Thank you for looking into this:
Here is the OTL Log:
OTL logfile created on: 12/15/2011 6:48:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 78.15% Memory free
4.85 Gb Paging File | 4.24 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 45.70 Gb Free Space | 61.31% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 64.32 Gb Free Space | 87.82% Space Free | Partition Type: NTFS
Computer Name: DADSAREA | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Dad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lock Folder XP\LFService.exe ()
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe (Acunetix Ltd.)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
========== Modules (No Company Name) ========== MOD - C:\Program Files\Spamihilator\zlib1.dll ()
MOD - C:\Program Files\Spamihilator\sqlite3.dll ()
MOD - C:\Program Files\Lock Folder XP\LFService.exe ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
========== Win32 Services (SafeList) ========== SRV - (vsmon) -- File not found
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AcuWVSSchedulerv7) -- C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe (Acunetix Ltd.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ========== DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (LFSys) -- C:\WINDOWS\system32\drivers\lf30xp.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys ()
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.59.252.190:80
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.59.252.190:80
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKU\S-1-5-21-1078081533-813497703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems:
acunetixwebscanner@attila.gerendi:1.0.44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..network.proxy.backup.ftp: "121.10.120.214"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "121.10.120.214"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "121.10.120.214"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "121.10.120.214"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "193.116.157.195"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "193.116.157.195"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "193.116.157.195"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "193.116.157.195"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "193.116.157.195"
FF - prefs.js..network.proxy.ssl_port: 80
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/07/24 18:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 21:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/19 19:52:31 | 000,000,000 | ---D | M]
[2008/11/19 21:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2011/12/12 21:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\5jk7z0zs.default\extensions
[2010/03/01 18:24:15 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\5jk7z0zs.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/12/06 17:20:48 | 000,000,000 | ---D | M] (Acunetix Web Scanner) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\5jk7z0zs.default\extensions\acunetixwebscanner@attila.gerendi
[2011/12/10 18:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 11:27:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/08/05 12:54:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/07/24 18:09:22 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ========== CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/12/12 06:05:11 | 000,001,401 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.240.133.193
http://www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193
http://www.statcounter.com.
O1 - Hosts: 69.72.252.254
http://www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254
http://www.statcounter.com.
O3 - HKU\S-1-5-21-1078081533-813497703-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LFService] C:\Program Files\Lock Folder XP\LFService.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE (Corel Corporation)
O4 - HKU\S-1-5-21-1078081533-813497703-725345543-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1078081533-813497703-725345543-1004..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-21-1078081533-813497703-725345543-1004..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\Dad\Start Menu\programs\Startup\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-813497703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6284CF7-85A7-4855-B87D-EF32FEAFF102}: DhcpNameServer = 97.64.168.12 97.64.183.165
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/29 21:35:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/27 20:00:06 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{802f713b-dcdb-11e0-b743-001217539451}\Shell\open\command - "" = C:\WINDOWS\Explorer.exe -- [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/12/15 18:42:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2011/12/15 18:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/14 21:16:50 | 005,062,112 | ---- | C] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Dad\Desktop\zaSetupWeb_101_065_000.exe
[2011/12/14 21:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\Bookmarks
[2011/12/13 18:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/10 20:33:34 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2011/12/10 16:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tiny Personal Firewall 2005
[2011/12/10 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PFShared
[2011/12/10 16:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Tiny Firewall
[2011/12/10 16:44:33 | 004,297,552 | ---- | C] (Tiny Software ) -- C:\Documents and Settings\Dad\My Documents\tpf-6.5.92.exe
[2011/12/10 16:31:42 | 000,000,000 | ---D | C] -- C:\virus stuff
[2011/12/10 15:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/10 15:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/10 15:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/04 15:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegCure
[2011/12/04 15:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/12/04 15:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2011/12/04 15:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Havij_new_1.15v_p0rtabl3
[2011/11/18 18:25:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\Recent
[2009/04/26 18:32:55 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dad\Application Data\ezplay.sys
[2009/04/26 18:32:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dad\Application Data\pcouffin.sys
[2008/08/31 19:47:33 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/08/31 19:47:23 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/12/15 18:43:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\co0992rv.exe
[2011/12/15 18:42:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2011/12/15 18:19:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/14 21:41:29 | 000,031,452 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/12/14 21:41:29 | 000,031,452 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/12/14 21:41:29 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/12/14 21:41:29 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/12/14 21:41:29 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.rfx
[2011/12/14 21:41:29 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-10031102}.rfx
[2011/12/14 21:41:29 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-10031102}.rfx
[2011/12/14 21:41:29 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-10031102}.rfx
[2011/12/14 21:41:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/14 21:41:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/14 21:41:29 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2011/12/14 21:41:29 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
[2011/12/14 21:41:29 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2011/12/14 21:41:29 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
[2011/12/14 21:16:51 | 005,062,112 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Dad\Desktop\zaSetupWeb_101_065_000.exe
[2011/12/13 22:20:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 19:56:25 | 002,377,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 18:16:34 | 000,001,284 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2011/12/13 16:41:47 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2011/12/13 16:38:59 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2011/12/12 22:05:22 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/12/12 21:32:02 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/12 21:30:55 | 000,024,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k
[2011/12/12 17:30:40 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/12 17:30:40 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/12 06:05:11 | 000,001,401 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/12 06:01:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/11 19:46:36 | 000,006,580 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/12/10 18:05:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/10 16:44:23 | 004,297,552 | ---- | M] (Tiny Software ) -- C:\Documents and Settings\Dad\My Documents\tpf-6.5.92.exe
[2011/12/10 16:34:20 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2011/12/10 08:53:30 | 000,004,378 | -HS- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\4h32ql3b74d874
[2011/12/10 08:53:30 | 000,004,378 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4h32ql3b74d874
[2011/12/06 22:52:56 | 000,014,792 | -HS- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\u0ff12t5vq0alc
[2011/12/06 22:52:56 | 000,014,792 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\u0ff12t5vq0alc
[2011/12/04 15:34:30 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/12/04 15:34:30 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/12/03 10:15:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/12/15 18:43:27 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\co0992rv.exe
[2011/12/13 22:20:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 16:38:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2011/12/10 17:35:12 | 000,024,148 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k
[2011/12/10 15:20:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/10 08:50:57 | 000,004,378 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\4h32ql3b74d874
[2011/12/10 08:50:57 | 000,004,378 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4h32ql3b74d874
[2011/12/06 19:23:02 | 000,014,792 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\u0ff12t5vq0alc
[2011/12/06 19:23:02 | 000,014,792 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u0ff12t5vq0alc
[2011/12/04 15:34:30 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/12/04 15:34:30 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2011/11/13 12:15:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/10/18 18:30:06 | 000,000,140 | -H-- | C] () -- C:\Documents and Settings\Dad\Application Data\lakerda1967.sys
[2011/10/18 18:30:05 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\docXConverter (3).ini
[2011/09/05 20:10:00 | 000,011,350 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\s5u64pg23774170bcv4al7ei4780nmvv373f65p8017a0ok
[2011/09/05 20:10:00 | 000,011,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s5u64pg23774170bcv4al7ei4780nmvv373f65p8017a0ok
[2011/09/04 20:54:13 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/04/18 20:00:18 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\1.gif
[2011/02/08 18:24:32 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\AutoGK.ini
[2010/11/01 19:47:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2010/10/17 19:23:16 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Autorun.vbs
[2010/08/26 22:03:46 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/02/03 21:28:32 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010/01/26 20:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/11/09 15:21:02 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\ntrights.exe
[2009/10/23 19:14:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/10/05 15:09:42 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2009/10/05 15:09:42 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2009/10/05 15:09:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/08/03 03:42:08 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\lf30xp.sys
[2009/04/28 21:31:21 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2009/04/26 18:32:55 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\ezplay.cat
[2009/04/26 18:32:55 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\ezplay.inf
[2009/04/26 18:32:55 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\ezplay.ini
[2009/04/26 18:32:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\inst.exe
[2009/04/26 18:32:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.cat
[2009/04/26 18:32:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.inf
[2009/03/17 21:50:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2009/01/25 15:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 17:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/19 21:17:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/21 17:22:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/09/20 22:14:36 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/08/31 19:51:30 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/08/31 19:51:29 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/08/31 19:50:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/08/31 19:50:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-20021102}.dat
[2008/08/31 19:50:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
[2008/08/31 19:50:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
[2008/08/31 19:47:48 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2008/08/31 19:47:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/31 19:47:38 | 000,256,927 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2008/08/31 19:47:38 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2008/08/31 19:47:37 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/08/31 19:47:37 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/08/31 19:47:37 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/08/31 19:47:36 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/08/31 19:47:36 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/08/31 19:47:33 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/08/31 19:47:33 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/08/31 19:47:31 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/08/31 19:47:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/08/31 19:47:16 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000002.dat
[2008/08/31 19:47:16 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/08/31 19:46:08 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/08/31 19:42:34 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/08/31 16:25:20 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2008/08/31 16:25:20 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/08/30 23:05:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/30 22:29:40 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/08/30 22:29:40 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/08/30 22:29:40 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/08/30 22:29:40 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/08/30 22:29:40 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/08/30 22:29:40 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/08/30 22:29:40 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/08/30 22:29:40 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/08/30 22:29:40 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/08/30 22:29:40 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/08/30 22:29:40 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/08/30 22:29:40 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/08/30 22:29:40 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/08/30 22:29:40 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/08/30 22:29:40 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/08/30 22:29:40 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/30 22:28:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2008/08/30 22:26:58 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/08/30 21:42:55 | 000,006,580 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/08/30 21:42:55 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C281340229.sys
[2008/08/29 22:13:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/29 21:56:57 | 000,000,452 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2008/08/29 21:37:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/29 21:33:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/29 16:23:26 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/08/29 16:21:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/29 16:20:56 | 002,377,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/18 13:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2004/03/18 17:40:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 17:40:24 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264B2CC4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264A9BB7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >