Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware installed by getsoftprotection20.co.cc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware installed by getsoftprotection20.co.cc

Unread postby Alcidamas » September 28th, 2010, 2:50 pm

Hi Guys- My wife got redirected to getsoftprotection20.co.cc, which gave flashing warnings for all kinds of infections. She clicked on the button to "fix the problems". A search for files created shows the computer downloaded wmp11-windowsXP-x86-enu.exe at that time. We have no sound on the computer, so she did not request the program. It must have run, because it installed icons on the desktop and startup. I tried to uninstall WMP, but neither Control Panel nor RUN (script provided by MS) can uninstall. PrevX failed doesn't seem to be there anymore. Spybot ran but kept having "problems" with "included files". I tried System Restore for 1, 2, and 3 days back (it said there were restore points), but this too failed.

IBM says “Four vulnerabilities in Microsoft Windows Media Player could allow remote code execution. By creating a malicious .ASP file and enticing a user to click a link or open a file, an attacker could trigger a heap overflow through a malformed ASF stream and remotely execute unauthorized code with the privileges of the user.”
http://www.iss.net/threats/279.html

I have run other anti-spyware: Malaware, MS Malicious Software Removal. None of them flag the file I know was a bogus download.

Below are the HJT Log file and the HJT uninstall list. Thanks for your help.

Hijack this Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:06 PM, on 9/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\NMSU\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/foxit?o=101706&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/learnmore/lea ... code=en-us
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: NMSU VPN Client.lnk = C:\Program Files\NMSU\VPN Client\vpngui.exe
O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NMSU\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Seagate Sync Service - Unknown owner - C:\Program Files\Seagate\Sync\SeaSyncServices.exe (file missing)
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 8175 bytes


UNINSTALL LIST
32 Bit HP CIO Components Installer
Acrobat.com
AOLIcon
Brother MFL-Pro Suite
Compatibility Pack for the 2007 Office system
CompuApps SwissKnife V3
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Digital Line Detect
Dragon NaturallySpeaking 9
EASEUS Partition Master 5.8.1 Home Edition
ELIcon
ExamView Assessment Suite
Finale NotePad 2008
Finale Reader 2010
Foxit PDF IFilter
Foxit Reader
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Update Helper
GTK+ Runtime 2.12.1 rev a (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InfraRecorder
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
IomegaWare
ISO Recorder
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
Learn2 Player (Uninstall Only)
LessonView
Malwarebytes' Anti-Malware
MathPlayer
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.10)
MPM
MSN Encarta Plus Support Files
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Netflix Movie Viewer
NetWaiting
PaperPort Image Printer
PC Pitstop Optimize 1.5
Picasa 3
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SnagIt 6
Sonic Activation Module
Sophos Anti-Virus
Sophos AutoUpdate
Spybot - Search & Destroy
Steinberg Cubase LE 4
Steinberg HALionOne
Steinberg HALionOne Essential Set
SUPERAntiSpyware
Syncrosoft License Control
TeacherEXPRESS: Prentice Hall Pre-Algebra
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
VC 9.0 Runtime
VIA Platform Device Manager
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPN Client
Windows Defender Signatures
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Wise Disk Cleaner 5.33
WordPerfect Office 12
ZoneAlarm
Alcidamas
Active Member
 
Posts: 3
Joined: September 28th, 2010, 2:38 pm
Advertisement
Register to Remove

Re: malware installed by getsoftprotection20.co.cc

Unread postby peku006 » October 1st, 2010, 5:33 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: malware installed by getsoftprotection20.co.cc

Unread postby Alcidamas » October 1st, 2010, 2:52 pm

Hi Peku006--
Thanks for the help.

OTL Extras logfile created on: 10/1/2010 12:41:33 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 2.31 Gb Free Space | 4.37% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 5.30 Gb Free Space | 28.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 148.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 908.87 Gb Free Space | 97.57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1T1BT91
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12001:UDP" = 12001:UDP:*:Enabled:SMART WebServer Handshake Multicast Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- File not found
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216016FB}" =
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CCBABCB-6427-4A55-B091-49864623C43F}" =
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8C25E29E-FC5D-44CD-A58C-5746AF303CF2}" = Microsoft Office Outlook Connector
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2" =
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB8B979E-E336-47E7-96BC-1031C1B94561}" =
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583" =
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043" =
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DDDD2F85-CEE4-512D-BCBE-09AA6A0CD869}" =
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Ad-Aware SE Personal" =
"AddressBook" =
"Adobe AIR" =
"AudioPlugin.dll" =
"Branding" =
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Connection Manager" =
"CopyNow.dll" =
"DataPlugin.dll" =
"Dell Digital Jukebox Driver" =
"DirectAnimation" =
"DirectDrawEx" =
"dlatray.exe" =
"DXM_Runtime" =
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"ExamView Pro" = ExamView Assessment Suite
"Finale NotePad 2008" = Finale NotePad 2008
"Finale Reader" = Finale Reader 2010
"Fontcore" =
"Foxit Reader" = Foxit Reader
"GTK 2.0" = GTK+ Runtime 2.12.1 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"ICW" =
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"IEData" =
"InfraRecorder" = InfraRecorder
"InstallShield Uninstall Information" =
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IomegaNT" = IomegaWare
"LessonView" = LessonView
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"MobileOptionPack" =
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MPlayer2" =
"NetMeeting" =
"OutlookExpress" =
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SchedulingAgent" =
"SnagIt6" = SnagIt 6
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Syncrosoft License Control" = Syncrosoft License Control
"TeacherEXPRESS: Prentice Hall Pre-Algebra" = TeacherEXPRESS: Prentice Hall Pre-Algebra
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" =
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.33
"WMCSetup" =
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Bee Dance" = Bee Dance
" CMP Grade 8" = CMP Grade 8
" CMP Transformation Tool" = CMP Transformation Tool
" FunTools" = FunTools
" Image Analysis Tool" = Image Analysis Tool
" Statistics Tool" = Statistics Tool
" StatTools" = StatTools
" Stretching and Shrinking" = Stretching and Shrinking
"Cognitive Tutor" = Cognitive Tutor
"Google Chrome" = Google Chrome
"Teachers Toolkit" = Teachers Toolkit
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2010 8:22:45 PM | Computer Name = D1T1BT91 | Source = Application Error | ID = 1000
Description = Faulting application infrarecorder.exe, version 0.50.0.0, faulting
module infrarecorder.exe, version 0.50.0.0, fault address 0x00022076.

Error - 8/13/2010 12:46:33 AM | Computer Name = D1T1BT91 | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\M4561414.CAB.
Verify that the file exists and that you can access it.

Error - 8/14/2010 3:38:23 PM | Computer Name = D1T1BT91 | Source = ESENT | ID = 490
Description = svchost (1372) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 8/31/2010 1:00:24 AM | Computer Name = D1T1BT91 | Source = ESENT | ID = 490
Description = svchost (1376) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 8/31/2010 1:00:24 AM | Computer Name = D1T1BT91 | Source = ESENT | ID = 439
Description = Catalog Database (1376) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\edb.chk. Error -1032.

Error - 9/1/2010 2:11:52 PM | Computer Name = D1T1BT91 | Source = MsiInstaller | ID = 11704
Description = Product: Sophos Anti-Virus -- Error 1704.An installation for Microsoft
Office Professional Edition 2003 is currently suspended. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

Error - 9/12/2010 9:09:37 PM | Computer Name = D1T1BT91 | Source = Application Error | ID = 1000
Description = Faulting application wordconv.exe, version 12.0.6500.5000, faulting
module unknown, version 0.0.0.0, fault address 0x312576b7.

Error - 9/13/2010 2:52:05 PM | Computer Name = D1T1BT91 | Source = Google Update | ID = 20
Description =

Error - 9/23/2010 10:55:26 PM | Computer Name = D1T1BT91 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 9/29/2010 1:34:37 AM | Computer Name = D1T1BT91 | Source = SophosAntiVirus | ID = 327687
Description = An attempt to re-initialize configuration subsystem failed because
the service is shutting down.

[ System Events ]
Error - 9/30/2010 8:12:09 AM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL

Error - 9/30/2010 11:15:16 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ZipToA service to connect.

Error - 9/30/2010 11:15:16 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7000
Description = The ZipToA service failed to start due to the following error: %%1053

Error - 9/30/2010 11:15:16 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL

Error - 10/1/2010 8:26:05 AM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ZipToA service to connect.

Error - 10/1/2010 8:26:05 AM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7000
Description = The ZipToA service failed to start due to the following error: %%1053

Error - 10/1/2010 8:26:05 AM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL

Error - 10/1/2010 2:10:04 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ZipToA service to connect.

Error - 10/1/2010 2:10:04 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7000
Description = The ZipToA service failed to start due to the following error: %%1053

Error - 10/1/2010 2:10:04 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL


< End of report >

OTL logfile created on: 10/1/2010 12:41:33 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 2.31 Gb Free Space | 4.37% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 5.30 Gb Free Space | 28.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 148.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 908.87 Gb Free Space | 97.57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1T1BT91
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\James\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\NMSU\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\James\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Seagate Sync Service) -- C:\Program Files\Seagate\Sync\SeaSyncServices.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (CVPND) -- C:\Program Files\NMSU\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ZipToA) -- C:\WINDOWS\System32\ZipToA.exe (Iomega Corporation)


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (srescan) -- C:\WINDOWS\System32\ZoneLabs\srescan.sys File not found
DRV - (MPFIREWL) -- C:\WINDOWS\System32\Drivers\MpFirewall.sys File not found
DRV - (pxsec) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SBKUPNT) -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cli ... channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/foxit?o=101706&l=dis
IE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://search.yahoo.com/search?ei=UTF-8&fr=yff35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://lib.nmsu.edu/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2
FF - prefs.js..extensions.enabledItems: trackmenot@mrl.nyu.edu:0.6.721
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/26 11:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 21:45:17 | 000,000,000 | ---D | M]

[2008/08/01 21:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2010/09/30 21:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions
[2010/05/04 06:24:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/21 17:30:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/09/15 12:39:01 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/09/10 12:41:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/26 18:39:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/15 09:30:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/18 18:45:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/28 07:43:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/19 12:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\piclens@cooliris.com
[2010/06/19 12:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\piclens@cooliris.com-trash
[2010/04/04 11:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\trackmenot@mrl.nyu.edu
[2010/09/30 21:29:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 22:27:14 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2009/06/04 01:34:42 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No CLSID value found.
O3 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NMSU VPN Client.lnk = C:\Program Files\NMSU\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE (Iomega)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{01cffacf-10d5-11dd-95af-0016762c1bb9}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{01cffacf-10d5-11dd-95af-0016762c1bb9}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{01cffacf-10d5-11dd-95af-0016762c1bb9}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{01cffacf-10d5-11dd-95af-0016762c1bb9}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{0fd8cabc-53e8-11dc-948d-0016762c1bb9}\Shell - "" = AutoRun
O33 - MountPoints2\{0fd8cabc-53e8-11dc-948d-0016762c1bb9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fd8cabc-53e8-11dc-948d-0016762c1bb9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{890e7db4-1388-11df-9861-0016762c1bb9}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/01 12:40:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2010/09/28 12:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/28 12:30:28 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\James\Desktop\HJTInstall.exe
[2010/09/26 22:09:09 | 011,772,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\James\Desktop\windows-kb890830-v3.11.exe
[2010/09/26 17:18:48 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\James\Desktop\spybotsd162.exe
[2010/09/26 17:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\SUPERAntiSpyware.com
[2010/09/26 17:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/26 15:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/26 15:52:50 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\James\Desktop\SUPERAntiSpyware.exe
[2010/09/25 21:44:33 | 008,534,336 | ---- | C] (Mozilla) -- C:\Documents and Settings\James\Desktop\Firefox Setup 3.6.10.exe
[2010/09/25 20:09:21 | 000,787,000 | ---- | C] (Prevx) -- C:\Documents and Settings\James\Desktop\prevxcsifree.exe
[2010/09/24 21:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\New Folder (2)
[2010/09/21 23:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\camera
[2010/09/21 23:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\WMTools Downloaded Files
[2010/09/11 23:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2010/09/11 23:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\driver junk
[2010/04/30 22:35:06 | 003,249,480 | ---- | C] (Unity Technologies ApS) -- C:\Program Files\UnityWebPlayer.exe
[2010/01/11 13:52:54 | 000,564,064 | ---- | C] (Google Inc.) -- C:\Program Files\googleupdatesetup.exe
[2010/01/06 00:31:55 | 078,812,208 | ---- | C] (MakeMusic) -- C:\Program Files\FinReaderWin.exe
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1028 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/01 12:40:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2010/10/01 12:11:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 12:08:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/01 12:07:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/01 12:07:50 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/01 06:35:26 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\James\NTUSER.DAT
[2010/10/01 06:35:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\James\ntuser.ini
[2010/09/29 23:00:00 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Daily.job
[2010/09/29 16:24:39 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Damaged Wheelchair.doc
[2010/09/29 16:15:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/28 12:42:35 | 000,366,080 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Fake Anti-virus.doc
[2010/09/28 12:35:33 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Hijack this Log.doc
[2010/09/28 12:30:47 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\James\Desktop\HijackThis.lnk
[2010/09/28 12:30:29 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\James\Desktop\HJTInstall.exe
[2010/09/27 22:50:59 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\CONTACT WHIRLPOOL.doc
[2010/09/27 16:50:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/27 15:25:51 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Computer Reviews.doc
[2010/09/27 13:56:24 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\brother letter 2.doc
[2010/09/26 23:15:00 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James\My Documents\IBM on WPM Vulnerabilities.doc
[2010/09/26 23:14:22 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Report on Fake Antivirus program download.doc
[2010/09/26 22:48:14 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Fake Antivirus program download.doc
[2010/09/26 22:20:04 | 011,772,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\James\Desktop\windows-kb890830-v3.11.exe
[2010/09/26 18:37:41 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/26 18:37:41 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Spybot - Search & Destroy.lnk
[2010/09/26 17:20:27 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\James\Desktop\spybotsd162.exe
[2010/09/26 17:14:25 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/26 17:10:28 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3206230093-1823242880-2924292578-1006UA.job
[2010/09/26 17:10:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3206230093-1823242880-2924292578-1006Core.job
[2010/09/26 17:09:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/26 15:53:44 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\James\Desktop\SUPERAntiSpyware.exe
[2010/09/26 14:45:17 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\James\My Documents\System Restore incomplete.doc
[2010/09/26 14:45:17 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James\My Documents\~$stem Restore incomplete.doc
[2010/09/26 14:30:54 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ERROR--system could not be restored.doc
[2010/09/26 14:22:26 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ERROR--s.doc
[2010/09/26 13:57:33 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\James\My Documents\XP System Restore.doc
[2010/09/26 06:51:20 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/25 22:59:35 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Microsoft Security Bulletin MS10.doc
[2010/09/25 21:45:25 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/25 21:45:25 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/25 21:44:55 | 008,534,336 | ---- | M] (Mozilla) -- C:\Documents and Settings\James\Desktop\Firefox Setup 3.6.10.exe
[2010/09/25 21:17:35 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/25 21:17:24 | 000,526,814 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/25 21:17:24 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/25 21:17:24 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/25 20:57:40 | 000,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2010/09/25 20:57:40 | 000,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/09/25 20:57:38 | 000,000,174 | ---- | M] () -- C:\WINDOWS\WinInit.ini
[2010/09/25 20:09:21 | 000,787,000 | ---- | M] (Prevx) -- C:\Documents and Settings\James\Desktop\prevxcsifree.exe
[2010/09/24 23:47:23 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt6.doc
[2010/09/24 23:27:05 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Long friends3.doc
[2010/09/24 20:45:31 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\James\Application Data\evplay.prf
[2010/09/24 20:45:11 | 000,003,687 | ---- | M] () -- C:\Documents and Settings\James\Application Data\evpro32.prf
[2010/09/24 20:14:21 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Breckwell Pellet Stove.doc
[2010/09/24 15:33:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Home insurance 9-24-10.doc
[2010/09/23 23:36:26 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Long friends.doc
[2010/09/23 23:02:26 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt5.doc
[2010/09/23 22:40:14 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt4.doc
[2010/09/23 20:54:33 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt3.doc
[2010/09/23 20:53:07 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt2.doc
[2010/09/23 14:45:54 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt.doc
[2010/09/22 22:24:07 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\American Airlines Customer Relation1.doc
[2010/09/22 22:00:35 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\American Airlines Agreement.doc
[2010/09/22 16:33:58 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/22 14:59:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\flying dates and times.doc
[2010/09/22 14:56:35 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Buying tickets cheap.doc
[2010/09/22 14:47:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Foo 9-21-10.doc
[2010/09/22 14:07:21 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Home insurance 9-22-10.doc
[2010/09/22 11:27:28 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\American Airlines Customer Relations.doc
[2010/09/22 11:16:31 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\James\My Documents\American Airlines Ripoff.doc
[2010/09/21 23:39:30 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Formatting a Secondary Hard Drive.doc
[2010/09/21 23:17:04 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\James\My Documents\FDA cutting corners.doc
[2010/09/21 12:16:02 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Brother Corporate Headquarters.doc
[2010/09/18 14:07:13 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Foo 9-14-10.doc
[2010/09/17 13:49:48 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Office Max.doc
[2010/09/16 23:48:33 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\James\My Documents\HP Knowingly Selling Extremely Defective Pavilion Elite PCs.doc
[2010/09/16 23:48:11 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Super Snake.doc
[2010/09/16 23:37:04 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ZT Affinity 7391Mi Desktop PC.doc
[2010/09/16 23:20:15 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\James\My Documents\RESCUECOM reliability ratings see Apple jump from 3rd to 2nd.doc
[2010/09/16 23:15:06 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\James\My Documents\reliable computers.doc
[2010/09/16 18:51:14 | 001,189,888 | ---- | M] () -- C:\Documents and Settings\James\My Documents\New sports car Ratings.doc
[2010/09/16 14:21:45 | 000,068,768 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/16 14:20:43 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/09/16 14:20:43 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/09/16 13:47:42 | 000,438,272 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Walking to Caesarea.doc
[2010/09/15 11:58:51 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Disability Insurance Benefit Payments IRS.doc
[2010/09/15 11:58:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James\My Documents\~$sability Insurance Benefit Payments IRS.doc
[2010/09/14 22:43:42 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\James\My Documents\picasa downgrade.doc
[2010/09/14 18:07:41 | 000,000,806 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/14 15:16:13 | 000,003,874 | ---- | M] () -- C:\Documents and Settings\James\Application Data\SAS7_000.DAT
[2010/09/13 14:20:19 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Hello Donna.doc
[2010/09/13 13:49:53 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\James\My Documents\I regret to say that I did pull cigarettes out the garbage.doc
[2010/09/12 17:59:01 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Jan Fell.doc
[2010/09/11 22:20:42 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ownloaded the driver package version V5.doc
[2010/09/11 16:11:00 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Dear AA.doc
[2010/09/11 15:09:35 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James\My Documents\The airline has notified us of a change to your itinerary and they have.doc
[2010/09/09 17:38:11 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Dr Sierra Note 9-8-10.doc
[2010/09/09 16:08:42 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\A Summer of Hummingbirds.doc
[2010/09/09 16:08:38 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Lives like Loaded Guns.doc
[2010/09/09 16:08:33 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\James\My Documents\The Viking in the Wheat Field.doc
[2010/09/09 15:19:59 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Uncontrolled Risk.doc
[2010/09/09 14:56:53 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Confessions of a Buddhist atheist.doc
[2010/09/08 19:47:30 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Broken dishwasher.doc
[2010/09/08 18:01:55 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Dearborn income 2008.xls
[2010/09/08 17:57:19 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IRS letter Revised 9-8-10.doc
[2010/09/08 16:20:36 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Foo.doc
[2010/09/08 15:43:09 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\James\My Documents\More IRS.doc
[2010/09/08 15:08:25 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Hip Operation questions.doc
[2010/09/08 14:33:45 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Faubion note 9-8-10.doc
[2010/09/08 12:51:08 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Flight to FL.doc
[2010/09/07 21:25:25 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IRS letter.doc
[2010/09/07 15:03:41 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Barry Martin.doc
[2010/09/07 14:57:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Jackie Griffin NMSU Benefits Services.doc
[2010/09/06 23:23:19 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James\My Documents\todo 9-3-10.doc
[2010/09/06 23:22:08 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Lowes 7-23-10.doc
[2010/09/04 21:44:41 | 000,479,744 | ---- | M] () -- C:\Documents and Settings\James\My Documents\MASTRESSES.doc
[2010/09/04 17:54:37 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\James\My Documents\sears weedeaters.doc
[2010/09/01 18:12:57 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Tax liability For Long-Term Disability Insurance, 2008.doc
[2010/09/01 13:08:04 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ever to explain.doc
[1028 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/28 12:35:33 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Hijack this Log.doc
[2010/09/28 12:30:47 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\James\Desktop\HijackThis.lnk
[2010/09/27 15:21:09 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Computer Reviews.doc
[2010/09/27 13:56:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\brother letter 2.doc
[2010/09/26 23:14:21 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Report on Fake Antivirus program download.doc
[2010/09/26 23:13:07 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James\My Documents\IBM on WPM Vulnerabilities.doc
[2010/09/26 21:59:29 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Fake Antivirus program download.doc
[2010/09/26 21:26:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\CONTACT WHIRLPOOL.doc
[2010/09/26 18:37:41 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/26 18:37:41 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Spybot - Search & Destroy.lnk
[2010/09/26 17:14:25 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/26 14:45:17 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\James\My Documents\System Restore incomplete.doc
[2010/09/26 14:45:17 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James\My Documents\~$stem Restore incomplete.doc
[2010/09/26 14:22:42 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ERROR--system could not be restored.doc
[2010/09/26 14:22:26 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ERROR--s.doc
[2010/09/26 13:57:33 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\James\My Documents\XP System Restore.doc
[2010/09/25 22:45:33 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Microsoft Security Bulletin MS10.doc
[2010/09/25 21:45:25 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/25 21:45:25 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/25 21:17:18 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/25 20:37:37 | 000,366,080 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Fake Anti-virus.doc
[2010/09/24 23:18:20 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt6.doc
[2010/09/24 20:45:31 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\James\Application Data\evplay.prf
[2010/09/24 15:38:26 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Breckwell Pellet Stove.doc
[2010/09/24 15:28:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Home insurance 9-24-10.doc
[2010/09/23 23:36:39 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Long friends3.doc
[2010/09/23 22:42:02 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt5.doc
[2010/09/23 22:36:31 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt4.doc
[2010/09/23 20:54:33 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt3.doc
[2010/09/23 14:47:15 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt2.doc
[2010/09/23 12:12:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt.doc
[2010/09/22 22:24:06 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\American Airlines Customer Relation1.doc
[2010/09/22 22:00:35 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\American Airlines Agreement.doc
[2010/09/22 14:59:18 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\flying dates and times.doc
[2010/09/22 14:51:19 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Buying tickets cheap.doc
[2010/09/22 14:07:21 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Home insurance 9-22-10.doc
[2010/09/22 11:26:54 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\American Airlines Customer Relations.doc
[2010/09/21 23:30:06 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Formatting a Secondary Hard Drive.doc
[2010/09/21 19:59:37 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Foo 9-21-10.doc
[2010/09/21 19:44:01 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James\My Documents\FDA cutting corners.doc
[2010/09/21 11:43:21 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Long friends.doc
[2010/09/17 13:43:18 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Office Max.doc
[2010/09/16 23:48:11 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Super Snake.doc
[2010/09/16 23:37:04 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ZT Affinity 7391Mi Desktop PC.doc
[2010/09/16 23:20:14 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\James\My Documents\RESCUECOM reliability ratings see Apple jump from 3rd to 2nd.doc
[2010/09/16 23:14:02 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\James\My Documents\reliable computers.doc
[2010/09/16 22:21:47 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\James\My Documents\HP Knowingly Selling Extremely Defective Pavilion Elite PCs.doc
[2010/09/16 18:48:55 | 001,189,888 | ---- | C] () -- C:\Documents and Settings\James\My Documents\New sports car Ratings.doc
[2010/09/16 14:20:43 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/09/16 14:20:43 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/09/16 13:47:41 | 000,438,272 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Walking to Caesarea.doc
[2010/09/15 22:32:49 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Foo 9-14-10.doc
[2010/09/15 11:58:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James\My Documents\~$sability Insurance Benefit Payments IRS.doc
[2010/09/15 11:58:31 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Disability Insurance Benefit Payments IRS.doc
[2010/09/14 22:43:42 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\James\My Documents\picasa downgrade.doc
[2010/09/13 14:19:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Hello Donna.doc
[2010/09/13 13:23:31 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James\My Documents\I regret to say that I did pull cigarettes out the garbage.doc
[2010/09/12 17:32:05 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Jan Fell.doc
[2010/09/11 22:20:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ownloaded the driver package version V5.doc
[2010/09/11 17:47:53 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Brother Corporate Headquarters.doc
[2010/09/11 15:09:35 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\James\My Documents\The airline has notified us of a change to your itinerary and they have.doc
[2010/09/09 16:01:27 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\James\My Documents\The Viking in the Wheat Field.doc
[2010/09/09 15:27:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Lives like Loaded Guns.doc
[2010/09/09 15:25:24 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\A Summer of Hummingbirds.doc
[2010/09/09 15:04:14 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Uncontrolled Risk.doc
[2010/09/08 19:46:42 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Broken dishwasher.doc
[2010/09/08 17:47:38 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IRS letter Revised 9-8-10.doc
[2010/09/08 15:27:11 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James\My Documents\More IRS.doc
[2010/09/08 15:09:01 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Dr Sierra Note 9-8-10.doc
[2010/09/08 14:30:27 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Faubion note 9-8-10.doc
[2010/09/08 12:51:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Flight to FL.doc
[2010/09/07 20:46:51 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IRS letter.doc
[2010/09/06 17:49:53 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Confessions of a Buddhist atheist.doc
[2010/09/06 17:44:13 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Foo.doc
[2010/09/04 17:53:46 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\James\My Documents\sears weedeaters.doc
[2010/09/03 22:23:13 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Barry Martin.doc
[2010/09/03 13:25:56 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James\My Documents\todo 9-3-10.doc
[2010/09/02 15:08:21 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Damaged Wheelchair.doc
[2010/09/01 18:55:02 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Dearborn income 2008.xls
[2010/09/01 17:53:06 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Jackie Griffin NMSU Benefits Services.doc
[2010/09/01 17:44:37 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Tax liability For Long-Term Disability Insurance, 2008.doc
[2010/09/01 12:52:51 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ever to explain.doc
[2010/07/20 17:13:40 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/07/20 17:13:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/07/20 17:13:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/25 13:02:54 | 000,000,182 | ---- | C] () -- C:\WINDOWS\dgnsetup.ini
[2010/05/15 21:11:05 | 000,000,172 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2010/02/21 14:48:51 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2010/02/21 14:48:50 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2010/02/21 14:48:47 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2010/02/21 14:48:10 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/07/23 13:27:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/23 13:25:03 | 000,000,811 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/07/23 13:25:03 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/07/23 13:24:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/07/23 13:24:10 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/07/23 13:24:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/07/23 13:13:08 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/10/13 22:37:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\James\Application Data\PFP120JPR.{PB
[2008/10/13 22:37:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\James\Application Data\PFP120JCM.{PB
[2008/10/10 05:13:57 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2008/09/29 21:17:34 | 000,014,721 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/17 22:39:54 | 000,001,102 | ---- | C] () -- C:\Documents and Settings\James\Application Data\.googlewebacchosts
[2007/08/29 11:22:40 | 000,003,874 | ---- | C] () -- C:\Documents and Settings\James\Application Data\SAS7_000.DAT
[2007/08/29 10:55:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/08/16 22:07:45 | 000,139,288 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/31 23:56:14 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\127F6BE765.sys
[2007/01/27 18:40:01 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\James\Application Data\dvd.bmk
[2006/12/18 14:53:04 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/18 14:53:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/30 21:12:25 | 000,003,687 | ---- | C] () -- C:\Documents and Settings\James\Application Data\evpro32.prf
[2006/05/23 11:09:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2006/05/20 18:35:15 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/13 19:24:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/04/27 20:13:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/27 11:29:37 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/27 11:29:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\65E76B7F12.sys
[2006/04/22 15:15:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/17 08:20:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/17 08:14:37 | 000,000,174 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2006/04/17 08:08:12 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/17 07:42:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/04/17 07:41:58 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:51:23 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003130_.tmp.dll
[2004/08/10 11:51:10 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003162_.tmp.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Alcidamas
Active Member
 
Posts: 3
Joined: September 28th, 2010, 2:38 pm

Re: malware installed by getsoftprotection20.co.cc

Unread postby Alcidamas » October 1st, 2010, 6:47 pm

Hi Peku006--
Thanks again.

This is the GMER printout. I think the "abnormal termination" is because I stopped it and then closed Mozilla, then restarted it. Let me know if you need it done again.

Thanks,

James


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-01 16:41:45
Windows 5.1.2600 Service Pack 3
Running: 74tdgkmn.exe; Driver: C:\DOCUME~1\James\LOCALS~1\Temp\uwloapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB1E52534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB1E4C782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB1E6B6DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB1E52CC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB1E65EB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB1E662A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB1E6F916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB1E52DF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB1E4D398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB1E6CFE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB1E6C93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB1E64DF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB1E6D93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB1E6DB44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB1E4CFAA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB1E681CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB1E67DF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB1E6E8D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB1E6E208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB1E520F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB1E6F2A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB1E527DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB1E4D75C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB1E6EE12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB1E6C0C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB1E66F0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB1E66C86]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [C0, 2C, E5, B1, B4, 5E, E6, ...]
.text ntoskrnl.exe!_abnormal_termination + 21C 804E2888 1 Byte [AA]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 8 Bytes CALL 6256DBA3
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xBA2BFF80]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B1E57672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B1E574C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B1E57CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B1E55C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B1E55C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B1E57672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B1E574C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B1E57CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B1E57672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B1E55C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B1E57CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B1E574C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B1E57CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B1E574C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B1E57672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B1E55C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B1E57672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B1E574C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B1E57CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B1E353C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B1E57672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B1E55C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B1E57CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B1E574C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B1E4E2AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B1E4E60C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B1E4DD40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B1E4E41C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C370] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C370] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A54480] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54970] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A54930] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A526B0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C370] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\NMSU\VPN Client\cvpnd.exe[1716] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat B0A06D20
Device \FileSystem\Fastfat \Fat B09FF60A

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
Alcidamas
Active Member
 
Posts: 3
Joined: September 28th, 2010, 2:38 pm

Re: malware installed by getsoftprotection20.co.cc

Unread postby peku006 » October 2nd, 2010, 3:30 am

Hi James

do not see anything suspicious.......
Have you tried to uninstall WMP in Safe Mode

How to uninstall Windows Media Player 11 in Windows XP

Readme for Windows Media Player 11

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: malware installed by getsoftprotection20.co.cc

Unread postby muppy03 » October 5th, 2010, 6:57 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum, include a fresh HijackThis log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware