OTL logfile created on: 5/9/2010 8:06:48 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\(***edited to replace name***)\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 498.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 359.05 Gb Free Space | 77.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 6.92 Gb Free Space | 9.29% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 7.70 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MCCORMICKSERVER
Current User Name: (***edited to replace name***)
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ========== PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\iPod Access for Windows\iPAHelper.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SMServer)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (iPAHelper.exe) -- C:\Program Files\iPod Access for Windows\iPAHelper.exe ()
========== Driver Services (SafeList) ========== DRV - (atapi) -- C:\WINDOWS\system32\drivers\tsk4F.tmp (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100331.034\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100331.034\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1105000.07F\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMTDI.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (MusCVideo) -- C:\WINDOWS\system32\drivers\MusCVideo.sys (Windows (R) 2000 DDK provider)
DRV - (MusCAudio) -- C:\WINDOWS\system32\drivers\MusCAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ArcCD) -- C:\WINDOWS\system32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (ArcUdfs) -- C:\WINDOWS\system32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\Aspi32.sys (Adaptec)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009/05/24 12:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\ [2010/02/12 12:52:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/28 09:50:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/05 20:35:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/05 20:35:41 | 000,000,000 | ---D | M]
[2008/10/15 20:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Extensions
[2010/05/09 20:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions
[2010/01/21 17:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/07/01 16:00:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/29 19:02:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Mozilla\Firefox\Profiles\qw7fmekr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/05 20:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 18:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/02 18:47:27 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}-trash
[2009/11/24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
O1 HOSTS File: ([2010/04/24 06:32:04 | 000,290,117 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.123topsearch.comO1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1
www.132.comO1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1
www.136136.netO1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1
www.163ns.comO1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9993 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E}
http://www.nvidia.com/content/DriverDow ... eqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}
https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://tradepressevents.webex.com/clie ... eatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 18:57:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{197e51ff-4668-11df-bc44-000feaff05f4}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{197e51ff-4668-11df-bc44-000feaff05f4}\Shell\Install\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell - "" = AutoRun
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95eced93-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{95eced94-4bcc-11de-bbe1-000feaff05f4}\Shell\AutoRun\command - "" = J:\Amy.pps -- File not found
O33 - MountPoints2\{d39e6bae-055e-11df-bc31-000feaff05f4}\Shell\AutoRun\command - "" = J:\MI.exe -- File not found
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d39e6bb6-055e-11df-bc31-000feaff05f4}\Shell\AutoRun\command - "" = I:\MI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/21 18:57:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
========== Files/Folders - Created Within 90 Days ========== [2010/05/09 19:58:17 | 000,036,488 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/05/06 14:02:34 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe
[2010/05/05 21:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/05 21:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\SUPERAntiSpyware.com
[2010/05/05 21:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/02 18:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/30 21:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/30 21:25:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\(***edited to replace name***)\Recent
[2010/04/30 21:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/29 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/29 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/29 21:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\tuning sine wavs
[2010/04/29 18:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Updater5
[2010/04/29 18:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/04/29 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/28 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/28 09:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/04/28 09:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/24 06:46:50 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\mbam-setup.exe
[2010/04/23 20:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/04/17 23:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/04/17 20:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/17 20:08:12 | 000,134,912 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys
[2010/04/17 20:08:12 | 000,036,224 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcCD.sys
[2010/04/17 20:08:12 | 000,007,680 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcRec.sys
[2010/04/14 10:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Desktop\2006 December
[2010/04/08 22:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/07 09:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/07 09:25:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/04 12:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Nero
[2010/04/04 07:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/04/04 07:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/04/04 07:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/04/03 18:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/03 10:24:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\FONTS
[2010/04/03 09:56:25 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp
[2010/04/03 09:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/03/30 20:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/24 21:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\skypePM
[2010/03/24 21:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Skype
[2010/03/24 21:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/22 10:43:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\TDSSKiller.exe
[2010/03/08 12:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/07 08:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Cucusoft
[2010/03/07 08:30:59 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010/03/07 08:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\Cucusoft
[2010/02/25 21:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\AM Pro
[2010/02/25 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\GlobalSCAPE
[2010/02/25 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\GlobalSCAPE
[2010/02/25 15:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/02/25 15:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Kindermusik Website
[2010/02/25 15:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2010/02/23 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/02/19 14:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 14:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 14:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 14:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/07/21 21:32:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 90 Days ========== [2010/05/09 19:58:17 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/05/09 19:57:10 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\NTUSER.DAT
[2010/05/09 19:56:49 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CKScanner.exe
[2010/05/09 19:56:14 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\tdsskiller.zip
[2010/05/09 19:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/09 14:26:40 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for (***edited to replace name***).job
[2010/05/08 23:48:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/08 21:52:19 | 000,061,238 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2010/05/08 21:51:13 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/08 21:51:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/05/08 21:50:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/08 21:33:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/08 21:33:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 06:37:40 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/07 06:37:40 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/07 06:37:40 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/07 06:37:40 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx
[2010/05/07 06:37:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/07 06:37:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/07 06:37:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2010/05/07 06:37:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-100A1102}.dat
[2010/05/07 06:35:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\(***edited to replace name***)\ntuser.ini
[2010/05/06 21:44:42 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Graduation list.xls
[2010/05/06 20:37:18 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Carrie Lynn McCormick Successful Vaults.xls
[2010/05/06 20:32:52 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Excel 2003.lnk
[2010/05/06 15:45:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/06 14:02:59 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\yj4mz0op.exe
[2010/05/06 14:02:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\OTL.exe
[2010/05/05 21:44:44 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/05 21:32:45 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/05/05 21:16:57 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Access 2003.lnk
[2010/05/05 20:35:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/05 13:49:59 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xla
[2010/05/05 13:49:17 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xls
[2010/05/04 21:30:22 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/05/04 21:27:43 | 000,512,642 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 21:27:43 | 000,435,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/04 21:27:43 | 000,068,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/04 21:27:14 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 18:28:48 | 000,232,968 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/02 18:22:54 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\HijackThis.lnk
[2010/04/30 21:24:45 | 000,192,724 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cc_20100430_212433.reg
[2010/04/30 21:22:12 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CCleaner.lnk
[2010/04/30 07:49:34 | 000,001,010 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 21:35:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/29 21:35:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/29 20:02:22 | 000,015,493 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws.pdf
[2010/04/29 19:59:28 | 000,009,021 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.doc
[2010/04/29 18:49:58 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/04/29 18:17:46 | 000,700,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/29 17:46:29 | 000,024,818 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.pdf
