemRoot%\system32\Sound\*.* > < %SystemRoot%\system32\SpecialImg\*.* > < %SystemRoot%\system32\code\*.* > < %SystemRoot%\system32\draft\*.* > < %SystemRoot%\system32\MSSSys\*.* > < %ProgramFiles%\Javascript\*.* > < %systemroot%\pchealth\helpctr\System\*.exe /s > < %systemroot%\Web\*.exe > < %systemroot%\system32\msn\*.* > < %systemroot%\system32\*.tro > < %AppData%\Microsoft\Installer\msupdates\*.* > < %ProgramFiles%\Messenger\*.exe >[2008/04/14 08:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
< %systemroot%\system32\systhem32\*.* > < %systemroot%\system\*.exe > < %USERPROFILE%\Templates\*.tmp > < %SYSTEMDRIVE%\explorexxx.exe\*.* > < %Windir%\Installer\*.tmp >[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
< %systemroot%\System32\*.xco > < %ProgramFiles%\system32\*.* > < %systemroot%\System32\windos\*.* > < %SystemRoot%\system32\sandbox\*.* > < %SystemRoot%\system32\*.amo > < %SystemRoot%\system32\Windows Live\*.* > < %ProgramFiles%\logs\*.* > < %ProgramFiles%\Bifrost\*.* > < %SystemRoot%\system32\*.goo > < %systemroot%\system32\IME\*.* > < %systemroot%\BackUp\*.* > < %systemroot%\system32\*.ico > < %systemroot%\system\*.dat > < %systemroot%\system\*.exe > < %AppData%\Macromedia\Common\*.* > < %SYSTEMDRIVE%\dir\*.* /s > < %systemroot%\system32\ras\*.exe > < %SYSTEMDRIVE%\MFILES\*.* > < %SYSTEMDRIVE%\mDNSRespon.exe\*.* > < %systemroot%\system32\services\*.* > < %systemroot%\Spooler\*.* > < %ProgramFiles%\system32\*.* > < %systemroot%\system32\Setup\*.dll /x > < %systemroot%\system32\*.mine > < %SYSTEMDRIVE%\cleansweep.exe\*.* > < %systemroot%\system32\ras\*.dll > < %systemroot%\system32\ras\*.drv > < %systemroot%\*.iq > < %systemroot%\system32\XP\*.* > < %SYSTEMDRIVE%\Extracted\*.* > < %systemroot%\system32\windows\*.* > < %systemroot%\logs\*.* >[2010/05/24 00:05:43 | 000,359,936 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log
< %SYSTEMDRIVE%\Win.Msi\*.* > < %systemroot%\regedit\*.* > < %systemroot%\system32\skype\*.* > < %AppData%\Adobe\dlluplwin25\*.* > < %UserProfile%\*.dat >[2010/10/01 15:49:17 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\debra\ntuser.dat
< %UserProfile%\*.dll > < %systemroot%\system32\*.sxo > < %SYSTEMDRIVE%\Gazma\*.* /s > < %systemroot%\system32\spynet\*.* > < %systemroot%\system32\System\*.* > < %appdata%\Microsoft\Windows\*.* > < %systemroot%\system32\WinDir\*.* > < %systemroot%\_\*.* > < %systemroot%\system32\windows32\*.* > < %ProgramFiles%\win\*.* > < %AppData%\Microsoft\CD Burning\*.* > < %systemroot%\*.cab > < %systemroot%\K.Backup\*.* > < %ProgramFiles%\Massenger\*.* > < %systemroot%\System32\*.doc > < %systemroot%\Office12\*.* > < %systemroot%\System32\Rundl32.exe\*.* > < %ProgramFiles%\yahoo.net\*.* > < %systemroot%\system32\*.igo > < %systemroot%\*.rew > < %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >[2002/06/07 07:00:00 | 000,028,160 | ---- | M] (SEIKO EPSON CORP.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EPIBSR30.EXE
[2002/12/13 09:57:00 | 000,414,976 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
[2003/06/27 10:00:06 | 000,038,400 | ---- | M] (SEIKO EPSON Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUTIX25.EXE
[2003/01/14 07:00:00 | 000,151,552 | ---- | M] (SEIKO EPSON CORP.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DMSG00.EXE
[2003/01/09 08:00:00 | 000,144,384 | ---- | M] (SEIKO EPSON CORP.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DPPE03.EXE
[2002/07/01 05:02:00 | 000,062,464 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S00RP1.EXE
[2003/02/14 07:06:00 | 000,105,984 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10MT1.EXE
[2003/02/14 07:04:00 | 000,077,312 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10RN1.EXE
[2003/05/19 06:11:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S1T0A1.EXE
[2003/07/08 06:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE
[2003/05/16 07:13:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SIINS1.EXE
[2002/12/11 05:03:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE
< %USERPROFILE%\.COMMgr\*.* > < %USERPROFILE%\Desktop\*.bat > < %PROGRAMFILES%\Common Files\Real\visualizations\*.* >[2010/07/27 15:42:23 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\annabelle.rpv
[2010/07/27 15:42:23 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\cosmicbelt.rpv
[2010/07/27 15:42:23 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\fire.rpv
[2010/07/27 15:42:23 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\freqbands.rpv
[2010/07/27 15:42:23 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\nebula.rpv
< %PROGRAMFILES%\Internet Explorer\*.Jmp > < %PROGRAMFILES%\Windows NT\system\*.dll > < %systemroot%\system32\*.ext > < %systemroot%\system32\Com\*.cfg > < %systemroot%\system32\btz\*.* > < %systemroot%\system32\EMP\*.* > < %systemroot%\system32\expo\*.* > < %systemroot%\system32\inet2\*.* > < %systemroot%\system32\xrem\*.* > < %ProgramFiles%\Microsoft\*.* > < %systemroot%\usgwmt\*.* > < %ProgramFiles%\B\*.* > < %SYSTEMDRIVE%\lspp\*.* > < %systemroot%\Kral\*.* > < %SYSTEMDRIVE%\windowsdvd.exe\*.* > < %systemroot%\system32\*.ipo > < %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* > < %systemroot%\system32\*.mof >[2009/07/16 10:30:06 | 000,000,789 | ---- | M] () -- C:\WINDOWS\system32\winrmprov.mof
< %systemroot%\*.atm > < %systemroot%\system32\svhost\*.* > < %ProgramFiles%\system32\*.* > < %ProgramFiles%\Docmentt\*.* > < %systemroot%\Help\*.vbs > < %ProgramFiles%\Windows WinSxs\*.* /s > < %ProgramFiles%\Outlook Express\IDT\*.* /s > < %ProgramFiles%\Microsoft Office\365\*.* /s > < %ProgramFiles%\Windows Live\*.* > < %systemroot%\system32\win32\*.* > < %SYSTEMDRIVE%\RECYCLER\*.* > < %systemroot%\Fresh1\*.* > < %ProgramFiles%\Kekj\*.* /s > < %systemroot%\GDU\*.* > < %systemroot%\KA\*.* > < %systemroot%\R\*.* > < %systemroot%\system32\*.fyo > < %USERPROFILE%\System\*.* > < %systemroot%\Source\*.* > < %systemroot%\system32\ac\*.* > < %ProgramFiles%\MSDN\*.* > < %AppData%\AdobeUM\winvcldll54\*.* /s > < %ProgramFiles%\Internet Explorer\*.ico > < %systemroot%\system32\*.ojo > < %systemroot%\system32\d323s\*.* > < %systemroot%\system32\re\*.* > < %UserProfile%\Microsoft\*.dll > < %UserProfile%\Microsoft\*.log > < %systemroot%\Bios\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-01 09:19:41
========== Files - Unicode (All) ==========[2010/05/02 19:59:50 | 000,000,000 | ---D | M](C:\Documents and Settings\debra\Application Data\???????sAppData) -- C:\Documents and Settings\debra\Application Data\敎潲䍄敔灭慬整sAppData
[2010/05/02 19:59:50 | 000,000,000 | ---D | M](C:\Documents and Settings\debra\Application Data\???????sAppData) -- C:\Documents and Settings\debra\Application Data\敎潲䍄敔灭慬整sAppData
(C:\Documents and Settings\debra\Application Data\???????sAppData) -- C:\Documents and Settings\debra\Application Data\敎潲䍄敔灭慬整sAppData
< End of report >