PDA

View Full Version : Help - Unable to launch IE or FF - unable to run DDS


Lfmgtc59
2011-05-07, 17:41
I am unable to launch IE or FF. Sometimes the window comes up blank and then immediatly closes. Other times it may get to the point of asking to renew the last session or start at home, but this also closes

I also have a suspicious program listed as "aaa" in my "control panel" - "Add or remove programs" that cannot be removed.

When I try to remove it it either errors out or freezes.

The latest updates of McAfee, Malwarebytes, SpybotSD, and TDSKiller all run and say no problems were found.

I downloaded "DDS.SCR" onto a USB drive and copied to the desktop of the infected computer.

It would not run either by dblclicking or using Programs/run.

I was able to get it to run by renaming it to DDS.bat and dblclicking on the desktop.

The first time I ran it, it was still running after over twice the 3 minutes the instructions said it should run for, so I ended out of it with task manager.

The second time it just sat there with a blank window until I got a box that it was not responding and I ended the process.

The third time I ran it the text came up, but again it just sat there... so after some time I ended the process with task manager.

I rebooted the machine and tried to run it again... and again it opened a blank window, this time I let it sit for over 20 minutes - nothing happened, no text no nothing but a blinking cursor.

I ran it once more... This time I got the window, and the text, and it made it to the first set of ":" time markers...

http://forums.spybot.info/showthread.php?p=402979#post402979
Lfmgtc59
2011-05-08, 14:37
I recieved the below link to the following previous thread in response to my posting. Not sure who posted the link. KEN545 posted the original as the copy shows

IT IS IMPOSSIBLE THAT MY SOFTWARE IS ILLEGAL!!!!!!!

I bought this system directly from Dell! I have the original disks shipped with it.

PLEASE CONTINUE TO HELP!


Link posted:

ken545
Security Expert


Join Date: Nov 2005
Location: Darien, CT
Posts: 10,644

--------------------------------------------------------------------------------

Illegal software detected. This thread will be closed
__________________
Microsoft MVP Consumer Security 2007-2008-2009-2010

ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue

Just a reminder that threads will be closed if no reply in 3 days.
Lfmgtc59
2011-05-08, 14:45
KEN545

So how can I prove my software is legal?? As I said I bought this system direct from DELL.

As you can see the issue has gotten worse, now I have no access to the internet at all.

Thank You

Lee
Lfmgtc59
2011-05-08, 15:52
ken545
Security Expert


KEN545

My Autodesk licenses are all legal educational software downloaded from Autodesk's site and using authorization codes from Autodesk...

Lee

Join Date: Nov 2005
Location: Darien, CT
Posts: 10,644

--------------------------------------------------------------------------------

You appear to have an illegal copy of autodesk
__________________
Microsoft MVP Consumer Security 2007-2008-2009-2010

ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue

Just a reminder that threads will be closed if no reply in 3 days.
Lfmgtc59
2011-05-08, 16:20
KEN545

I can provide original emails with authorization from Autodesk if that will help.

I will need some email address to forward them to.


Lee
ken545
2011-05-09, 18:12
Lee,

I posted that illegal software was detected, was waiting for your response and you never responded back so I closed the thread.


You will have to download this program to a clean computer and transfer by disk to the infected one, run and then post the log please, your master boot record is infected , transfer the log back by disk also to the good computer so I can see it and then we will attempt a repair

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Lfmgtc59
2011-05-09, 21:04
KEN545:

Sorry about the misscommunication. At the time you posted the illegal software alert, I thought we had taken care of the issue, so I really only checked back to say thank you. Unfortunatly the problem seemed to come back and get worse, which is when I found the illegal software issue...

Anyway I really appreciate the assistance as this is quite beyond me. By running the "fixmbr" I was able to get control of my security software and having run complete scans with McAfee, SpybotSD, malwarebytes, and I0bit Security360, I was able to apparently nuetralize some of the issues enough to get my IE back... However, the issue persists and has seemingly caused "re-boots" and is regularly requiring me to go through the 4 - 5 hr process of re-scanning to get the IE and email back...

OK...

I downloaded the combofix as instructed in the webmaster (see below). I saved it under a new name "combo_fix-2x" to the desktop.

When I ran it, it lauched a progress bar. That completed closed. Next I received a box with the disclaimer on purchased products and terms. I answered in the affirmative.

That is all that happened. It sat a good 20 minutes or so...

Next I found your post concerning downloading aswMBR.exe. I tried to download it but was sent to the following link:

http://public.avast.com/~gmerek/aswMBR.exe

Which had the following message with a Google screen:

404. That’s an error.
The requested URL /~gmerek/aswMBR.exe was not found on this server. That’s all we know.

I know this is a real pain -believe me- and I greatly appreciate your help.

Thank You

Lee

*****************************

-----Original Message-----
From: Safer-Networking Forums <webmaster@spybot.info>
To: lfmgtc59@aol.com
Sent: Mon, May 9, 2011 12:12 pm
Subject: Reply to thread 'Help - Unable to launch IE or FF - unable to run DDS'



Dear Lfmgtc59,

ken545 has just replied to a thread you have subscribed to entitled - Help -
Unable to launch IE or FF - unable to run DDS - in the Malware Removal forum of
Safer-Networking Forums.

This thread is located at:
http://forums.spybot.info/showthread.php?t=62572&goto=newpost

Here is the message that has just been posted:
***************
ken545
2011-05-09, 23:49
Hi,

Sorry for the miscommunication also. When we ran CKScanner, what I meant was that Autodesk may have been illegal and when you did not reply I assumed it was, no big deal, we are on the same page now.

I did not post instructions to run aswMBR and fix the MBR, I just needed to see the log, go ahead and post it again just to scan and post the log.

Then run DDS again and post the log and lets go from there
Lfmgtc59
2011-05-10, 00:42
I made sure all my memory resident security was off.

I then downloaded ComboFix and saved it to the desktop as "Combo_fix-3x.exe"

I then dblclicked the icon.

The "progress" bar came up amd ran to the end - the bar stayed open.

The the following error appeared:

Error

You appear to have a corrupt download
Please download a fresh copy of ComboFix.exe
You can close ComboFix by clicking in the right corner of the progree bar

I have tried this Three times now... still getting the same issue.

I also tried to run the DDS again with no apparent luck. It gets to 1 ":" mark and just sits there, no cursor etc.

Please advise

Thank You

Lee
ken545
2011-05-10, 01:07
Drag aswMBR to the trash and download an updated copy
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Then do this only

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button NOT FIXMBR
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrtdl4.gif



Save the log as before and post in your next reply
Lfmgtc59
2011-05-10, 01:59
Ken545

I don't want to appear overly dense here but when I try to download the aswMBR from:

http://public.avast.com/~gmerek/aswMBR.exe

I get the following error message with a Google screen:

Error 404 (not found)

404. That’s an error.
The requested URL /~gmerek/aswMBR.exe was not found on this server. That’s all we know.

I tried doing a google search for another site to download from, but there does not appear to be one.

Is the virus preventing me from reaching this site??

Thank You

Lee
ken545
2011-05-10, 02:10
http://public.avast.com/~gmerek/aswMBR.exe

You may have to download it from a clean computer , transfer it by disk to the infected one and then run it
Lfmgtc59
2011-05-10, 02:56
KEN545:

I ran the aswMBR Scan and I saved it to a file.

The "FIX" option was not available.

Lee



aswMBR log:

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-05-09 20:46:22
-----------------------------
20:46:22.953 OS Version: Windows 5.1.2600 Service Pack 2
20:46:22.953 Number of processors: 2 586 0xE08
20:46:22.953 ComputerName: LFM-01 UserName:
20:46:23.984 Initialize success
20:48:33.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:48:33.875 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
20:48:35.890 Disk 0 MBR read successfully
20:48:35.890 Disk 0 MBR scan
20:48:37.906 Disk 0 scanning sectors +195366465
20:48:37.937 Disk 0 scanning C:\WINDOWS\system32\drivers
20:48:50.562 Service scanning
20:48:52.203 Disk 0 trace - called modules:
20:48:52.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:48:52.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aae0ab8]
20:48:52.234 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\00000086[0x8aaeb490]
20:48:52.234 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ab2e940]
20:48:52.250 Scan finished successfully


Also:

For future reference aswMBR can be found as a zip at the following link - the zip is not blocked by the virus:

http://www.geekstogo.com/forum/topic/299341-unfound-rootkit-still-problems/page__st__15
ken545
2011-05-10, 10:04
Good Morning,

GeeksToGo link will work , just a matter of time until they find and block that one also.

Your aswMBR log looks ok, see if TDSSKiller will run now

If you downloaded it before, drag it to the trash and grab a fresh copy

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)
Lfmgtc59
2011-05-10, 11:37
Good Morning:

I had to download TDSSkiller from another computer as it was blocked. (devious little devils these viral hackers).

Once downloaded the first attempt to run gave me a Kaspersky logo and that was it. The second attempt ran fine.

No infections were found.

The log is below:

2011/05/10 05:32:22.0578 3772 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 05:32:24.0578 3772 ================================================================================
2011/05/10 05:32:24.0578 3772 SystemInfo:
2011/05/10 05:32:24.0578 3772
2011/05/10 05:32:24.0578 3772 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/10 05:32:24.0578 3772 Product type: Workstation
2011/05/10 05:32:24.0578 3772 ComputerName: LFM-01
2011/05/10 05:32:24.0578 3772 UserName: Lee F. Mallory
2011/05/10 05:32:24.0578 3772 Windows directory: C:\WINDOWS
2011/05/10 05:32:24.0578 3772 System windows directory: C:\WINDOWS
2011/05/10 05:32:24.0578 3772 Processor architecture: Intel x86
2011/05/10 05:32:24.0578 3772 Number of processors: 2
2011/05/10 05:32:24.0578 3772 Page size: 0x1000
2011/05/10 05:32:24.0578 3772 Boot type: Normal boot
2011/05/10 05:32:24.0578 3772 ================================================================================
2011/05/10 05:32:24.0812 3772 Initialize success
2011/05/10 05:32:29.0093 5468 ================================================================================
2011/05/10 05:32:29.0093 5468 Scan started
2011/05/10 05:32:29.0093 5468 Mode: Manual;
2011/05/10 05:32:29.0093 5468 ================================================================================
2011/05/10 05:32:30.0796 5468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/10 05:32:30.0968 5468 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 05:32:31.0093 5468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/10 05:32:31.0218 5468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/10 05:32:31.0453 5468 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 05:32:31.0609 5468 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/10 05:32:31.0812 5468 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 05:32:31.0875 5468 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/10 05:32:31.0953 5468 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/10 05:32:32.0078 5468 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/10 05:32:32.0250 5468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/10 05:32:32.0390 5468 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/10 05:32:32.0500 5468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/10 05:32:32.0578 5468 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/10 05:32:32.0640 5468 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/10 05:32:32.0781 5468 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/10 05:32:32.0906 5468 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/05/10 05:32:33.0093 5468 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/10 05:32:33.0281 5468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/10 05:32:33.0375 5468 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/10 05:32:33.0484 5468 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/10 05:32:33.0703 5468 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 05:32:33.0859 5468 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 05:32:34.0234 5468 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 05:32:34.0343 5468 ATWPKT2 (259adf3f26ba9db3c79c3cf907cc6b67) C:\WINDOWS\system32\drivers\ATWPKT2.SYS
2011/05/10 05:32:34.0437 5468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 05:32:34.0671 5468 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/10 05:32:34.0812 5468 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/05/10 05:32:34.0968 5468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 05:32:35.0203 5468 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/10 05:32:35.0406 5468 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/10 05:32:35.0625 5468 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/10 05:32:35.0812 5468 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/10 05:32:36.0031 5468 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/10 05:32:36.0140 5468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 05:32:36.0218 5468 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/10 05:32:36.0468 5468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/10 05:32:36.0609 5468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 05:32:37.0531 5468 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 05:32:37.0875 5468 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 05:32:38.0062 5468 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/10 05:32:38.0125 5468 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/10 05:32:38.0546 5468 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/10 05:32:38.0734 5468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/10 05:32:38.0890 5468 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/10 05:32:38.0968 5468 CompFilter (13612d5107c9b65bef347f449bcaf54d) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
2011/05/10 05:32:39.0078 5468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/10 05:32:39.0218 5468 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/10 05:32:39.0328 5468 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/10 05:32:39.0500 5468 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 05:32:40.0640 5468 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/10 05:32:40.0781 5468 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/10 05:32:41.0843 5468 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/05/10 05:32:43.0500 5468 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/10 05:32:44.0562 5468 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/10 05:32:45.0687 5468 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/10 05:32:45.0828 5468 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/05/10 05:32:46.0906 5468 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/10 05:32:48.0000 5468 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/10 05:32:48.0312 5468 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 05:32:48.0500 5468 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 05:32:48.0656 5468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 05:32:48.0781 5468 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 05:32:48.0937 5468 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/10 05:32:49.0093 5468 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 05:32:49.0218 5468 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/10 05:32:49.0343 5468 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/10 05:32:49.0453 5468 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/10 05:32:49.0640 5468 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 05:32:49.0843 5468 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/10 05:32:49.0968 5468 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 05:32:50.0125 5468 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/10 05:32:50.0312 5468 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/10 05:32:50.0421 5468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 05:32:50.0562 5468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 05:32:50.0765 5468 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 05:32:50.0859 5468 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/10 05:32:51.0015 5468 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/10 05:32:51.0171 5468 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/10 05:32:51.0312 5468 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/05/10 05:32:51.0484 5468 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/05/10 05:32:51.0703 5468 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 05:32:51.0890 5468 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/10 05:32:52.0078 5468 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/10 05:32:52.0234 5468 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/10 05:32:52.0453 5468 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 05:32:52.0609 5468 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/10 05:32:52.0765 5468 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/10 05:32:52.0968 5468 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/10 05:32:53.0140 5468 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/10 05:32:53.0281 5468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/10 05:32:53.0468 5468 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 05:32:53.0687 5468 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 05:32:53.0843 5468 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 05:32:53.0984 5468 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 05:32:54.0093 5468 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 05:32:54.0265 5468 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 05:32:54.0453 5468 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/10 05:32:54.0687 5468 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 05:32:54.0859 5468 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 05:32:54.0984 5468 L8042Kbd (702e5ffd2dd24b4b00f798953320fc20) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/05/10 05:32:55.0046 5468 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/05/10 05:32:55.0312 5468 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/05/10 05:32:55.0421 5468 LHidKe (04540f5b4c0760bf6d78311b04439afa) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/05/10 05:32:55.0546 5468 LHidUsbK (1c9414f926e5a8546a58b0e8e1bc5ddc) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
2011/05/10 05:32:55.0609 5468 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/05/10 05:32:55.0765 5468 LMouKE (d98216e171e82524d0b9d8f13f7c96ea) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/05/10 05:32:55.0812 5468 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/05/10 05:32:55.0890 5468 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/05/10 05:32:56.0015 5468 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/05/10 05:32:56.0125 5468 lvselsus (d679bac01850b70518da1ab75e735556) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
2011/05/10 05:32:56.0406 5468 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/05/10 05:32:56.0765 5468 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/10 05:32:56.0843 5468 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/10 05:32:56.0906 5468 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/10 05:32:57.0171 5468 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/10 05:32:57.0218 5468 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/10 05:32:57.0281 5468 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/10 05:32:57.0406 5468 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/10 05:32:57.0406 5468 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/10 05:32:57.0484 5468 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/10 05:32:57.0546 5468 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/05/10 05:32:57.0593 5468 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/05/10 05:32:57.0656 5468 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/10 05:32:57.0812 5468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 05:32:57.0953 5468 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 05:32:58.0062 5468 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 05:32:58.0093 5468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/10 05:32:58.0250 5468 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 05:32:58.0406 5468 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/10 05:32:58.0609 5468 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 05:32:58.0843 5468 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/10 05:32:59.0062 5468 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 05:32:59.0265 5468 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 05:32:59.0437 5468 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 05:32:59.0640 5468 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 05:32:59.0843 5468 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 05:32:59.0921 5468 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/10 05:33:00.0078 5468 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 05:33:00.0218 5468 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/10 05:33:00.0390 5468 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 05:33:00.0453 5468 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/10 05:33:00.0578 5468 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 05:33:00.0765 5468 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 05:33:00.0921 5468 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 05:33:01.0031 5468 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 05:33:01.0250 5468 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/10 05:33:01.0406 5468 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 05:33:01.0609 5468 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/10 05:33:01.0781 5468 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 05:33:02.0015 5468 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 05:33:02.0187 5468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 05:33:02.0640 5468 nv (77f427e51479c66c09f967d15b639b37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/10 05:33:03.0031 5468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 05:33:03.0156 5468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 05:33:03.0375 5468 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/05/10 05:33:03.0484 5468 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/05/10 05:33:03.0609 5468 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/05/10 05:33:03.0859 5468 NWRDR (3f18d9365be71c7b2e43b7cf4a0c1a10) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/05/10 05:33:04.0000 5468 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/10 05:33:04.0187 5468 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/10 05:33:04.0359 5468 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 05:33:04.0500 5468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 05:33:04.0578 5468 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys
2011/05/10 05:33:04.0718 5468 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 05:33:05.0250 5468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 05:33:05.0468 5468 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/10 05:33:06.0437 5468 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/10 05:33:06.0562 5468 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/10 05:33:06.0656 5468 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/05/10 05:33:06.0859 5468 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 05:33:07.0046 5468 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 05:33:07.0140 5468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 05:33:07.0328 5468 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/05/10 05:33:07.0421 5468 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/10 05:33:07.0578 5468 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/10 05:33:07.0765 5468 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/10 05:33:07.0890 5468 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/10 05:33:08.0062 5468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/10 05:33:08.0203 5468 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/10 05:33:08.0343 5468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 05:33:08.0515 5468 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 05:33:08.0687 5468 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 05:33:08.0796 5468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 05:33:09.0031 5468 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/10 05:33:09.0140 5468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 05:33:09.0203 5468 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/10 05:33:09.0453 5468 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 05:33:09.0609 5468 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 05:33:09.0828 5468 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/10 05:33:09.0906 5468 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/10 05:33:09.0968 5468 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/10 05:33:10.0046 5468 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/10 05:33:10.0171 5468 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/05/10 05:33:10.0406 5468 sdbus (45c6411c6f9f911a9f1c8561b1fa1115) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/10 05:33:10.0640 5468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 05:33:10.0843 5468 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/10 05:33:11.0062 5468 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/10 05:33:11.0265 5468 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/10 05:33:11.0578 5468 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/10 05:33:11.0671 5468 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/10 05:33:11.0781 5468 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
2011/05/10 05:33:12.0031 5468 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/10 05:33:12.0281 5468 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 05:33:12.0390 5468 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 05:33:12.0875 5468 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/10 05:33:13.0046 5468 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/10 05:33:13.0187 5468 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/10 05:33:13.0390 5468 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 05:33:13.0531 5468 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 05:33:13.0687 5468 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/10 05:33:13.0843 5468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/10 05:33:14.0015 5468 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/10 05:33:14.0156 5468 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/10 05:33:14.0281 5468 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/10 05:33:14.0500 5468 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 05:33:14.0750 5468 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 05:33:14.0859 5468 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 05:33:14.0921 5468 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 05:33:15.0000 5468 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 05:33:15.0171 5468 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/10 05:33:15.0312 5468 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/05/10 05:33:15.0406 5468 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\drivers\Tosrfcom.sys
2011/05/10 05:33:15.0515 5468 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/05/10 05:33:15.0640 5468 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/05/10 05:33:15.0859 5468 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 05:33:16.0046 5468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/10 05:33:16.0281 5468 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 05:33:16.0406 5468 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/10 05:33:16.0468 5468 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 05:33:16.0562 5468 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/05/10 05:33:16.0765 5468 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 05:33:17.0015 5468 usbhub (ace960e54148821e8e48f5d191562c28) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 05:33:17.0234 5468 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/10 05:33:17.0453 5468 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/10 05:33:17.0656 5468 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/05/10 05:33:17.0859 5468 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 05:33:18.0000 5468 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/10 05:33:18.0078 5468 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/10 05:33:18.0281 5468 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 05:33:18.0390 5468 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/10 05:33:18.0609 5468 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/10 05:33:18.0796 5468 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 05:33:18.0984 5468 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/05/10 05:33:19.0234 5468 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 05:33:19.0312 5468 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/10 05:33:19.0375 5468 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/10 05:33:19.0812 5468 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 05:33:19.0984 5468 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/05/10 05:33:20.0265 5468 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/10 05:33:20.0421 5468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/10 05:33:20.0500 5468 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/10 05:33:20.0734 5468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/10 05:33:20.0968 5468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/10 05:33:21.0312 5468 ================================================================================
2011/05/10 05:33:21.0312 5468 Scan finished
2011/05/10 05:33:21.0312 5468 ================================================================================
ken545
2011-05-10, 13:17
Good, lets do this

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please




OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Lfmgtc59
2011-05-10, 13:37
KEN545

I ran the Malwarebytes Update Version: 6545

I tried opening the log under the "log" tab, but the operation failed.

I was able to use explorer to find and open the file in notepad - results below:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6545

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/10/2011 7:30:13 AM
mbam-log-2011-05-10 (07-30-13).txt

Scan type: Quick scan
Objects scanned: 219030
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ken545
2011-05-10, 13:53
Great, lets see the OTL log
Lfmgtc59
2011-05-10, 14:11
OTL logfile created on: 5/10/2011 7:42:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lee F. Mallory\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.09 Gb Total Space | 15.40 Gb Free Space | 16.54% Space Free | Partition Type: FAT32
Drive E: | 999.72 Mb Total Space | 555.81 Mb Free Space | 55.60% Space Free | Partition Type: FAT

Computer Name: LFM-01 | User Name: Lee F. Mallory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\services.exe File not found
PRC - C:\Documents and Settings\Lee F. Mallory\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Autodesk\3DS Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe ()
PRC - C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\AOL\Loader\aolload.exe (AOL LLC)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Wave Systems Corp\common\DataServer.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe ()
PRC - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe ()
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\system32\lxcecoms.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
PRC - C:\Program Files\Venturi2\Client\VentC.exe (Venturi Wireless)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lee F. Mallory\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\IObit\IObit Security 360\is360mon.dll (IObit)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wxvault.dll ()
MOD - C:\WINDOWS\system32\detoured.dll ()


========== Win32 Services (SafeList) ==========

SRV - (PlugPlay) -- C:\WINDOWS\System32\services.exe File not found
SRV - (Eventlog) -- C:\WINDOWS\System32\services.exe File not found
SRV - (Bonjour Service) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll ()
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mi-raysat_3dsmax2011_32) -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe ()
SRV - (mitsijm2011) -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Autodesk Network Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (DataSvr2) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe ()
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (Bluetooth Hid Switch Service) -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe (Cambridge Silicon Radio)
SRV - (lxce_device) -- C:\WINDOWS\System32\lxcecoms.exe (Lexmark International, Inc.)
SRV - (Venturi2) -- C:\Program Files\Venturi2\Client\VentC.exe (Venturi Wireless)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (LVUVC) Logitech HD Pro Webcam C910(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\WINDOWS\system32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (ATWPKT2) -- C:\WINDOWS\system32\drivers\atwpkt2.sys (America Online)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\pbadrv.sys (Dell Inc)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (Tosrfcom) -- C:\WINDOWS\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18707"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=18707"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=18707&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/06 17:44:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/28 16:46:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/28 16:46:08 | 000,000,000 | ---D | M]

[2010/08/27 20:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lee F. Mallory\Application Data\Mozilla\Extensions
[2011/01/28 16:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lee F. Mallory\Application Data\Mozilla\Firefox\Profiles\mbtr1unv.default\extensions
[2011/01/28 16:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/18 07:45:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/05/06 17:44:56 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2011/04/27 06:45:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110422201941.dll (McAfee, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (TBSB05541 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Veehd Plugin\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\..\Toolbar\WebBrowser: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbcore3.dll ()
O3 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\acs\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [File Helper] C:\Program Files\File Helper\2.3.0.8\FileHelper.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1290459129\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [lxcemon.exe] C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Venturi Configurator] C:\Program Files\Venturi2\Configurator\ventcfg.exe (Venturi Wireless)
O4 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O15 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3923555660-1190350133-623060438-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1303522201968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: bestreak - - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2011/05/10 07:39:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lee F. Mallory\Desktop\OTL.exe
[2011/05/10 05:31:38 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lee F. Mallory\Desktop\TDSSKiller.exe
[2011/05/09 19:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/09 19:38:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lee F. Mallory\Cookies
[2011/05/07 21:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2011/05/07 21:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\IObit
[2011/05/07 21:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/05/07 21:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/05/06 17:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/06 17:44:49 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/06 17:44:38 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/06 17:44:38 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/06 17:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/05/06 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2011/05/06 17:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/05/06 17:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Real
[2011/05/03 13:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Autodesk
[2011/04/30 20:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Toolbar4
[2011/04/30 20:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\Veehd Plugin
[2011/04/30 20:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\VEEHD
[2011/04/29 16:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Desktop\virus
[2011/04/29 15:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eJ06511HdKiI06511
[2011/04/27 15:46:08 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011/04/27 12:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Microsoft Help
[2011/04/27 12:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\Visual Studio 2008
[2011/04/27 06:28:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/27 06:26:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/27 06:26:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/27 06:26:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/27 06:26:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/27 06:26:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/27 06:24:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/26 22:16:16 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lee F. Mallory\Desktop\aswMBR.exe
[2011/04/26 14:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers
[2011/04/26 14:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Babylon
[2011/04/26 14:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/04/26 14:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Babylon
[2011/04/23 00:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/04/14 21:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\The Weather Channel
[2011/04/14 21:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
[2011/04/14 21:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2011/04/14 07:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/04/13 19:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Apple Computer
[2011/03/24 13:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Intuit
[2011/03/11 08:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Utaq
[2011/03/04 21:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Apple
[2011/02/22 09:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\WinZip
[2011/02/21 20:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Mozilla
[2011/02/18 16:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/02/18 11:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\Video Mask Projects
[2011/02/18 09:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Yahoo
[2011/02/18 09:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\SightSpeed Recordings
[2011/02/18 09:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\LogiShrd
[2011/02/18 09:40:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logishrd
[2011/02/18 09:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/02/18 09:36:30 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/02/18 09:36:21 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/02/18 09:36:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/02/18 09:36:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/02/18 09:36:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/02/18 09:36:18 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/02/18 09:36:16 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/02/18 09:36:14 | 000,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/02/18 09:36:12 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/02/18 09:36:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/02/18 09:36:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2011/02/18 09:36:05 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/02/18 09:36:05 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/02/18 09:36:05 | 000,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2011/02/18 09:36:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/02/18 09:36:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/02/18 09:36:05 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/02/18 09:36:05 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/02/18 09:36:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/02/18 09:36:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/02/18 09:36:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/02/18 09:36:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/02/18 09:35:56 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/02/18 07:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\skypePM
[2011/02/18 07:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/18 07:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/02/18 07:45:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/02/18 07:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Skype
[2011/02/18 07:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/02/14 08:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cLhJhJl06509
[2011/02/10 20:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Adobe
[2011/02/10 13:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\BVRP Software
[2011/02/10 13:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\AOL
[2011/02/10 13:21:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings
[2011/02/10 13:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Local Settings\Application Data\Microsoft
[2011/02/09 05:27:22 | 000,000,000 | ---D | C] -- C:\_Support
[2011/01/28 16:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/28 16:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/28 15:36:33 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/28 15:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/28 15:28:07 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/22 21:11:53 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/01/22 21:11:45 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/01/22 21:11:45 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/01/22 21:11:45 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/01/22 21:11:45 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/01/22 21:11:45 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/01/22 21:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/01/22 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/01/22 21:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/01/22 20:59:41 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/01/08 21:40:06 | 000,000,000 | ---D | C] -- C:\Austin
[2011/01/06 17:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/01/06 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/12/31 20:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/11/22 17:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/11/22 16:21:13 | 000,000,000 | ---D | C] -- C:\Archive-AOL
[2010/11/22 15:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2010/11/22 15:52:41 | 000,033,588 | R--- | C] (America Online, Inc.) -- C:\WINDOWS\System32\drivers\wanatw4.sys
[2010/11/22 15:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2010/11/22 15:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2010/11/17 19:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Desktop\X86
[2010/11/17 19:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Desktop\X64
[2010/10/30 07:14:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Redist
[2010/10/18 00:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/10/14 21:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Autodesk Navisworks Exporters 2011
[2010/10/14 21:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Exporters 2011
[2010/10/13 22:28:54 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/10/13 19:42:09 | 000,000,000 | ---D | C] -- C:\MITSI 2011 Temporary Files
[2010/10/13 19:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2010/10/13 19:08:26 | 000,000,000 | ---D | C] -- C:\Program FilesAutodesk
[2010/10/12 16:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Navisworks 2011
[2010/10/12 16:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Autodesk Navisworks Manage 2011
[2010/10/12 16:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Manage 2011
[2010/10/12 16:07:34 | 000,000,000 | ---D | C] -- C:\Navisworks
[2010/10/12 14:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\3dsMax
[2010/10/12 12:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\inventor
[2010/10/12 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/10/12 12:33:15 | 000,000,000 | ---D | C] -- C:\Civil 3D Project Templates
[2010/10/12 12:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/12 12:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Start Menu\Programs\Microsoft Visual Basic 2005 Power Packs
[2010/10/12 12:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/10/12 12:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Basic 2005 Power Packs
[2010/10/12 12:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\Microsoft Visual Basic 2005 Power Packs
[2010/10/12 10:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\Autodesk Revit MEP 2011
[2010/10/12 09:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/10/12 08:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\Autodesk Revit Structure 2011
[2010/10/12 07:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\Autodesk Revit Architecture 2011
[2010/10/12 07:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/10/12 07:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/12 07:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/10/12 07:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/10/12 07:39:20 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/10/12 07:39:20 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/10/12 07:39:19 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/10/12 07:39:19 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/10/12 07:39:19 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/10/12 07:39:18 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/10/12 07:39:17 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/10/12 07:39:17 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/10/12 07:39:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/10/12 07:39:16 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/10/12 07:39:16 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/10/12 07:39:16 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/10/12 07:39:15 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/10/12 07:39:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/10/12 07:39:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/10/12 07:39:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/10/12 07:39:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/10/12 07:39:12 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/10/12 07:39:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010/10/12 07:39:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010/10/12 07:39:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010/10/12 07:39:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010/10/12 07:39:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010/10/12 07:39:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010/10/12 07:39:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010/10/12 07:39:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/10/12 07:39:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010/10/12 07:39:09 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/10/12 07:39:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/10/12 07:39:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/10/12 07:39:07 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/10/12 07:39:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/10/12 07:39:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/10/12 07:39:06 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010/10/12 07:39:05 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010/10/12 07:39:05 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010/10/12 07:39:05 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010/10/12 07:39:04 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010/10/12 07:39:03 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/10/12 07:39:03 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010/10/12 07:39:03 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010/10/12 07:39:02 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/10/12 07:39:02 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010/10/12 07:39:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/10/12 07:39:01 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/10/12 07:39:01 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/10/12 07:39:00 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/10/12 07:39:00 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/10/12 07:38:59 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/10/12 07:38:58 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/10/12 07:38:57 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/10/12 07:38:57 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/10/12 07:38:56 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/10/12 07:38:56 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/10/12 07:38:55 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/10/12 07:38:55 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/10/12 07:38:55 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/10/12 07:38:54 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/10/12 07:38:54 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/10/12 07:38:53 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/10/12 07:38:53 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/10/12 07:38:53 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/10/12 07:38:41 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/10/12 07:38:41 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/10/12 07:38:40 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/10/12 07:38:40 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/10/12 07:38:39 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/10/12 07:38:39 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/10/12 07:38:38 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/10/12 07:38:37 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/10/12 07:38:37 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/10/12 07:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/10/12 07:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2010/10/12 06:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/10/10 22:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/10/09 20:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2010/09/28 05:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\My Documents\My Webs
[2010/08/27 20:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Weather Channel
[2010/08/27 20:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Mozilla
[2010/08/14 05:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\UserData(2)
[2010/08/14 05:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\IECompatCache(2)
[2010/08/13 22:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\PrivacIE(2)
[2010/08/13 18:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\IETldCache(2)
[2010/08/13 18:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Application Data(2)
[2010/08/13 17:55:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/08/13 17:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee F. Mallory\Copy of Desktop
[2010/08/11 15:55:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/09 05:47:57 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2010/08/09 05:47:57 | 000,352,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ijl15.dll
[2010/08/09 05:47:57 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2010/08/09 05:47:57 | 000,102,400 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\unzip3252.dll
[2010/08/09 05:47:57 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2010/08/09 05:47:56 | 000,081,920 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\System32\MBMouse.ocx
[2010/08/09 05:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hyperdyne Software
[2010/07/26 07:27:10 | 000,000,000 | ---D | C] -- C:\_GB-tips
[2010/06/27 12:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\LizardTech
[2010/06/27 12:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LizardTech
[2010/05/24 05:29:48 | 000,000,000 | ---D | C] -- C:\Manuals
[1998/12/08 14:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 14:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 14:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 14:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 14:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 14:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
Lfmgtc59
2011-05-10, 14:12
========== Files - Modified Within 360 Days ==========

[2011/05/10 07:50:02 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2A7078BE-01C3-4591-B22D-FE734C6AB8DA}.job
[2011/05/10 07:39:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lee F. Mallory\Desktop\OTL.exe
[2011/05/10 07:02:02 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/10 05:05:44 | 000,131,454 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/10 05:05:44 | 000,131,454 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/09 20:49:48 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/05/09 20:01:54 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3923555660-1190350133-623060438-1005.job
[2011/05/09 20:01:52 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3923555660-1190350133-623060438-1005.job
[2011/05/09 19:39:34 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\File Helper.lnk
[2011/05/09 19:38:48 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/05/09 19:38:18 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 19:38:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 19:38:10 | 2145,533,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 19:36:00 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/05/08 23:59:32 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 21:53:26 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2011/05/07 07:53:18 | 000,072,849 | ---- | M] () -- C:\VETlog.dmp
[2011/05/07 01:15:10 | 000,000,361 | RHS- | M] () -- C:\boot.ini
[2011/05/06 22:45:48 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\Desktop\Spybot - Search & Destroy.lnk
[2011/05/06 21:46:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/06 17:45:10 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/06 17:44:50 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/06 17:44:40 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/06 17:44:40 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/06 17:44:38 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lee F. Mallory\Desktop\TDSSKiller.exe
[2011/05/01 02:27:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2011/04/29 16:30:42 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/26 22:16:16 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lee F. Mallory\Desktop\aswMBR.exe
[2011/04/23 00:37:54 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/04/23 00:37:54 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/04/18 05:38:16 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/04/16 08:01:32 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/04/14 21:19:22 | 001,573,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/09 07:16:56 | 000,005,894 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/04/06 10:50:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/14 09:25:50 | 000,001,379 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\Desktop\Windows Explorer.lnk
[2011/03/10 20:14:00 | 000,002,740 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\evpro32.prf
[2011/02/18 07:47:06 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/12 14:39:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2011/02/12 14:39:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\VIEWLINK.INI
[2011/02/09 11:25:42 | 000,011,825 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\My Documents\Timeline -C3D flowchart.pdf
[2011/01/28 16:46:10 | 000,001,524 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/28 16:46:10 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/28 15:36:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/28 15:36:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/28 15:36:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/06 17:29:18 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/06 05:20:54 | 000,000,832 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/12/06 05:17:28 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/22 15:54:12 | 000,000,619 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/11/22 15:54:12 | 000,000,516 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.5.lnk
[2010/11/22 15:54:12 | 000,000,516 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.5.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/30 07:14:26 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Impression 3.lnk
[2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/10/13 22:28:54 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/10/13 19:57:20 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inventor Professional 2011.lnk
[2010/10/12 22:11:08 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\My Documents\MyProject.sonic-1.SONIC
[2010/10/12 16:14:38 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Navisworks Manage 2011.lnk
[2010/10/12 16:10:16 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Navisworks Freedom 2011.lnk
[2010/10/12 14:31:10 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3DS Max 2011.lnk
[2010/10/12 12:58:08 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Vault 2011.lnk
[2010/10/12 12:55:58 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DWG TrueView 2011.lnk
[2010/10/12 12:54:14 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Civil 3D 2011.lnk
[2010/10/12 12:29:18 | 000,444,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/12 12:29:18 | 000,072,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/12 10:22:52 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revit MEP 2011.lnk
[2010/10/12 08:52:38 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revit Structure 2011.lnk
[2010/10/12 07:44:56 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revit Architecture 2011.lnk
[2010/10/12 07:37:38 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Design Review.lnk
[2010/10/12 05:39:10 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/10/09 20:46:42 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/04 20:40:40 | 000,001,400 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\Desktop\DivX Movies.lnk
[2010/09/04 20:39:42 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/08/24 07:48:26 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/08/09 05:48:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/09 05:48:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/09 05:47:56 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snitch.lnk
[2010/08/09 05:41:52 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 05:28:50 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/07 22:28:02 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/08/07 22:28:02 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2010/06/22 07:29:20 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\1-8871587893796179001-12458949efc.asx
[2010/06/09 19:01:10 | 002,120,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxSFS.DLL
[2010/06/09 19:01:10 | 000,698,864 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Px.dll
[2010/06/09 19:01:10 | 000,567,792 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/06/09 19:01:10 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxWave.dll
[2010/06/09 19:01:10 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxMas.dll
[2010/06/09 19:01:10 | 000,133,616 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/06/09 19:01:10 | 000,126,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/06/09 19:01:10 | 000,123,888 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/06/09 19:01:10 | 000,100,848 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/06/09 19:01:10 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/06/09 19:01:10 | 000,068,592 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/06/09 19:01:10 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/06/09 19:01:10 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/06/09 19:01:10 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/06/04 11:56:16 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mel_Martinez.vcf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 20:49:46 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/05/07 21:53:25 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2011/05/06 17:55:26 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3923555660-1190350133-623060438-1005.job
[2011/05/06 17:55:26 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3923555660-1190350133-623060438-1005.job
[2011/05/06 17:45:08 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/05/03 21:50:59 | 004,675,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/29 16:46:23 | 000,333,288 | ---- | C] () -- C:\Documents and Settings\Lee F. Mallory\Desktop\sqlite3.dll
[2011/04/27 06:28:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/27 06:28:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/27 06:26:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/27 06:26:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/27 06:26:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/27 06:26:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/27 06:26:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/22 16:01:07 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/04/14 21:50:31 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/04/14 07:30:46 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/02/18 07:47:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/14 09:37:53 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/09 11:25:38 | 000,011,825 | ---- | C] () -- C:\Documents and Settings\Lee F. Mallory\My Documents\Timeline -C3D flowchart.pdf
[2011/01/28 16:46:09 | 000,001,524 | ---- | C] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/28 16:46:09 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/06 17:29:17 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/11/22 15:54:11 | 000,000,516 | ---- | C] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.5.lnk
[2010/11/22 15:54:10 | 000,000,516 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.5.lnk
[2010/10/30 07:14:24 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Impression 3.lnk
[2010/10/26 14:46:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/15 23:59:59 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/15 23:59:58 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/10/13 19:46:12 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inventor Professional 2011.lnk
[2010/10/12 22:10:58 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Lee F. Mallory\My Documents\MyProject.sonic-1.SONIC
[2010/10/12 16:14:36 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Navisworks Manage 2011.lnk
[2010/10/12 16:10:14 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Navisworks Freedom 2011.lnk
[2010/10/12 14:31:08 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3DS Max 2011.lnk
[2010/10/12 12:58:06 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Vault 2011.lnk
[2010/10/12 12:55:56 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DWG TrueView 2011.lnk
[2010/10/12 12:40:31 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Civil 3D 2011.lnk
[2010/10/12 10:22:51 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revit MEP 2011.lnk
[2010/10/12 08:52:37 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revit Structure 2011.lnk
[2010/10/12 07:44:54 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revit Architecture 2011.lnk
[2010/10/12 07:37:36 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Design Review.lnk
[2010/10/09 20:46:41 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/09 20:45:37 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/09 20:45:37 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/04 20:39:41 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/08/09 05:47:57 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2010/08/09 05:47:57 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/09 05:47:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[2010/08/09 05:47:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IMAGEPLUSCONTROL_II.OCX
[2010/08/09 05:47:55 | 000,000,571 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Snitch.lnk
[2010/08/09 05:47:55 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snitch.lnk
[2010/06/22 07:29:17 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\1-8871587893796179001-12458949efc.asx
[2010/06/04 11:56:31 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mel_Martinez.vcf
[2010/05/14 16:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 16:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 16:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/13 16:51:47 | 000,000,140 | -H-- | C] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\lakerda1967.sys
[2010/04/13 16:51:00 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\docXConverter (3).ini
[2010/03/13 11:28:26 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/11/06 18:03:26 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/22 08:19:33 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll
[2008/06/22 11:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\ASR32311.DLL
[2008/06/22 11:51:16 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2008/06/22 11:50:50 | 000,000,082 | ---- | C] () -- C:\WINDOWS\PSPRTGEN.INI
[2008/06/22 11:50:50 | 000,000,034 | ---- | C] () -- C:\WINDOWS\PSPRT.INI
[2008/04/12 21:26:58 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2007/09/16 19:38:34 | 000,002,740 | ---- | C] () -- C:\Documents and Settings\Lee F. Mallory\Application Data\evpro32.prf
[2007/09/08 23:19:54 | 000,000,159 | ---- | C] () -- C:\WINDOWS\PPVIEWER.INI
[2007/02/25 15:29:37 | 000,000,049 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/02/25 15:29:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VIEWLINK.INI
[2006/07/13 07:42:17 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2006/06/21 23:57:57 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/31 00:43:16 | 000,000,619 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/05/31 00:39:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/01 20:22:42 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
[2006/05/01 14:36:42 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2006/05/01 14:20:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/01 14:20:15 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/05/01 14:19:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/04/22 20:16:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/22 20:15:16 | 000,005,894 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/22 20:12:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/04/22 20:12:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/04/22 20:09:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/22 19:55:37 | 000,131,454 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2006/04/22 19:52:12 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/04/22 19:52:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/04/22 19:52:10 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/04/22 19:52:10 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/04/22 19:52:10 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/04/22 19:52:10 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/04/22 19:52:08 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/04/22 19:52:08 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/04/22 19:52:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/22 19:51:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/04/22 19:51:34 | 000,000,298 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/25 17:19:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/03/24 15:19:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/03/24 15:18:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\biolsp-installer.exe
[2006/03/24 15:14:34 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/03/24 15:14:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/03/24 15:14:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/03/24 15:14:18 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/03/24 15:14:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/03/24 15:14:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/03/24 15:14:02 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/03/24 15:13:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/03/24 15:13:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/03/24 15:13:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/03/09 12:25:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/03/09 12:24:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2005/12/01 14:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/30 13:33:06 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/09/01 21:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/22 01:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 01:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:24:19 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 001,573,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:28 | 000,444,468 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,072,974 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1999/01/22 06:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2006/04/22 20:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2006/05/20 09:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2006/05/31 00:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/18 19:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/04/05 10:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/06 08:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/10 22:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/10/12 16:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Manage 2011
[2010/10/12 16:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Navisworks 2011
[2010/10/14 21:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Exporters 2011
[2011/02/14 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cLhJhJl06509
[2011/04/26 14:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/04/29 15:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eJ06511HdKiI06511
[2011/05/07 21:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/05/20 09:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Autodesk
[2007/02/08 23:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Viewpoint
[2007/03/11 07:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Leadertech
[2008/04/04 20:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Smith Micro
[2008/04/28 10:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\ICAClient
[2008/06/22 11:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\eLanguage
[2009/11/18 05:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Blitware
[2010/10/12 16:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Autodesk Navisworks Manage 2011
[2010/10/14 21:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Autodesk Navisworks Exporters 2011
[2011/03/11 08:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Utaq
[2011/04/26 14:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Babylon
[2011/04/30 20:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\Toolbar4
[2011/05/07 21:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee F. Mallory\Application Data\IObit
[2010/08/11 16:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Blitware
[2011/05/10 07:50:02 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2A7078BE-01C3-4591-B22D-FE734C6AB8DA}.job
[2011/05/01 02:27:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job

========== Purity Check ==========



< End of report >
Lfmgtc59
2011-05-10, 14:14
OTL Extras logfile created on: 5/10/2011 7:42:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lee F. Mallory\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.09 Gb Total Space | 15.40 Gb Free Space | 16.54% Space Free | Partition Type: FAT32
Drive E: | 999.72 Mb Total Space | 555.81 Mb Free Space | 55.60% Space Free | Partition Type: FAT

Computer Name: LFM-01 | User Name: Lee F. Mallory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Vid\Vid.exe" = C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\NMSRVC.EXE" = C:\Program Files\Common Files\Pure Networks Shared\Platform\NMSRVC.EXE:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0D4B37-1D9A-4FB0-A232-61932F92CD21}" = Autodesk Navisworks Manage 2011 (32 bit) 2011 DWG File Reader
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D9AD604-560C-0000-AAA8-C0043D41F03A}" = Autodesk Navisworks Manage 2011 (32 bit) 2010 DWG File Reader
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EE1FCA9-7474-4143-8F22-E7AD998FACBF}" = Autodesk Revit Structure 2011
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{164EB480-180D-4779-9B07-0B0AF7753C9F}" = Panavue ImageAssembler Enterprise 3.0 (Trial)
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B868720-ED88-4531-8892-3A35A76E48FE}" = TurboTax 2010 wfliper
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30499511-7C2F-40F7-8BF7-262A87070B40}" = Autodesk Navisworks Manage 2011 (32 bit) 2008 DWG File Reader
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{35738946-FE22-0000-8916-2CE9119C21D5}" = Autodesk Navisworks Freedom 2011
"{35738946-FE22-0409-8916-2CE9119C21D5}" = Autodesk Navisworks Freedom 2011 English Language Pack
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3712BB20-EAA2-012B-AD56-000000000000}" = TurboTax 2009 wfliper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CEBAF73-715A-4AC0-BB14-C9AC6B7D453F}" = Autodesk Navisworks Manage 2011 (32 bit) 2009 DWG File Reader
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{41EEF558-3585-4020-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client)
"{41EEF558-3585-4028-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client) English Language Pack
"{44B3522B-195C-488D-84AC-9526FA99CB73}" = Motorola Handset USB Driver
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF99FCA-1D0C-4D5A-9BFE-0D4376A52B23}" = Autodesk Revit Architecture 2011
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-9000-0409-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2011
"{5783F2D7-9000-0409-1002-0060B0CE6BBA}" = AutoCAD Civil 3D 2011 Language Pack - English
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5E152D08-572A-3375-8FDE-DAD1EFB379BA}" = Microsoft Report Viewer Redistributable 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{71F89FF7-C913-4A99-B4D9-C05BAA20790B}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 2.5.3.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F4DD591-1532-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1532-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 English Language Pack
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C3B5851-5A51-4FF6-A3C8-3422EE2D0109}" = Autodesk Navisworks 2011 2004-6 DWG File Reader Runtimes
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9709ACB8-430D-4136-A610-F218E4A33CC5}" = Autodesk Navisworks Manage 2011 (32 bit) 2004 DWG File Reader
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{99F80251-DAE8-0409-BD08-DCBBEF56B8CB}" = Autodesk 3ds Max 2011 32-bit Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B46E7E8-3E7D-480d-B717-D5A047F66425}" = Autodesk Impression 3
"{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}" = Venturi Client 2.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD7D1D0E-B328-4955-87A1-BD5AF49E53CD}" = Autodesk Navisworks Manage 2011 (32 bit) 2005 DWG File Reader
"{AE765884-4770-4A92-82D9-AB3192512B31}" = Preboot Manager
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}" = Wave Infrastructure Installer
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C037F379-977E-0000-8901-BE4EA1969492}" = Autodesk Navisworks Manage 2011
"{C037F379-977E-0409-8901-BE4EA1969492}" = Autodesk Navisworks Manage 2011 English Language Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCCB80C8-5CC5-4EB7-89D0-F18E405F18F9}" = Autodesk Revit MEP 2011
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF3BB92C-1E4D-4CDF-BB97-9786C16649FF}" = Snitch
"{D1183FA8-AA29-4C82-B998-9593D7AF42FE}" = NTRU Hybrid TSS v2.0.7
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBE4C11-8D5E-44A2-A342-AF12145E9118}" = Autodesk Navisworks Manage 2011 (32 bit) 2006 DWG File Reader
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40F6EE7-A781-4B01-A12A-B777E5BE69CD}" = Autodesk Navisworks Manage 2011 (32 bit) 2007 DWG File Reader
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E70A81D3-0953-4F9C-AE71-71D6E7DEB482}" = Power BibleCD 5.5
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EAFA85AA-CCF3-0000-8D4F-4557F945C865}" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins
"{EAFA85AA-CCF3-0409-8D4F-4557F945C865}" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins English Language Pack
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Akamai" = Akamai NetSession Interface
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AutoCAD Civil 3D 2011" = AutoCAD Civil 3D 2011
"AutoCAD Civil 3D 2011 Version 2.1" = AutoCAD Civil 3D 2011 Version 2.1
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 English
"Autodesk Inventor Professional 2011 SP1" = Autodesk Inventor Professional 2011 SP1
"Autodesk Navisworks 2011 32 bit Exporter Plug-ins" = Autodesk Navisworks 2011 32 bit Exporter Plug-ins
"Autodesk Navisworks Freedom 2011" = Autodesk Navisworks Freedom 2011
"Autodesk Navisworks Manage 2011" = Autodesk Navisworks Manage 2011
"Autodesk Revit Architecture 2011" = Autodesk Revit Architecture 2011
"Autodesk Revit Architecture 2011 SP2" = Autodesk Revit Architecture 2011 x86 Update 2
"Autodesk Revit MEP 2011" = Autodesk Revit MEP 2011
"Autodesk Revit MEP 2011 SP2" = Autodesk Revit MEP 2011 x86 Update 2
"Autodesk Revit Structure 2011" = Autodesk Revit Structure 2011
"Autodesk Revit Structure 2011 SP2" = Autodesk Revit Structure 2011 x86 Update 2
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DWG TrueView 2011" = DWG TrueView 2011
"Europe Language Companion" = Europe Language Companion
"ExamView Pro" = ExamView Pro
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"ie8" = Windows Internet Explorer 8
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"InteGrade Pro" = InteGrade Pro
"IObit Security 360_is1" = IObit Security 360
"Lexmark 4300 Series" = Lexmark 4300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2008" = Microsoft Report Viewer Redistributable 2008
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Rosetta Stone 2.1.4.1A" = Rosetta Stone 2.1.4.1A
"ScrewDrivers Client v3" = ScrewDrivers Client v3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Veehd Plugin" = Veehd Plugin
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Visioneer PaperPort Viewer 5.0" = Visioneer PaperPort Viewer 5.0
"Volo View Express" = Volo View Express
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3923555660-1190350133-623060438-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2011 2:51:28 PM | Computer Name = LFM-01 | Source = Application Hang | ID = 1002
Description = Hanging application LWS.exe, version 13.0.1774.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2011 10:53:00 PM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0016225f.

Error - 5/7/2011 11:33:26 PM | Computer Name = LFM-01 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 5/8/2011 8:05:32 AM | Computer Name = LFM-01 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 5/8/2011 8:18:09 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015225f.

Error - 5/8/2011 8:18:38 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x005a225f.

Error - 5/8/2011 8:18:58 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015225f.

Error - 5/8/2011 9:02:42 AM | Computer Name = LFM-01 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 5/9/2011 12:04:49 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015226b.

Error - 5/9/2011 12:07:46 AM | Computer Name = LFM-01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0067226b.

[ System Events ]
Error - 5/9/2011 7:15:25 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:19:39 PM | Computer Name = LFM-01 | Source = Service Control Manager | ID = 7000
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed
to start due to the following error: %%2

Error - 5/9/2011 7:20:43 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:21:40 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:27:06 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:34:27 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/9/2011 7:35:53 PM | Computer Name = LFM-01 | Source = Service Control Manager | ID = 7034
Description = The Venturi2 Client service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/9/2011 7:35:54 PM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/10/2011 5:22:51 AM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/10/2011 5:31:07 AM | Computer Name = LFM-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >
ken545
2011-05-10, 15:08
Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.

How are things running now, any redirects or unwanted pop up windows ?
Lfmgtc59
2011-05-10, 15:17
KEN545

I removed Viewpoint... took a couple of tries.

Things appear to be running correctly.

I am going to re-boot as that is when I seem to have the most issues.

I will give an update when the system comes back up.

If there is an issue it may take me some time to get back online... hopefully all will go smoothly though.

Thank You

Lee
tashi
2011-05-10, 17:10
Received via contact form email. :)


KEN545

OK... I rebooted.

1. I'm back to no IE or FF. the error I am getting trying to launch (when I get one) is:

Error signature:
AppName: iexplore.exe AppVer: 8.0.6001.18702 ModName: unknown
ModVer: 0.0.0.0 Offset: 0058226b

(I also have the long log saved)

2. None of my security software would load and AOL would not launch.

3. I rebooted and ran FixMBR

4. I could then access email through AOL, but no internet.

5. I could also load Malwarebytes, SpybotSD, McAfee, TDSSkiller, and I0bit security 360

I'm going I guess to run a scan and see what happens...the last time after a full scan I was able to load IE again - on the downside it took 5 hours..

I am not sure how long this AOL "work around" is going to be up, but I will monitor it as long as possible...

Any ideas would be appreciated.

Thank You

Lee
Lfmgtc59
2011-05-10, 18:23
KEN545

I found another PC to post from.

The re-boot brought me back to square one.

I have had no luck accessing the internet this time around...

let me know how to proceed.

I appreciate the assistance... got to be pretty frustrating on your end as well.

Let me know what needs to happen next

Thanks

Lee
Lfmgtc59
2011-05-10, 18:31
I think the virus is screwing with me (lol)...

I got locked out of all the security software again,

Rebooted, ran fixmbr... now at least the security software comes up, although what good it does I am not sure.

IE & FF are both blocked from loading, not even getting error screens now.

I have the copies of Combofix, DDS, aswMBR on a thumb drive.

Thanks

Lee
ken545
2011-05-10, 18:34
Lets try this with Internet Explorer

Open IE ( even if no internet ) and go to Tools> Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset ....may take a few seconds, then OK your way out, close IE and then reopen it again and see if it helped.


I am going to post a fix with OTL that includes Babylon, its not recommended.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18707"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=18707"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=18707&q="


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Lfmgtc59
2011-05-10, 19:19
IE will not load at all.

I ran OTE.exe with the code provided.

It goes into an almost immediate system shutdown with what looks like a system32\cmd.exe dos shell window.

Right after that opens a system shutdown window appears in the foreground.

I cannot find a log file... any idea of a name to search on or location?

Thank You

Lee
Lfmgtc59
2011-05-10, 19:28
Ok I tried it again...

Now the system appears to be hung or locked

The "dos shell" window for system32\cmd is on the screen

The OTR window is on the screen but listed as not responding

The system shutdown alert window is over the OTR window and partially missing.

Both the "dos" and "OTR" windows can be moved around with the mouse.

No icons are on screen and there is no apparent HD activity.

Next step ctrl alt del for task manager??

Lee
Lfmgtc59
2011-05-10, 19:47
KEN545

OK... I ended up ctrl alt del to call up task manager and figure out what was going on...

It never came up and the windows on the screen disapeared leaving nothing, so I rebooted.

The system came back up, no logs that I could find were generated.

But... Internet Explorer is back up and running (I'm using it now).

So we are making progress...

Thanks Again

Lee
ken545
2011-05-10, 19:50
See if you can run this and if you can then try the OTL fix again

Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Lfmgtc59
2011-05-10, 20:12
I was able to download exehelper.com to the desktop

When I did however McAfee removed it from the system, so I turned off McAfee and re-downloaded.

I ran exehelper from the desktop and a window basically flashed on the screen. No log file that I could find was created.

I moved exehelper to a folder on the desktop and I re-ran exehelper.

This time the following log was created:

exeHelper by Raktor
Build 20100414
Run at 14:09:25 on 05/10/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...

I will now attempt to re-run OTL


Lee
Lfmgtc59
2011-05-10, 20:41
OK... OTL ran and re-booted the system when it was done

However, now I am once again locked out of IE altogether.

The only file that looks like it was created was a "cmd.txt" , but it was 0 kb


Lee
ken545
2011-05-10, 23:38
Lets do this


Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.




1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.







Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Lfmgtc59
2011-05-11, 00:16
KEN545

I have downloaded the programs and will start running them now...

I'll let you know as soon as I have some results


Lee
Lfmgtc59
2011-05-11, 00:33
I ran each of the downloaded "rkill" etc. programs until I got at least two to work.

My IE and internet connection is back up.

I downloaded ComboFix as instructed.

When I ran it the combofix progress bar came up and the bars colored all the way to the end.

Then an error box came up:

Error

You appear to have a currupt download
Please download a feresh copy of ComboFix.exe

You can close ComboFix by clicking the right corner of the progress bar

OK

At this point it is all just sitting there...

What should I do?

Lee
Lfmgtc59
2011-05-11, 00:41
I cleared the error by "X"ing out

When I go into Task Manager / Processes "ComboFix-10X.exe" is on the list with "0" CPU usage and 2,244K of memory

Does this indicate it is this actually running in the background or hung up?


Lee
Lfmgtc59
2011-05-11, 01:19
KEN545

I don't know if it is important, but I wanted to let you know that the memory usage of the ComboFix.exe has been floating around with a high of around 8000k to a low of 250k. It looks like it is spending most of its time around 1200K to 2000K

Lee
ken545
2011-05-11, 01:24
Bring up Task Manage using CTRL+ALT+DELETE. See if any of these processes are running ...If they are then Kill process on the first one and then try CF again, try Kill process on each one until CF runs

findstr
sed
grep.
nircmd.exe
nircmd.cfexe
swsc.cfexe
* .. or any other process that has the .cfexe extension except for CFxxx.cfexe

If ComboFix is still 'hung', then kill process on CFxxx.cfexe
Lfmgtc59
2011-05-11, 01:35
I cannot see any ".cfexe" but have the folowing "cfxxe"

cmd.cfxxe

gsar.cfxxe

nircmd.cfxxe


There is no CFxxx.cfexe
ken545
2011-05-11, 01:38
Go ahead and end task on it and see if CF will run, if not try CF in safemode

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Lfmgtc59
2011-05-11, 01:44
booting into safemode... I'll let you know when I get through how it worked


Lee
Lfmgtc59
2011-05-11, 02:07
Combofix is running under safemode.

It is running on a blue screen with the title "Autoscan"

It has made it to stage 2 and there is a blinking cursor on the next line...

Checking Task manager the process is running at about 4000k usage when I checked....


I'll let you know as soon as it completes..

You have stuck with me all day on this and I really appreciate it. having been out of work for over 12 months, I'm up for 2 or 3 very important interviews this week and having the computer running correctly is critical...

Thanks again

Lee
ken545
2011-05-11, 02:41
Lee, been a loooooong day, been at this since 4 am, take your time and I will be back in the am around 4
Lfmgtc59
2011-05-11, 02:48
Ok i will see you then... should I just let this go as long as it takes??

Again.. I really appreciate all the help.

Lee
Lfmgtc59
2011-05-11, 03:19
YEAH!!!

Ok the combofix ran through in safe mode.

I rebooted into regular mode and IE came up fine right off.

Below is the combofix log:

ComboFix 11-05-09.04 - Lee F. Mallory 05/10/2011 19:55:11.2.2 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1587 [GMT -4:00]
Running from: c:\documents and settings\Lee F. Mallory\Desktop\ComboFix-11x.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lee F. Mallory\Application Data\Microsoft\services391.exe
c:\program files\Internet Explorer\Copy of iexplore.bat
c:\program files\Internet Explorer\iexplorex.bat
c:\program files\Veehd Plugin\tbHElper.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-10 17:05 . 2011-05-10 17:05 -------- d-----w- C:\_OTL
2011-05-08 01:53 . 2011-05-08 01:53 -------- d-----w- c:\documents and settings\Lee F. Mallory\Application Data\IObit
2011-05-08 01:53 . 2011-05-08 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-08 01:53 . 2011-05-08 01:53 -------- d-----w- c:\program files\IObit
2011-05-06 21:45 . 2011-05-06 21:45 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-05-06 21:44 . 2011-05-06 21:45 -------- d-----w- c:\program files\Common Files\xing shared
2011-05-06 21:44 . 2011-05-06 21:44 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-05-06 21:44 . 2011-05-06 21:44 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-05-06 21:44 . 2011-05-06 21:44 -------- d-----w- c:\program files\real
2011-05-03 17:34 . 2011-05-03 17:34 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\Autodesk
2011-05-01 00:29 . 2011-05-01 00:29 -------- d-----w- c:\documents and settings\Lee F. Mallory\Application Data\Toolbar4
2011-05-01 00:28 . 2011-05-01 00:28 -------- d-----w- c:\program files\Veehd Plugin
2011-05-01 00:27 . 2011-05-01 00:27 -------- d-----w- c:\program files\VEEHD
2011-04-29 19:51 . 2011-04-29 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\eJ06511HdKiI06511
2011-04-27 16:52 . 2011-04-27 16:52 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\Microsoft Help
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\program files\Yontoo Layers
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\Babylon
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2011-04-26 18:43 . 2011-04-26 18:43 -------- d-----w- c:\documents and settings\Lee F. Mallory\Application Data\Babylon
2011-04-22 20:44 . 2011-04-22 20:44 625664 ----a-w- c:\temp\rar\dds[1].scr
2011-04-15 01:42 . 2011-04-15 01:42 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\The Weather Channel
2011-04-15 01:36 . 2011-04-15 01:36 -------- d-----w- c:\program files\The Weather Channel FW
2011-04-13 23:53 . 2011-04-13 23:53 -------- d-----w- c:\documents and settings\Lee F. Mallory\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 13:42 . 2011-02-18 13:42 53248 ----a-r- c:\documents and settings\Lee F. Mallory\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
1998-12-08 18:53 . 1998-12-08 18:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 18:53 . 1998-12-08 18:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 18:53 . 1998-12-08 18:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 18:53 . 1998-12-08 18:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 18:53 . 1998-12-08 18:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-08 18:53 . 1998-12-08 18:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2010-10-14 02:28 . 2011-01-29 13:23 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-27_10.46.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-01 16:42 . 2011-04-26 16:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-05-01 16:42 . 2011-05-10 23:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-27 13:59 . 2011-05-10 23:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-05-01 16:42 . 2011-04-26 16:07 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-05-06 21:45 . 2011-05-06 21:45 18944 c:\windows\Installer\1d2ef08.msi
+ 2011-05-06 21:44 . 2011-05-06 21:44 92672 c:\windows\Installer\1d2eeff.msi
+ 2011-04-27 15:57 . 2011-04-27 15:57 21504 c:\windows\Installer\11e55b8.msi
- 2006-05-31 04:41 . 2006-05-31 04:41 5632 c:\windows\system32\pndx5032.dll
+ 2011-05-06 21:44 . 2011-05-06 21:44 5632 c:\windows\system32\pndx5032.dll
+ 2011-05-06 21:44 . 2011-05-06 21:44 6656 c:\windows\system32\pndx5016.dll
- 2006-05-31 04:41 . 2006-05-31 04:41 6656 c:\windows\system32\pndx5016.dll
+ 2011-05-06 21:44 . 2011-05-06 21:44 198848 c:\windows\system32\rmoc3260.dll
+ 2006-05-31 04:41 . 2011-05-06 21:44 272896 c:\windows\system32\pncrt.dll
+ 2006-04-22 23:55 . 2011-05-10 22:17 131454 c:\windows\system32\nvModes.dat
+ 2006-05-01 18:30 . 2011-05-06 22:11 3817472 c:\windows\Installer\73c93.msi
- 2006-05-01 18:30 . 2011-04-26 12:23 3817472 c:\windows\Installer\73c93.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Venturi Configurator"="c:\program files\Venturi2\Configurator\ventcfg.exe" [2004-03-08 680063]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"bacstray"="c:\program files\Broadcom\BACS\BacsTray.exe" [2005-10-28 118784]
"HostManager"="c:\program files\Common Files\AOL\1290459129\ee\AOLSoftware.exe" [2010-02-10 41800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"File Helper"="c:\program files\File Helper\2.3.0.8\FileHelper.exe" [2010-04-09 585184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [BU]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-06 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-22 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-15 813584]
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-18 23:34 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/22/2011 9:11 PM 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/22/2011 9:11 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/22/2011 9:13 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/22/2011 8:59 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/22/2011 9:11 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/22/2011 9:11 PM 88544]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:00 PM 14336]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2010 8:45 PM 135664]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/7/2011 9:53 PM 312152]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/15/2009 7:21 AM 10384]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/22/2011 9:11 PM 271480]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3DS Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [3/10/2010 2:10 AM 86016]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [1/22/2010 6:42 PM 462336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/22/2011 9:11 PM 55840]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 4:58 PM 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/9/2010 8:45 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/22/2011 9:11 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/22/2011 9:11 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBEEPKE
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\User_Feed_Synchronization-{2A7078BE-01C3-4591-B22D-FE734C6AB8DA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2011-05-01 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\2.3.0.8\FileHelper.exe [2010-04-13 13:45]
.
2011-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 00:45]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 00:45]
.
2011-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3923555660-1190350133-623060438-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3923555660-1190350133-623060438-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: %SYSTEMROOT%\system32\biolsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: {40F7E621-301F-4B07-848F-9259306DC1ED} = 208.67.220.220,208.67.222.222
TCP: {679427EA-E3FE-4F13-8ADB-F1C8E6FA0B22} = 208.67.220.220,208.67.222.222
TCP: {F87D22A7-0A8E-4D59-A1A6-0073BBF96B85} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Lee F. Mallory\Application Data\Mozilla\Firefox\Profiles\mbtr1unv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Adobe Reader Speed Launcher - c:\documents and settings\Lee F. Mallory\Application Data\Microsoft\services391.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\documents and settings\Lee F. Mallory\Application Data\Microsoft\services391.exe
SSODL-bestreak- - (no file)
AddRemove-{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1 - c:\program files\File Helper\2.5.3.0\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 21:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\8*Á*& ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\Æ**& ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1336)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2011-05-10 21:05:53
ComboFix-quarantined-files.txt 2011-05-11 01:05
.
Pre-Run: 18,615,074,816 bytes free
Post-Run: 18,556,026,880 bytes free
.
- - End Of File - - 598861D00F3C9E792CED4C526F6FA58E
ken545
2011-05-11, 10:32
Good Morning,

I need to look over your Combofix log with a fine tooth comb, in the meantime why dont you try installing Firefox 4 and see if it will work

http://www.mozilla.com/en-US/firefox/fx/


How things running in General ?
Lfmgtc59
2011-05-11, 11:36
KEN545

Good Morning...

Everything seems to be running OK.

I ran full scans of SpybotSD, Malwarebytes, I0bit Security 360, and McAfee last night and all went well.

FireFox 4 is loaded and seems to be running fine.

There seems to be one or two "visual" differences to the interface (Taskbar color / format).

I have yet to reboot again.

I thought I would wait for you to finish your review - no sense in going back to the beginning again if there was something we needed to do before I rebooted now we are this far along.

Thank You

Lee
Lfmgtc59
2011-05-11, 12:37
KEN545

OK it appears there are still more issues, so I wanted to update you in case it was pertinant to your review of the CF log...

1. Calling up a second IE window, the window does a couple of strange things:

a. Window flashes up and then off
b. Window comes all the way up to home page, then flashes off

2. Opening linked IE window from email in new window only works sporadically and exhibits the symptoms above, but I was able to get it to work once (this session I am typing in now).

3. Opening a new tab from email link, the tab opens, but never finds the page being looked for, but does not error out either.

Thanks

Lee
ken545
2011-05-11, 13:07
Lee,

Open Internet Explorer and go to Tools > Manage Add Ons and remove all your add ons, you may have one or two that are causing problems
Lfmgtc59
2011-05-11, 13:20
KEN545

... My system just rebooted itself... don't know why exactly

Anyway it is in the middle of checking the "c" drive...

Should be back online in a minute or so and I will let you know how it comes back up
Lfmgtc59
2011-05-11, 13:35
Ok.. Its all back up and I still have IE operational - so I guess that is progress!!

I disabled all Toolbars and extensions (could not remove - not an option)

I removed all search providers but google

I removed all accelorators

no InPrivate Filtering present


Result:

Tabs seem to be opening fine

New windows seem to be opening fine


Lee
Lfmgtc59
2011-05-11, 13:41
... I hate to report this...

but since the reboot it looks like all my security software is blocked... again

none of it comes up...

Lee
Lfmgtc59
2011-05-11, 13:49
This is just plain weird...

SpybotSD will not come up at all

Malwarebytes comes up ever 4th try pretty regularly

McAfee comes up ever 4th try pretty regularly and if you shut it down and go right back in immediatly it seems to come up.

Security 360 will not come up at all...

Everything else seem ok... seems


Thanks

Lee
Lfmgtc59
2011-05-11, 14:00
I seriously wish you were sitting here seeing this for yourself... this reminds me of when I was a CAD Manager over several offices and some of the network plotting issues we used to have - hard to believe if you were not there seeing it with your own eyes...

Now SpybotSD, malwarebytes, and McAfee are all coming up fine... Security 360 is blocked.

Hopefully this makes some sense to you...

Lee
ken545
2011-05-11, 14:25
Lee,

When your computer reboots and goes right to Chkdsk, not always but it could be a warning that your hard drive is failing, what I would like you to do is post here and let them know about that and they can run you through some tests to check your drive, all us forums work together so link them to this thread so they can see what we have done. Just tell them about the reboot and going to Chkdsk and ask them if they can run you though some tests to check the health of your hard drive
http://forums.whatthetech.com/index.php?showforum=119


Then I would like you to drag aswMBR to the trash and download a fresh copy, just run the scan and post the log, just want to make sure the rootkit is gone

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Lfmgtc59
2011-05-11, 14:52
aswMBR is still blocked - I get the "google 404..." error I was before.

I will try the zip site


Lee
Lfmgtc59
2011-05-11, 15:17
OK I downloaded the zip version of aswMBR

I ran it and got a log file

Then everything went haywire...

The spybot site (this one) closed

The AOL site I run email through became very sluggish and closed

I was getting an almost constant hit to the HD

I did copy the log file to a thumb drive (see below)

I can get into IE, but my email is blocked.


aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-05-11 08:56:26
-----------------------------
08:56:26.921 OS Version: Windows 5.1.2600 Service Pack 2
08:56:26.921 Number of processors: 2 586 0xE08
08:56:27.031 ComputerName: LFM-01 UserName:
08:57:04.890 Initialize success
08:57:14.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:57:15.000 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
08:57:17.187 Disk 0 MBR read successfully
08:57:17.187 Disk 0 MBR scan
08:57:19.187 Disk 0 scanning sectors +195366465
08:57:19.234 Disk 0 scanning C:\WINDOWS\system32\drivers
08:57:36.484 Service scanning
08:57:41.328 Disk 0 trace - called modules:
08:57:41.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:57:41.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abb6030]
08:57:41.375 3 CLASSPNP.SYS[ba11905b] -> nt!IofCallDriver -> \Device\00000086[0x8ac419e8]
08:57:41.375 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac40940]
08:57:41.375 Scan finished successfully
ken545
2011-05-11, 15:30
There seems to be no end to the problems on this computer, we seem to take two steps forward and then three back, you may want to think about doing a windows repair, what this would do is reinstall windows on top of the current one and in the process will fix things as it installs, you wont lose any data.

The other option that I strongly recommend is to save all your data and then do a format and reinstall of windows, this will guarantee a nice clean stable operating system .

Before you make your choice, run this free online virus scanner, it may give us more info

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Lfmgtc59
2011-05-11, 15:44
This is the first real virus attack I have had on this computer. I am normally very careful and make sure I keep the anti-virus software up and running and up to date.

That said - I am back to being blocked from launching IE or FF

However, now all the virus software is unblocked.

Its like round and round we go, as if the virus is hiding in several locations - like fighting cancer.

OK... since I cannot run ESET online, can it be downloaded?

If not maybe the windows repair is the best option. I would really like to avoid the reformat... Besides, if I pull all the files off, what is to stop the sneaky virus from going with them? It seems impervious to any of the anti-virus,

Lee
Lfmgtc59
2011-05-11, 17:05
I rebooted in safe mode and reran combofix

That allowed me to regain functionality of IE

I am running the ESet now...

Will let you know the results


Thank You

Lee
Lfmgtc59
2011-05-11, 19:40
ESET is still running and at 37% complete

So far it has found 5 infected files

(1) Win32/Adware.Yontoo.A.application
(4) Win32/Bagle.gen.zip.worm


Lee
Lfmgtc59
2011-05-11, 20:30
KEN545

ESET Finished running, the log file is below...

***************
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity5.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PBHotbarShoppingReport16.zip Win32/Bagle.gen.zip worm
C:\Program Files\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application
C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application
****************

How is it with all the programs we have run we are still finding viruses?

Thanks Again

Lee
ken545
2011-05-11, 20:41
There is no one silver bullet, this stuff hides

Most of it was removed by Spybot and is sitting in the Recovery folder, you need to open Spybot and go to that folder and remove it all


You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

C:\Program Files\Yontoo Layers\YontooIEClient.dll<--This file
C:\AOL Instant Messenger\AIM.exe<--This file


If the site is busy you can try this one
http://virusscan.jotti.org/en
Lfmgtc59
2011-05-11, 21:09
I removed all items in the Spybot recovery

I checked my computer and my settings already match those described

Following are the results of the virustotal scan:

YontooIEClient.dll
********************
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: YontooIEClient.dll
Submission date: 2011-05-11 19:01:16 (UTC)
Current status: queued queued (#33) analysing finished


Result: 5/ 42 (11.9%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.05.12.00 2011.05.11 -
AntiVir 7.11.7.240 2011.05.11 -
Antiy-AVL 2.0.3.7 2011.05.11 -
Avast 4.8.1351.0 2011.05.11 -
Avast5 5.0.677.0 2011.05.11 -
AVG 10.0.0.1190 2011.05.11 Generic4.BJMH
BitDefender 7.2 2011.05.11 -
CAT-QuickHeal 11.00 2011.05.11 -
ClamAV 0.97.0.0 2011.05.11 -
Commtouch 5.3.2.6 2011.05.11 -
Comodo 8664 2011.05.11 -
DrWeb 5.0.2.03300 2011.05.11 -
Emsisoft 5.1.0.5 2011.05.11 Adware.Win32.Yontoo.A!A2
eSafe 7.0.17.0 2011.05.11 -
eTrust-Vet 36.1.8320 2011.05.11 -
F-Prot 4.6.2.117 2011.05.11 -
F-Secure 9.0.16440.0 2011.05.11 -
Fortinet 4.2.257.0 2011.05.11 -
GData 22 2011.05.11 -
Ikarus T3.1.1.103.0 2011.05.11 -
Jiangmin 13.0.900 2011.05.11 -
K7AntiVirus 9.103.4624 2011.05.11 -
Kaspersky 9.0.0.837 2011.05.11 -
McAfee 5.400.0.1158 2011.05.11 -
McAfee-GW-Edition 2010.1D 2011.05.11 -
Microsoft 1.6802 2011.05.11 -
NOD32 6114 2011.05.11 Win32/Adware.Yontoo.A
Norman 6.07.07 2011.05.11 -
Panda 10.0.3.5 2011.05.11 -
PCTools 7.0.3.5 2011.05.11 -
Prevx 3.0 2011.05.11 Medium Risk Malware
Rising 23.57.02.05 2011.05.11 -
Sophos 4.65.0 2011.05.11 -
SUPERAntiSpyware 4.40.0.1006 2011.05.11 -
Symantec 20101.3.2.89 2011.05.11 -
TheHacker 6.7.0.1.195 2011.05.11 -
TrendMicro 9.200.0.1012 2011.05.11 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.11 -
VBA32 3.12.16.0 2011.05.11 Adware.Yontoo.a
VIPRE 9255 2011.05.11 -
ViRobot 2011.5.11.4453 2011.05.11 -
VirusBuster 13.6.349.0 2011.05.11 -
Additional informationShow all
MD5 : 5f64ba4352c817acbacfe5eae0f90907
SHA1 : cba30233a62cda1fd82a515891aa91acd9bd8986
SHA256: 17a997737de14e41ea89b89e926d293a2030b612e44eeb7b7c87d8047afa4fc4


AIM.exe
***************************
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: AIM.exe
Submission date: 2011-05-11 19:05:42 (UTC)
Current status: queued (#35) queued (#36) analysing finished


Result: 5/ 42 (11.9%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.05.12.00 2011.05.11 -
AntiVir 7.11.7.240 2011.05.11 -
Antiy-AVL 2.0.3.7 2011.05.11 -
Avast 4.8.1351.0 2011.05.11 -
Avast5 5.0.677.0 2011.05.11 -
AVG 10.0.0.1190 2011.05.11 -
BitDefender 7.2 2011.05.11 -
CAT-QuickHeal 11.00 2011.05.11 -
ClamAV 0.97.0.0 2011.05.11 -
Commtouch 5.3.2.6 2011.05.11 -
Comodo 8664 2011.05.11 -
DrWeb 5.0.2.03300 2011.05.11 Adware.Aws
eSafe 7.0.17.0 2011.05.11 Win32.Looked.P
eTrust-Vet 36.1.8320 2011.05.11 -
F-Prot 4.6.2.117 2011.05.11 -
F-Secure 9.0.16440.0 2011.05.11 -
Fortinet 4.2.257.0 2011.05.11 -
GData 22 2011.05.11 -
Ikarus T3.1.1.103.0 2011.05.11 -
Jiangmin 13.0.900 2011.05.11 -
K7AntiVirus 9.103.4624 2011.05.11 -
Kaspersky 9.0.0.837 2011.05.11 -
McAfee 5.400.0.1158 2011.05.11 -
McAfee-GW-Edition 2010.1D 2011.05.11 -
Microsoft 1.6802 2011.05.11 -
NOD32 6114 2011.05.11 Win32/Adware.WBug.A
Norman 6.07.07 2011.05.11 -
nProtect 2011-05-11.02 2011.05.11 -
Panda 10.0.3.5 2011.05.11 -
PCTools 7.0.3.5 2011.05.11 -
Prevx 3.0 2011.05.11 -
Rising 23.57.02.05 2011.05.11 -
Sophos 4.65.0 2011.05.11 DataApp
SUPERAntiSpyware 4.40.0.1006 2011.05.11 -
Symantec 20101.3.2.89 2011.05.11 -
TheHacker 6.7.0.1.195 2011.05.11 -
TrendMicro 9.200.0.1012 2011.05.11 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.11 -
VBA32 3.12.16.0 2011.05.11 Win32.Adware.WBug.A
VIPRE 9255 2011.05.11 -
ViRobot 2011.5.11.4453 2011.05.11 -
VirusBuster 13.6.349.0 2011.05.11 -
Additional informationShow all
MD5 : 2816c9d1c6fb95c534540222aff48f20
SHA1 : 953615d05c69fb328820291d52a55be8c5615943
SHA256: 4b13d273eb8f04580926a2048b7234e8eb172debe2e2b717a9bdcdd2a28b1a09
ssdeep: 98304:LD1pAHP10sA4UUaBWO2lliuIrLdD6vPFphtr3S:9oPqsA4UZBpvPLMvPFztbS
File size : 4466776 bytes
First seen: 2006-08-30 04:15:17
Last seen : 2011-05-11 19:05:42
TrID:
Wise Installer executable (97.5%)
Win32 Executable Generic (1.0%)
Win32 Dynamic Link Library (generic) (0.9%)
Generic Win/DOS Executable (0.2%)
DOS Executable Generic (0.2%)
sigcheck:
publisher....: America Online
copyright....: America Online
product......: n/a
description..: Setup
original name: n/a
internal name: n/a
file version.: 5.9.3702
comments.....: n/a
signers......: America Online, Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 0:49 09/12/2004
verified.....: -

PEiD: Wise Installer Stub
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x370D108F (Thu Apr 08 20:24:47 1999)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1FE, 0x200, 5.55, f155a70bb31aab4a8c58b0f9d57db03c
.rdata, 0x2000, 0x215, 0x400, 2.84, 6f58ca49378072d460147a07b96a95fd
.data, 0x3000, 0x14, 0x200, 0.27, e146e7c47bdf7b7c953201f0721505e1
.rsrc, 0x4000, 0x441000, 0x440600, 8.00, 58999a71d90d70e610523cfef901ca0a

[[ 2 import(s) ]]
KERNEL32.dll: CreateFileMappingA, WaitForSingleObject, CreateProcessA, GetCommandLineA, CloseHandle, UnmapViewOfFile, WriteFile, MapViewOfFile, DeleteFileA, GetTempFileNameA, GetTempPathA, CreateFileA, GetShortPathNameA, GetModuleFileNameA
USER32.dll: wsprintfA

ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 512
CompanyName: America Online
EntryPoint: 0x1000
FileFlagsMask: 0x003f
FileOS: Windows 16-bit
FileSize: 4.3 MB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.9.3702
FileVersionNumber: 5.9.3702.0
ImageVersion: 0.0
InitializedDataSize: 4460032
LanguageCode: English (U.S.)
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
PEType: PE32
ProductVersionNumber: 5.9.3702.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1999:04:08 22:24:47+02:00
UninitializedDataSize: 0
XX: |,LegalCopyright
XXXXXXXXXXXXXXXXXXXXXXXX: ,FileDescription
ricaOnline: XXXXXXXXXXXXXXXXXXXXXXXXXXX
up: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX



VT Community
ken545
2011-05-12, 00:07
C:\Program Files\Yontoo Layers
C:\AOL Instant Messenger

I would uninstall both these programs, give me a break, who uses AOL anymore :)


What I would like you to do is use your computer for a day or two and then post back and let me know how its running
Lfmgtc59
2011-05-12, 00:16
I cannot find Yontoo to uninstall, shall I just find and delete the file?
ken545
2011-05-12, 00:21
Sure, go for it
Lfmgtc59
2011-05-12, 00:30
KEN545

Aol Instant messanger and Yontoo both deleted. I actually "shredded" them with McAfee Data protection set to its most secure level... so they should be gone.

I have rebooted and all came up OK this time, everything running.

I agree I probably at this point just need to run with it a couple of days to see what happens.

I need to take it on the road anyway as I have an out of town interview tomorrow and won't be back until Saturday. Should be a good test.

So probably sometime Saturday or Sunday I will give you an update if that will work.

Can you keep the thread open until then since it is past the 3 days?

I really appreciate all the effort you have put into this for me. Do the donations go to you or the site?

Thank You Very Much :-)

Lee
ken545
2011-05-12, 00:44
No problem Lee, my pleasure, sure, I will keep the thread open until you return. The donations go to Safer and thats fine with me
Lfmgtc59
2011-05-17, 18:59
KEN545

Well... everything ran fine until this afternoon.

I let the computer go into hybernation for the first time this afternoon and when I woke it up I was locked out of IE...

I ran the following:

TDSKiller
rkill
useRiNiT
WinlOgOn
OTE
Combofix

Rebooted and ran FixMBR during boot

Rebooted again

Now it works again fine.

Maybe I got ahead of myself, but figured running the same processes through that did the job the first time might get things up and running again.

So... Is their any way to "flush" out the hybernation file? Or am I jumping to a conclusion that the virus is "embedded" in the hybernation file?

Anyway.

I'm interested in your take on this.

Thank You

Lee
ken545
2011-05-17, 19:41
I have never been a fan of Hibernation, have seen it cause all sorts of problems. Take it out of Hibernation and just have it go to sleep
Lfmgtc59
2011-05-17, 20:20
KEN545

By "sleep" do you mean "standby"?

Thanks

Lee
ken545
2011-05-18, 02:10
Yes, you can go to the Control Panel under Power Options and reset it. Have it just go to stand by or sleep. You can change it to shut off your monitor after a certain time period also if you wish, but stay away from Hibernation