[2010/04/28 10:40:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/28 09:50:24 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/28 09:46:04 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/28 09:42:13 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/25 20:27:35 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\G-Force Vault Club Membership Packet.doc
[2010/04/25 20:27:04 | 000,083,780 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Tax Exempt.PDF
[2010/04/25 08:38:10 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Anti Gravity Pole Vault Club Bylaws.doc
[2010/04/25 08:36:26 | 001,529,292 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\PPVC_ABOUT_Membership.pdf
[2010/04/25 08:34:38 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Falmouth Track Club.doc
[2010/04/25 08:33:23 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\CTC Bylaws.doc
[2010/04/25 08:33:09 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Wisconsin Track Club.doc
[2010/04/25 08:32:45 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws of the New Orleans Track Club.doc
[2010/04/25 08:32:36 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Squannacook Club Charter.doc
[2010/04/24 22:18:12 | 000,002,880 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/24 22:17:57 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CorelDRAW 12.lnk
[2010/04/24 16:27:15 | 000,054,706 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea.jpg
[2010/04/24 13:46:40 | 000,371,492 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 144.jpg
[2010/04/24 13:46:25 | 000,023,440 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 145.jpg
[2010/04/24 13:45:33 | 000,385,991 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 143.jpg
[2010/04/24 09:13:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office Word 2003.lnk
[2010/04/24 09:11:21 | 000,040,648 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Piano.jpg
[2010/04/24 09:10:29 | 000,025,540 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Formal.jpg
[2010/04/24 09:08:55 | 000,025,999 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Casual1.jpg
[2010/04/24 09:05:58 | 000,056,202 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Tree.jpg
[2010/04/24 09:03:54 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Paint Shop Pro 7.lnk
[2010/04/24 08:57:49 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/04/24 08:51:30 | 000,643,292 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\Cat.DB
[2010/04/24 06:47:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 06:39:38 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\mbam-setup.exe
[2010/04/24 06:32:19 | 000,005,108 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/23 22:04:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/23 22:04:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/23 20:52:56 | 001,826,200 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix.zip
[2010/04/21 14:42:20 | 000,195,012 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cat56-718.pdf
[2010/04/21 14:34:43 | 000,138,447 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0876.jpg
[2010/04/20 17:29:03 | 000,729,176 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0875.jpg
[2010/04/20 17:22:14 | 000,841,596 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0874.jpg
[2010/04/20 10:08:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FaxMan
[2010/04/17 23:24:15 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/04/17 23:24:12 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/04/17 20:29:45 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\DivX Movies.lnk
[2010/04/17 20:29:05 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/04/17 20:28:36 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/17 20:09:24 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2010/04/17 13:19:45 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\mswk15.doc
[2010/04/17 08:23:12 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole and Flex.xls
[2010/04/15 21:49:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 09:39:35 | 000,065,475 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\UHC Insurance Card Copy.jpg
[2010/04/14 21:05:21 | 000,205,824 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 10:06:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/14 10:05:00 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\default.rss
[2010/04/13 20:54:48 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\TurboTax 2009.lnk
[2010/04/13 18:27:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/13 17:54:19 | 000,004,422 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2009 United Healthcare.csv
[2010/04/12 13:44:24 | 040,673,792 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.pps
[2010/04/12 13:44:06 | 040,729,600 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.ppt
[2010/04/12 13:02:06 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/07 09:25:14 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/04 07:54:26 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/04/04 07:41:46 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2010/04/04 07:17:15 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\inst.exe
[2010/04/04 07:17:14 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\(***edited to replace name***)\Application Data\pcouffin.sys
[2010/04/04 07:17:14 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\pcouffin.cat
[2010/04/04 07:17:14 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\pcouffin.inf
[2010/04/03 18:59:02 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 16:02:00 | 000,120,520 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2010/04/03 10:31:26 | 000,050,015 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Experiencing God.jpg
[2010/04/03 09:55:18 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/03 09:54:49 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2010/04/03 08:52:13 | 003,375,239 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-100A1102}.CDF
[2010/04/02 21:24:51 | 783,409,478 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Image.nrg
[2010/04/02 21:21:52 | 000,003,080 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\CDBIDXL.DAT
[2010/04/02 21:21:52 | 000,002,056 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\TDBIDXL.DAT
[2010/04/02 20:13:51 | 000,021,857 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Audio1.nra
[2010/03/31 10:44:22 | 000,199,304 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\ExGod.jpg
[2010/03/30 20:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/26 20:15:54 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\isolate.ini
[2010/03/26 13:52:03 | 000,011,213 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Carl.gif
[2010/03/26 13:50:30 | 000,003,442 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\nophoto.gif
[2010/03/26 13:16:14 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Corel PHOTO-PAINT 12.lnk
[2010/03/26 13:14:57 | 000,183,292 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Robin2.jpg
[2010/03/26 13:14:42 | 000,153,211 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\bin1.jpg
[2010/03/24 21:34:26 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\(***edited to replace name***)\Desktop\TDSSKiller.exe
[2010/03/08 12:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/08 11:58:00 | 001,293,270 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\FPP Invoice #77 - Jackson to Kissimmee.pdf
[2010/03/08 11:58:00 | 000,688,156 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick Credit Authorization Form.pdf
[2010/03/08 11:58:00 | 000,302,243 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\March 15 Kissimmee to Jackson.pdf
[2010/03/08 11:58:00 | 000,302,142 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\March 9 Jackson to Kissimmee.pdf
[2010/03/07 16:09:21 | 003,226,659 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\DisneyTFShowcaseSchedule2010.pdf
[2010/03/07 08:31:02 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\Cucusoft iPod Video Converter Suite.lnk
[2010/03/05 19:58:00 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Super1Schedule2010.doc
[2010/03/04 11:24:25 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole Vault Information.xls
[2010/03/04 10:10:58 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole List.xls
[2010/03/02 21:00:49 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Old-to-Young.xls
[2010/03/01 22:32:06 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.cat
[2010/03/01 22:32:06 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.cat
[2010/03/01 16:04:54 | 000,012,816 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick 11-100.xlsx
[2010/03/01 15:36:54 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\MailList.xls
[2010/03/01 15:22:11 | 000,012,791 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick 11-110.xlsx
[2010/02/26 21:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\ironx86.sys
[2010/02/26 21:23:54 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\iron.cat
[2010/02/26 21:23:54 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\iron.inf
[2010/02/26 21:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.sys
[2010/02/26 21:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.sys
[2010/02/26 21:23:21 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.inf
[2010/02/26 21:23:21 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.inf
[2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.sys
[2010/02/25 15:18:26 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CuteFTP 8 Home.lnk
[2010/02/25 12:54:56 | 000,007,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.cat
[2010/02/23 09:55:27 | 000,060,744 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\g2mdlhlpx.exe
[2010/02/19 14:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 14:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 14:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 14:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010/02/14 17:35:01 | 000,019,961 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Mormal Female.jpg
[2010/02/14 17:33:06 | 000,020,084 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Trisomy 21.jpg
[2010/02/14 17:32:36 | 000,020,330 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Normal Female.jpg
[2010/02/14 17:32:11 | 000,020,330 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\trisomy21.jpg
[2010/02/14 17:28:32 | 000,028,767 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\fs32-2-2.gif
[2010/02/12 20:29:52 | 000,023,945 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Klinefelter.jpg
[2010/02/12 20:25:20 | 000,029,202 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\fs32-2.gif
[2010/02/12 20:22:18 | 000,025,020 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\800px-45,X.jpg
[2010/02/12 20:21:37 | 000,203,881 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\768px-Human_chromosomesXXY01.png
[2010/02/12 20:20:44 | 000,104,783 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Down_syndrome_translocation.png
[2010/02/12 20:20:34 | 000,104,034 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Down_Syndrome_Karyotype.png
[2010/02/12 20:20:19 | 000,096,451 | ---- | M] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Karyotype.png
[2010/02/12 12:45:24 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/02/12 12:44:55 | 000,643,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\Cat.DB
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/05/09 19:56:45 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CKScanner.exe
[2010/05/09 19:56:13 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\tdsskiller.zip
[2010/05/06 20:41:01 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Graduation list.xls
[2010/05/06 14:02:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\yj4mz0op.exe
[2010/05/05 21:44:44 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/05 21:32:45 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/05/05 20:35:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/05 13:49:58 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xla
[2010/05/05 13:49:17 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\InchCalc.xls
[2010/05/04 21:26:32 | 000,004,507 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/02 18:22:54 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\HijackThis.lnk
[2010/04/30 21:24:36 | 000,192,724 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cc_20100430_212433.reg
[2010/04/30 21:22:12 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\CCleaner.lnk
[2010/04/29 21:35:49 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/29 21:35:49 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/29 20:02:22 | 000,015,493 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws.pdf
[2010/04/29 19:59:24 | 000,009,021 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.doc
[2010/04/29 18:03:33 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/04/29 17:46:19 | 000,024,818 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\AGPVC_Bylaws_Waiver_Appl_rev031410.pdf
[2010/04/28 09:50:30 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/04/28 09:50:29 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1202660629-682003330-1003.job
[2010/04/28 09:50:24 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/28 09:46:02 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/25 20:27:03 | 000,083,780 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Tax Exempt.PDF
[2010/04/25 20:18:00 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\G-Force Vault Club Membership Packet.doc
[2010/04/25 08:38:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Anti Gravity Pole Vault Club Bylaws.doc
[2010/04/25 08:36:23 | 001,529,292 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\PPVC_ABOUT_Membership.pdf
[2010/04/25 08:34:38 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Falmouth Track Club.doc
[2010/04/25 08:33:23 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\CTC Bylaws.doc
[2010/04/25 08:33:08 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\BYLAWS - Wisconsin Track Club.doc
[2010/04/25 08:32:45 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bylaws of the New Orleans Track Club.doc
[2010/04/25 08:32:35 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Squannacook Club Charter.doc
[2010/04/24 16:24:59 | 000,054,706 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea.jpg
[2010/04/24 13:44:00 | 000,385,991 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 143.jpg
[2010/04/24 13:44:00 | 000,371,492 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 144.jpg
[2010/04/24 13:44:00 | 000,023,440 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\download folder 145.jpg
[2010/04/24 09:10:29 | 000,025,540 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Formal.jpg
[2010/04/24 09:08:55 | 000,025,999 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Casual1.jpg
[2010/04/24 09:07:12 | 000,040,648 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Piano.jpg
[2010/04/24 09:05:58 | 000,056,202 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Bea-Tree.jpg
[2010/04/23 21:51:18 | 000,005,108 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/23 20:58:24 | 001,826,200 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Desktop\SmitfraudFix.zip
[2010/04/21 14:42:20 | 000,195,012 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\cat56-718.pdf
[2010/04/21 14:30:55 | 000,138,447 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0876.jpg
[2010/04/20 17:29:03 | 000,729,176 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0875.jpg
[2010/04/20 17:22:14 | 000,841,596 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\IMG_0874.jpg
[2010/04/17 23:24:18 | 000,000,492 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for (***edited to replace name***).job
[2010/04/17 23:24:15 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/04/17 23:24:12 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/04/17 20:29:05 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/04/17 20:28:35 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/17 13:19:44 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\mswk15.doc
[2010/04/15 09:39:35 | 000,065,475 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\UHC Insurance Card Copy.jpg
[2010/04/14 10:05:00 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\Application Data\default.rss
[2010/04/14 10:01:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/13 17:54:19 | 000,004,422 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2009 United Healthcare.csv
[2010/04/12 13:44:23 | 040,673,792 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.pps
[2010/04/12 13:37:57 | 040,729,600 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\2010 Graduates.ppt
[2010/04/09 10:33:28 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole and Flex.xls
[2010/04/07 09:25:14 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/04 07:54:26 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/04/03 18:59:02 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 10:31:16 | 000,050,015 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Experiencing God.jpg
[2010/04/03 09:55:18 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/03 09:54:49 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2010/04/02 20:13:51 | 000,021,857 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Audio1.nra
[2010/03/31 10:44:22 | 000,199,304 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\ExGod.jpg
[2010/03/26 13:52:03 | 000,011,213 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Carl.gif
[2010/03/26 13:50:29 | 000,003,442 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\nophoto.gif
[2010/03/26 13:14:57 | 000,183,292 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Robin2.jpg
[2010/03/26 13:14:41 | 000,153,211 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\bin1.jpg
[2010/03/24 21:34:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/08 11:58:00 | 001,293,270 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\FPP Invoice #77 - Jackson to Kissimmee.pdf
[2010/03/08 11:58:00 | 000,688,156 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick Credit Authorization Form.pdf
[2010/03/08 11:58:00 | 000,302,243 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\March 15 Kissimmee to Jackson.pdf
[2010/03/08 11:58:00 | 000,302,142 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\March 9 Jackson to Kissimmee.pdf
[2010/03/07 16:09:14 | 003,226,659 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\DisneyTFShowcaseSchedule2010.pdf
[2010/03/07 08:30:59 | 000,094,854 | ---- | C] () -- C:\WINDOWS\System32\HKCU_GNU.reg
[2010/03/07 08:30:59 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2010/03/07 08:30:59 | 000,002,004 | ---- | C] () -- C:\WINDOWS\System32\HKLM_GNU.reg
[2010/03/07 08:30:59 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/03/05 19:58:24 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Super1Schedule2010.doc
[2010/03/04 11:13:25 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Carrie Lynn McCormick Successful Vaults.xls
[2010/03/04 10:10:58 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole List.xls
[2010/03/01 15:41:02 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Old-to-Young.xls
[2010/03/01 15:30:37 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\MailList.xls
[2010/03/01 15:20:48 | 000,012,791 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick 11-110.xlsx
[2010/03/01 15:20:38 | 000,012,816 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\McCormick 11-100.xlsx
[2010/02/25 15:18:26 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CuteFTP 8 Home.lnk
[2010/02/23 10:25:15 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Pole Vault Information.xls
[2010/02/23 09:55:26 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\g2mdlhlpx.exe
[2010/02/14 17:35:01 | 000,019,961 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Mormal Female.jpg
[2010/02/14 17:33:06 | 000,020,084 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Trisomy 21.jpg
[2010/02/14 17:32:36 | 000,020,330 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Normal Female.jpg
[2010/02/14 17:28:32 | 000,028,767 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\fs32-2-2.gif
[2010/02/12 20:29:52 | 000,023,945 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\Klinefelter.jpg
[2010/02/12 20:25:20 | 000,029,202 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\fs32-2.gif
[2010/02/12 20:24:57 | 000,020,330 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\trisomy21.jpg
[2010/02/12 20:22:17 | 000,025,020 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\800px-45,X.jpg
[2010/02/12 20:21:37 | 000,203,881 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\768px-Human_chromosomesXXY01.png
[2010/02/12 20:20:44 | 000,104,783 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Down_syndrome_translocation.png
[2010/02/12 20:20:33 | 000,104,034 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Down_Syndrome_Karyotype.png
[2010/02/12 20:20:18 | 000,096,451 | ---- | C] () -- C:\Documents and Settings\(***edited to replace name***)\My Documents\557px-Karyotype.png
[2009/12/31 10:55:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/07/14 08:24:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/04/08 12:56:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acmmzxr.dll
[2009/04/01 09:29:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/02/27 22:40:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/07 15:01:58 | 000,000,432 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/10 13:25:03 | 000,000,013 | ---- | C] () -- C:\WINDOWS\acmmzx.dll
[2008/11/10 13:31:49 | 000,004,296 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_Zune.ini
[2008/11/10 13:31:49 | 000,002,175 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_iPhone.ini
[2008/11/10 13:31:49 | 000,001,739 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_AppleTV.ini
[2008/11/10 13:31:49 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\BEST_Add_mfra.ini
[2008/11/10 13:31:48 | 000,015,266 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_3GP.ini
[2008/11/10 13:31:48 | 000,006,503 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PSP.ini
[2008/11/10 13:31:48 | 000,003,057 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_iPod.ini
[2008/11/10 13:31:48 | 000,002,956 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PMP.ini
[2008/11/10 13:31:48 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_PPC.ini
[2008/11/10 13:31:48 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP2_QVGA_AAC.ini
[2008/11/10 13:31:48 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP2_QCIF_AAC.ini
[2008/11/10 13:31:48 | 000,001,878 | ---- | C] () -- C:\WINDOWS\System32\BEST_Pro_Xbox.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QVGA_AAC.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QCIF_AMR.ini
[2008/11/10 13:31:48 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QCIF_AAC.ini
[2008/11/10 13:31:47 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\BEST_QT_3GPP_QVGA_AMR.ini
[2008/10/13 10:04:46 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/05 10:08:14 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/09/05 10:08:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/09/05 10:08:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/09/05 10:08:11 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/08/05 17:11:37 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/07/29 20:43:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/07/29 20:37:16 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/29 20:37:01 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\coodest.dll
[2008/07/29 20:34:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/07/29 20:34:55 | 000,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2008/07/29 20:34:55 | 000,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2008/07/29 20:34:55 | 000,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2008/07/29 20:34:55 | 000,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2008/07/29 20:34:55 | 000,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/07/29 20:34:55 | 000,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2008/07/29 20:34:55 | 000,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2008/07/29 20:34:55 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2008/07/29 20:34:55 | 000,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2008/07/29 20:34:55 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2008/07/29 20:34:55 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2008/07/29 20:34:55 | 000,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2008/07/29 20:34:55 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2008/07/29 20:34:55 | 000,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2008/07/29 20:34:55 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2008/07/29 20:34:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/07/29 20:29:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/07/29 20:29:21 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/29 20:29:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/28 15:15:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\atm.ini
[2008/07/24 16:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PRNTPARM.DLL
[2008/07/24 16:58:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmparm.dll
[2008/07/24 16:58:29 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ClassXps.dll
[2008/07/24 13:24:56 | 000,002,880 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/22 18:47:15 | 000,000,058 | ---- | C] () -- C:\WINDOWS\CTACD.INI
[2008/07/22 16:06:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2008/07/22 15:57:25 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2008/07/22 15:56:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2008/07/22 15:56:25 | 000,000,902 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/07/22 14:11:44 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/07/22 14:11:28 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/07/22 11:44:40 | 000,000,201 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008/07/22 11:44:37 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx7383.ini
[2008/07/22 11:44:36 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\sp3.dll
[2008/07/22 11:44:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx20.ini
[2008/07/22 11:44:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini
[2008/07/22 11:44:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\wutil.dll
[2008/07/21 21:33:55 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/07/21 21:33:15 | 000,035,972 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/07/21 21:33:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/07/21 21:32:42 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/07/21 21:32:42 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/07/21 21:31:21 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/07/21 20:49:08 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/07/21 20:11:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/21 20:11:18 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/21 19:32:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/18 14:59:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/09/17 13:59:45 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\sfarkxt.dll
[2004/09/17 13:59:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\SFARKL.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[1996/09/17 08:37:06 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL
========== LOP Check ========== [2008/10/13 16:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad Muncher
[2008/08/14 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Findley Designs
[2009/02/07 12:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/02/25 15:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2008/08/05 18:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/07/28 16:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2009/05/19 20:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/11 20:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/07/25 09:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Purple Ghost Software, Inc
[2009/05/24 13:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/07/22 17:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/08 22:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/24 08:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneClone
[2008/07/24 13:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/20 17:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/03/12 20:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 22:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 17:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 21:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/08 10:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\AMPSoft
[2008/08/15 20:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\BitSpirit
[2008/07/30 07:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/07/29 16:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\FLVPlayer4Free
[2009/08/08 11:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\FontCreator
[2009/08/08 10:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Free&Easy Font Viewer
[2010/01/21 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\GARMIN
[2010/02/25 15:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\GlobalSCAPE
[2008/07/28 20:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\LimeWire
[2008/11/10 13:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Moyea
[2008/08/05 17:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Obsidium
[2008/07/25 09:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Purple Ghost Software, Inc
[2008/07/22 17:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\ScanSoft
[2008/09/25 15:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\TypingMaster7
[2010/04/04 07:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\Vso
[2009/06/25 12:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\(***edited to replace name***)\Application Data\WebEx
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2005/04/13 17:27:06 | 014,876,672 | ---- | M] (Native Instruments GmbH) -- C:\Registration Tool.exe
[2001/11/05 08:30:50 | 000,165,376 | ---- | M] () -- C:\UNWISE.EXE
< MD5 for: AGP440.SYS >[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/30 16:45:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/30 16:45:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 18:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS
< MD5 for: ATAPI.SYS >[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/30 16:45:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/30 16:45:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles >[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
< %systemroot%\System32\config\*.sav >[2008/07/21 12:21:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/21 12:21:21 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/21 12:21:21 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >