Jump to content

gmer log - others won't work


Roon

Recommended Posts

Thank you for your help. I have Windows XP Home on this machine. Besides Malware bytes, I was using AVG for my virus. It was up to date but expired about Thursday. My internet was down. When my internet came back up, I noticed that Comcast had installed Macafee and I decided to use that instead of paying for AVG update. I'm not married to that if that is a bad idea. I also kept my malwarebytes up to date and have a paid subscription to it. There is no free space but I delete files and that doesn't seem to free space up. My system did not come with discs for windows just a restore operating system. I had already deleted temp files but I just installed the hard drive so very little had built up.

DDS wouldn't work. "Unknown Error"

Defogger wouldn't work "Unable to operate create file"

Here is the log from gmer. It would not create the file (disk full) so I copied and pasted. It did seem to have an error or message or two that flashed by in the beginning but I didn't catch what they were or said.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-05 18:38:13

Windows 5.1.2600 Service Pack 3

Running: nqyby96b.com

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B84639015731CB44CBE593FB79D735AF\Usage@PDFCreate32 1025835108

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 3319

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Meg\My Documents\restored laptop\Drive©\Documents and Settings\Meg\Application Data\Macromedia\Flash Player\#SharedObjects\BSVED63S\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_Localized_Prod._V228929840_.swf\AlbumSampler.sol 52 bytes

---- EOF - GMER 1.0.15 ----

Again, thank you in advance!

Meg

Link to post
Share on other sites

Hello Meg,

Do you mean this system is out of free space? or extremely close to it?

There is no free space but I delete files and that doesn't seem to free space up.

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Next: Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Next, use My Computer {Windows Explorer}. Look at the My Computer selection. How much free space is there?

Link to post
Share on other sites

Ok, wasn't quite as easy as that but I eventually was able to trick the computer into running it. It seemed to help already, my internet looks normal again.

When I look at properties, my hard drive is now showing pink again with 85.1 GB free.

Am I repaired or are there still steps to take?

Thank you once again!

Meg

Edited by Maurice Naggar
Quoted section removed
Link to post
Share on other sites

No we aren't done. There's more checking to start with. I need to see other reports.

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or

http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please include the following logs ( Copy & Paste) in your next reply:

DDS.txt

Attach.txt

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

When starting a reply, please onlu use the AddReply t_reply.gif button at lower left of forum screen.

Link to post
Share on other sites

Here you go. I am SO impressed by the level of help. You guys deserve an award! Thank you!

DDS log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Meg at 11:53:20.82 on Mon 09/06/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1029 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Xfinity TV\Xfinity TV Downloads Media Manager\MediaManager.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Meg\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://dogpile.com/

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [MBDef] MBDef.Exe

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe

mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe

mRun: [Nuance PDF Professional 6-reminder] "c:\program files\nuance\pdf professional 6\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf professional 6\ereg\Ereg.ini"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xfinit~1.lnk - c:\program files\xfinity tv\xfinity tv downloads media manager\MediaManager.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-21 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-21 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-21 27784]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-21 108552]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 6\PDFProFiltSrv.exe [2009-7-27 134944]

R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-8-21 297752]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-9-3 24576]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-09-05 20:27:37 0 ----a-w- C:\kxloapog.sys

2010-09-05 18:00:32 0 d-----w- c:\program files\Trend Micro

2010-09-05 17:46:22 44544 ----a-w- c:\windows\system32\agremove.exe

2010-09-04 02:27:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

2010-09-04 02:27:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-09-04 02:27:30 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-09-04 02:08:16 0 d-----w- c:\docume~1\meg\applic~1\Teleca

2010-09-04 02:07:52 0 d-----w- c:\docume~1\alluse~1\applic~1\HTC

2010-09-04 02:07:47 0 d-----w- c:\program files\common files\Teleca Shared

2010-09-04 02:07:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca

2010-09-04 02:05:58 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2010-09-04 02:05:58 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-09-04 02:05:53 0 d-----w- c:\program files\Spirent Communications

2010-09-04 02:05:46 0 d-----w- c:\program files\HTC

2010-09-03 20:49:58 0 d-----w- c:\docume~1\meg\applic~1\Intuit

2010-09-03 20:49:18 0 d-----w- c:\program files\common files\AnswerWorks 5.0

2010-09-03 20:15:24 0 d-----w- c:\program files\iPod

2010-09-03 20:14:43 0 d-----w- c:\program files\iTunes

2010-09-03 18:41:18 0 d-----w- c:\program files\TurboTax

2010-09-03 14:02:11 0 d-----w- c:\program files\Xfinity TV

2010-09-03 13:33:03 0 d-----w- c:\program files\Windows Media Connect 2

2010-09-03 13:31:42 0 d-----w- c:\windows\system32\LogFiles

2010-09-03 06:42:14 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-09-03 06:42:12 0 d-----w- c:\program files\McAfee Security Scan

2010-09-01 05:11:02 0 d-----w- c:\program files\Baarns

2010-08-30 20:38:29 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-08-30 20:38:29 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-08-30 20:36:54 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-30 20:33:21 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-08-30 20:33:21 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-08-30 20:31:49 0 d-----w- c:\program files\Bonjour

2010-08-28 00:52:59 0 d-----w- c:\program files\common files\Motive

2010-08-27 15:24:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-08-27 15:24:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-08-27 15:22:19 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2010-08-27 15:08:22 74528 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-08-27 15:07:34 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-08-27 15:07:34 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-08-27 13:28:53 0 d-----w- c:\windows\system32\wbem\Repository

2010-08-26 03:46:13 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cb44d13ae5dcac.mof

2010-08-25 05:11:04 0 d-----w- c:\documents and settings\meg\Philips backup

2010-08-25 03:35:27 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2010-08-25 03:35:27 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2010-08-25 03:35:22 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2010-08-25 03:35:12 368736 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2010-08-25 02:37:02 0 d-----w- c:\docume~1\meg\applic~1\Nuance

2010-08-25 02:36:58 0 d-----w- c:\docume~1\meg\applic~1\FLEXnet

2010-08-23 23:25:32 0 d-----w- C:\123ca2a33f23cf854b66aa

2010-08-23 23:01:57 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat

2010-08-23 20:20:02 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2010-08-23 20:11:47 0 d-----w- c:\program files\Intuit

2010-08-23 20:11:47 0 d-----w- c:\program files\common files\Intuit

2010-08-23 20:11:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit

2010-08-23 19:36:26 90 ----a-w- c:\windows\QBChanUtil_Trigger.ini

2010-08-23 19:36:24 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11

2010-08-23 19:36:08 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES

2010-08-23 19:28:22 0 d-----w- c:\windows\system32\XPSViewer

2010-08-23 19:26:00 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-08-23 19:26:00 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-08-23 19:26:00 117760 ------w- c:\windows\system32\prntvpt.dll

2010-08-23 19:25:59 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-08-23 19:25:59 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-08-23 19:25:59 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-08-23 19:25:59 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-08-23 19:25:58 0 d-----w- C:\83d2f382e70aa8b986f70d31

2010-08-23 18:21:14 0 ----a-w- c:\windows\tosOBEX.INI

2010-08-23 17:15:07 0 d-----w- c:\windows\Intuit

2010-08-23 15:45:29 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-08-23 15:45:29 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

2010-08-23 15:45:18 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-08-23 15:45:18 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2010-08-23 15:45:11 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-08-23 15:45:11 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-08-23 15:44:54 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-08-23 15:44:54 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

2010-08-23 13:15:40 726008 ----a-w- c:\documents and settings\meg\gotomypc_438.exe

2010-08-22 13:35:36 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-22 13:35:36 215920 ----a-w- c:\windows\system32\muweb.dll

2010-08-22 13:35:36 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-08-21 04:34:33 0 d-----w- c:\docume~1\meg\applic~1\Zeon

2010-08-21 04:34:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Nuance

2010-08-21 04:33:34 0 d-----w- c:\docume~1\alluse~1\applic~1\zeon

2010-08-21 04:33:30 0 d-----w- c:\program files\common files\ScanSoft Shared

2010-08-21 04:33:02 0 d-----w- c:\program files\Nuance

2010-08-21 04:12:38 0 d-----w- c:\docume~1\meg\applic~1\AVG8

2010-08-21 04:12:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2010-08-21 04:12:06 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-08-21 04:12:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-08-21 04:11:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-08-21 04:11:56 0 d-----w- c:\windows\system32\drivers\Avg

2010-08-21 04:11:53 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-08-21 04:11:42 0 d-----w- c:\program files\AVG

2010-08-21 04:11:42 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8

2010-08-21 03:19:34 0 d-----w- c:\program files\Pure Networks

2010-08-21 03:13:41 0 d-----w- c:\program files\WebEx

2010-08-21 03:13:06 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys

2010-08-21 03:12:50 26672 ----a-w- c:\windows\system32\drivers\purendis.sys

2010-08-21 03:12:47 0 d-----w- c:\program files\common files\Pure Networks Shared

2010-08-21 03:12:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks

2010-08-21 01:52:10 0 d-----w- c:\docume~1\meg\applic~1\Malwarebytes

2010-08-21 01:52:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-21 01:52:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-21 01:44:32 17920 ----a-w- c:\windows\system32\mdimon.dll

2010-08-21 01:43:03 0 d-----w- c:\windows\SHELLNEW

2010-08-21 00:55:32 0 d-sh--w- c:\documents and settings\meg\IECompatCache

2010-08-21 00:55:24 376 ----a-w- c:\windows\ODBC.INI

2010-08-21 00:54:51 0 d-sh--w- c:\documents and settings\meg\PrivacIE

2010-08-21 00:45:34 0 d-sh--w- c:\documents and settings\meg\IETldCache

2010-08-21 00:41:27 0 dc-h--w- c:\windows\ie8

2010-08-21 00:17:53 0 d-----w- c:\windows\system32\scripting

2010-08-21 00:17:53 0 d-----w- c:\windows\l2schemas

2010-08-21 00:17:52 0 d-----w- c:\windows\system32\en

2010-08-21 00:17:52 0 d-----w- c:\windows\system32\bits

2010-08-21 00:16:57 0 d-----w- c:\windows\ServicePackFiles

2010-08-21 00:15:43 0 d-----w- c:\docume~1\meg\applic~1\Intel

2010-08-21 00:14:49 4128 ----a-w- C:\INFCACHE.1

2010-08-21 00:13:16 0 d-----w- c:\windows\EHome

2010-08-21 00:10:15 8192 ----a-w- c:\windows\REGLOCS.OLD

2010-08-21 00:09:01 61 ----a-w- c:\windows\smscfg.ini

2010-08-21 00:06:58 999 ------w- c:\windows\system32\dllcache\bktrh.gif

2010-08-21 00:02:34 0 d-sh--w- c:\documents and settings\meg\UserData

2010-08-20 23:57:14 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2010-08-20 23:55:36 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-08-20 23:55:25 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2010-08-20 23:54:49 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-08-20 23:48:41 0 d-----w- c:\windows\system32\PreInstall

2010-08-20 23:37:14 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-08-20 23:33:50 0 d-----w- c:\windows\pss

2010-08-20 23:32:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix

2010-08-20 23:32:09 0 d-----w- c:\program files\Citrix

2010-08-20 23:32:02 61224 ----a-w- c:\documents and settings\meg\GoToAssistDownloadHelper.exe

2010-08-20 21:41:51 33 ----a-w- c:\windows\SAENSystems.sni

2010-08-20 21:41:51 26 ----a-w- c:\windows\VoiceCenter.vci

2010-08-20 21:41:35 44032 ------w- c:\windows\system32\CTSVCCDA.EXE

2010-08-20 21:41:35 25088 ------w- c:\windows\system32\CTSVCCTL.EXE

2010-08-20 21:41:30 0 d-----w- c:\program files\common files\Creative

2010-08-20 21:41:29 0 d--h--w- c:\program files\Creative Installation Information

2010-08-20 21:41:25 647872 ------w- c:\windows\system32\Mscomct2.ocx

2010-08-20 21:41:25 41984 ------w- c:\windows\Ctregrun.exe

2010-08-20 21:41:22 90112 ------w- c:\windows\Updreg.EXE

2010-08-20 21:41:09 10820 ----a-w- c:\windows\system32\CTSBMB.INI

2010-08-20 21:41:09 0 d-----w- c:\windows\system32\Data

2010-08-20 21:40:58 9728 ------w- c:\windows\system32\drivers\PfModNT.sys

2010-08-20 21:23:14 0 d-----w- c:\program files\Creative

2010-08-20 21:23:07 0 d-----w- c:\program files\Digital Line Detect

2010-08-20 21:23:00 0 d-----w- c:\program files\NetWaiting

2010-08-20 21:22:53 0 d-----w- c:\program files\Modem Helper

2010-08-20 21:22:50 0 d-----w- c:\program files\Dell

2010-08-20 21:22:45 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS

2010-08-20 21:21:08 0 d-----w- c:\program files\CONEXANT

2010-08-20 21:21:01 0 d-----w- c:\program files\Sigmatel

2010-08-20 21:20:15 0 d-----w- c:\program files\BlueTooth

2010-08-20 21:19:37 0 d-----w- c:\program files\Toshiba

2010-08-20 21:19:34 0 d-----w- c:\program files\Intel, Inc

2010-08-20 21:19:13 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-08-20 21:18:44 0 d-----w- c:\program files\Broadcom

2010-08-20 21:18:28 0 d-----w- c:\program files\Synaptics

2010-08-20 21:14:56 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

2010-08-20 21:12:50 0 d-----w- c:\program files\MSXML 4.0

2010-08-20 21:07:53 17051 ----a-w- c:\windows\system32\nvModes.001

2010-08-20 21:07:51 17051 ----a-w- c:\windows\system32\nvModes.dat

2010-08-20 21:04:21 30098 ----a-w- c:\windows\system32\nvapps.xml

2010-08-20 21:04:21 176128 ----a-w- c:\windows\system32\nvudisp.exe

2010-08-20 21:04:21 14757 ----a-w- c:\windows\system32\nvdisp.nvu

2010-08-20 21:04:21 0 d-----w- c:\windows\nview

2010-08-20 21:04:09 0 d-----w- c:\windows\system32\ReinstallBackups

2010-08-20 21:03:28 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2010-08-20 21:03:28 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys

2010-08-20 21:03:27 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys

2010-08-20 21:03:18 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys

2010-08-20 21:03:04 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-08-20 21:03:03 14208 ----a-w- c:\windows\system32\drivers\battc.sys

2010-08-20 21:03:03 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys

2010-08-20 19:22:27 9728 ----a-w- c:\windows\system32\wceprv.dll

2010-08-20 19:22:27 49152 ----a-w- c:\windows\system32\instw32.exe

2010-08-20 19:22:27 32256 ----a-w- c:\windows\system32\instd32.exe

2010-08-19 12:57:09 6857 ---ha-r- C:\dell.sdr

2010-08-19 12:54:57 787512 ----a-w- c:\windows\Dell.bmp

2010-08-19 12:54:24 1711104 ----a-w- c:\windows\system32\drivers\NETw3x32.sys

2010-08-19 12:54:23 561152 ----a-w- c:\windows\system32\NETw3c32.dll

2010-08-19 12:54:23 2732032 ----a-w- c:\windows\system32\NETw3r32.dll

2010-08-19 12:54:19 44544 ----a-w- c:\windows\system32\drivers\bcm4sbxp.sys

2010-08-19 12:54:19 0 d-----w- C:\drivers

2010-08-19 12:54:15 6857 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_9400.mrk

2010-08-19 12:52:45 96310 ----a-w- c:\windows\system32\DELLWALL.BMP

2010-08-19 12:52:45 787356 ----a-w- c:\windows\system32\OEMBKGN1.BMP

2010-08-19 12:52:45 5134 ----a-w- c:\windows\system32\OEMLOGO.BMP

2010-08-19 12:52:45 1120 ----a-w- c:\windows\system32\OEMINFO.INI

2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-08-20 21:16:30 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll

2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll

2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll

2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll

2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll

2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll

2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll

2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-18 11:39:18 16896 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 11:53:46.23 ===============

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/20/2010 8:15:29 PM

System Uptime: 9/6/2010 11:43:39 AM (0 hours ago)

Motherboard: Dell Inc. | | 0YD479

Processor: Genuine Intel® CPU T1300 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 3.915 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP62: 9/6/2010 1:53:23 AM - System Checkpoint

RP63: 9/6/2010 3:01:53 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Acronis

Link to post
Share on other sites

I am SO impressed by the level of help. You guys deserve an award! Thank you!

:blink: Your note is much appreciated and touching. 4-clap.gif

This last DDS log shows the system has AVG antivirus, and also, McAfee Security Scan.

I would personnaly suggest you remove both and switch to Avira AntiVir free edition -- as long as this is a home system for personal use.

Let me know what you decide.

My impression of AVG is not favorable. I have seen too many infected systems that happened to also have AVG.

The McAfee, we can't tell how you came about to have it.

Advise me of your inclination. I'll need to guide you properly if you switch.

Meantime, proceed with these steps:

Step 1

Download Dr.Web CureIt to the desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Step 2

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Step 3

Please download & save Malwarebytes Anti-Malware from

http://www.malwarebytes.org/mbam-download.php or

http://www.besttechie.net/tools/mbam-setup.exe or

http://malwarebytes.gt500.org/mbam.jsp

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Reply with copy of contents of the Dr Web Cure-It log

and the MBAM scan log

and Checkup.txt

Link to post
Share on other sites

cannot launch Dr. Cure-it.

First when I try, I get a message that flashes quite fast on the screen that you can't read it. I finally realized if I was fast, I could do a print screen and paste that elsewhere to read. Once I did that, I clicked ok to run in EMP mode. Then I received a message that says:

91efac.exe - application Error

The application failed to initialize property (0xc0000142). Click ok to terminate the application.

So next time I clicked "ok" and did it again, this time choosing "cancel" which runs it in the other mode. I didn't get any choices or screens that time, but the light if flashing on my hard drive as if it could be doing something.

Well, now it looks like I need to start all over because the message is back that my machine is low on disk space.

Link to post
Share on other sites

Let's forget the DrWeb Cure-It scan. Let's don't run it. Find where you saved it, and delete it. Then Empty the Recycle Bin.

Then find TFC from before and Run it again.

Then skip to my last note and get and run MBAM.

and I need for you to recheck again and tell me How much Free space is on your C Drive

Link to post
Share on other sites

Ok - I'm back to 85.6 Gigs of free space.

I'm not sure how the MacAfee got loaded either, I think it was part of the load that comcast did when I loaded the program to control my tv from my computer (don't have compcast internet at this time). Since the AVG subscription is up this is a good time to switch. I just did some reading on Avira and I'm willing to give it a try.

I'm thinking I know how the file space problem came back. When I went to run the Dr. Web Cure it and it didn't seem to be working, I thought it might be safe to change file from .com back to .exe and run it thinking that might be the problem. I'm beginning to think that when I executed a .exe file, the virus or whatever this is was launched again. Therefore I'm wondering if it is still lurking since I've basically taken the same steps as last time. Only difference is that I ran TFC and it removed a bunch of problems, I rebooted and it removed more. So wondering if I should keep running and rebooting until that is a clean run?

Thanks AGAIN!!!!

Meg

Here is the log for malwarebytes:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4557

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/6/2010 6:29:20 PM

mbam-log-2010-09-06 (18-29-20).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 239418

Time elapsed: 2 hour(s), 22 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Bravo on "I'm back to 85.6 Gigs of free space."

You should not have to run TFC quite this often. But you certainly can keep the program, and you can run it on a periodic basis to empty out temporary files.

The MBAM scan found no malwares. So that is encouraging.

I'd like for you to do an online scan at Eset.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

RE-Enable your AntiVirus and AntiSpyware applications.

Copy and Paste the contents of the ESET Scan log.

Link to post
Share on other sites

Hi Maurice,

Well 16 hours later, nothing. I will post the log in a second. I've had to run the file to delete the temp files about 8 or 9 times. In fact, it is currenlty working at creating temp files because I'm losing a gig about every 60 or seconds or less. I have to run it in safe mode, it will not run in normal mode.

Can you send me the info on the virus program you mentioned please? I deleted the Macafee since I have no idea where it came from. I thought Comcast but I saw an add and I think comcast uses Nortons. I deleted the AVG when I was trying to get disk space to run the programs you were telling me to run.

Thanks again for all your help. I've got major deadlines and this isn't helping.

Meg

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=7d820e78b2129f4987c3cf689c493de4

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-09-09 12:28:01

# local_time=2010-09-09 08:28:01 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 687118 687118 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=123149

# found=0

# cleaned=0

# scan_time=62723 :):)

Link to post
Share on other sites

As much as possible, run this in Normal mode of Windows. It's vital to see all that is running in Normal mode.

Step 1

Download RootRepeal from one of these links:

>> Link 1<<

or >>Link 2<<

or >>Link 3<<

  • SAVE the zip download to your Desktop.
  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.

Reply with copy of Rootrepeal log

Step 2

Download The Avenger by Swandog46 from here.

  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to delete:
    C:\Kxloapog.sys

    Folders to delete:
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • ! Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.

If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.

and then reboot the system again.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
    TDSSKillerMain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Reply with copy of Rootrepeal log

C:\Avenger.txt

the TDSSKILLER log

Link to post
Share on other sites

I can see that it is still there because my drive is filling up while we speak. Here are the logs:

Root Repeal

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/09/11 23:53

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_298.dat

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\meg\local settings\temp\~df3141.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\meg\local settings\temp\~df3ed3.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\meg\local settings\temp\~df417e.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\meg\local settings\temp\~df57fe.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\meg\local settings\temp\~dfc0f1.tmp

Status: Allocation size mismatch (API: 393216, Raw: 16384)

Path: c:\documents and settings\meg\local settings\temp\~dff529.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\all users\application data\pure networks\log\logfile.nmsrvc_exe.txt

Status: Size mismatch (API: 86526, Raw: 85930)

avenger below

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\Kxloapog.sys" deleted successfully.

Folder "C:\recycler" deleted successfully.

Error: could not open folder "D:\recycler"

Deletion of folder "D:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "e:\recycler"

Deletion of folder "e:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "f:\recycler"

Deletion of folder "f:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "g:\recycler"

Deletion of folder "g:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "h:\recycler"

Deletion of folder "h:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Completed script processing.

*******************

Finished! Terminate.

Rkill

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Meg on 09/12/2010 at 0:12:33.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Meg\Desktop\rkill.com

Rkill completed on 09/12/2010 at 0:14:25.

And TDDS killer

2010/09/12 00:29:01.0937 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/12 00:29:01.0937 ================================================================================

2010/09/12 00:29:01.0937 SystemInfo:

2010/09/12 00:29:01.0937

2010/09/12 00:29:01.0937 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/12 00:29:01.0937 Product type: Workstation

2010/09/12 00:29:01.0937 ComputerName: DFJ080B1

2010/09/12 00:29:01.0937 UserName: Meg

2010/09/12 00:29:01.0937 Windows directory: C:\WINDOWS

2010/09/12 00:29:01.0937 System windows directory: C:\WINDOWS

2010/09/12 00:29:01.0937 Processor architecture: Intel x86

2010/09/12 00:29:01.0937 Number of processors: 1

2010/09/12 00:29:01.0937 Page size: 0x1000

2010/09/12 00:29:01.0937 Boot type: Normal boot

2010/09/12 00:29:01.0937 ================================================================================

2010/09/12 00:29:02.0859 Initialize success

2010/09/12 00:29:10.0875 ================================================================================

2010/09/12 00:29:10.0875 Scan started

2010/09/12 00:29:10.0875 Mode: Manual;

2010/09/12 00:29:10.0875 ================================================================================

2010/09/12 00:29:13.0734 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/09/12 00:29:13.0843 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/12 00:29:14.0031 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/12 00:29:14.0171 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/09/12 00:29:14.0312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/12 00:29:14.0437 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/09/12 00:29:14.0593 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/12 00:29:14.0750 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/09/12 00:29:14.0781 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/09/12 00:29:14.0953 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/09/12 00:29:15.0031 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/09/12 00:29:15.0109 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/09/12 00:29:15.0218 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/09/12 00:29:15.0265 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/09/12 00:29:15.0437 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/09/12 00:29:15.0500 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/09/12 00:29:15.0531 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2010/09/12 00:29:15.0593 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/12 00:29:15.0671 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/09/12 00:29:15.0765 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/09/12 00:29:15.0812 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/09/12 00:29:16.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/12 00:29:16.0078 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/12 00:29:16.0281 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/12 00:29:16.0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/12 00:29:16.0468 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2010/09/12 00:29:16.0671 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/12 00:29:16.0968 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/09/12 00:29:17.0015 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/12 00:29:17.0078 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/09/12 00:29:17.0171 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/12 00:29:17.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/12 00:29:17.0453 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/12 00:29:17.0562 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/09/12 00:29:17.0734 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/09/12 00:29:17.0859 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/09/12 00:29:18.0171 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/09/12 00:29:18.0296 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

2010/09/12 00:29:18.0421 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

2010/09/12 00:29:18.0484 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/09/12 00:29:18.0593 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/09/12 00:29:18.0843 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/12 00:29:19.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/12 00:29:19.0750 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/12 00:29:20.0078 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/12 00:29:20.0546 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/12 00:29:21.0125 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/09/12 00:29:21.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/12 00:29:21.0984 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/09/12 00:29:23.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/12 00:29:23.0921 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/12 00:29:24.0312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/12 00:29:25.0031 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/12 00:29:25.0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/12 00:29:26.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/12 00:29:26.0578 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/12 00:29:27.0140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/09/12 00:29:27.0703 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/12 00:29:28.0109 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/09/12 00:29:28.0937 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/12 00:29:29.0531 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/09/12 00:29:30.0109 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

2010/09/12 00:29:31.0281 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2010/09/12 00:29:31.0687 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys

2010/09/12 00:29:32.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/12 00:29:33.0046 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/09/12 00:29:33.0765 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/09/12 00:29:34.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/12 00:29:34.0890 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/12 00:29:35.0750 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/09/12 00:29:36.0375 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/09/12 00:29:36.0968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/12 00:29:37.0609 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/12 00:29:37.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/12 00:29:38.0234 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/12 00:29:38.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/12 00:29:39.0250 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/12 00:29:39.0812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/12 00:29:40.0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/12 00:29:40.0953 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/12 00:29:41.0328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/09/12 00:29:42.0031 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/12 00:29:42.0468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/12 00:29:44.0046 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

2010/09/12 00:29:44.0921 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/09/12 00:29:45.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/12 00:29:46.0203 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/12 00:29:46.0906 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

2010/09/12 00:29:48.0093 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/12 00:29:48.0500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/12 00:29:49.0234 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/12 00:29:49.0593 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/09/12 00:29:50.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/12 00:29:51.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/12 00:29:52.0546 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/12 00:29:53.0281 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/12 00:29:53.0609 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/12 00:29:53.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/12 00:29:54.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/12 00:29:54.0953 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/12 00:29:55.0453 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/12 00:29:55.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/12 00:29:56.0296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/12 00:29:57.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/12 00:29:57.0593 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/12 00:29:57.0968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/12 00:29:58.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/12 00:29:59.0750 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

2010/09/12 00:30:01.0140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/12 00:30:01.0750 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/12 00:30:02.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/12 00:30:03.0234 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/09/12 00:30:03.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/12 00:30:05.0140 nv (ccc2b6a4fc04949cbd37e40f7dc25a46) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/12 00:30:07.0453 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/12 00:30:08.0015 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/12 00:30:08.0421 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/12 00:30:09.0062 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

2010/09/12 00:30:09.0734 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/12 00:30:10.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/12 00:30:10.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/12 00:30:10.0703 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/12 00:30:11.0625 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/12 00:30:12.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/12 00:30:14.0156 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/09/12 00:30:14.0765 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/09/12 00:30:15.0953 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys

2010/09/12 00:30:16.0640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/12 00:30:17.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/12 00:30:17.0625 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/12 00:30:17.0968 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys

2010/09/12 00:30:18.0640 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/09/12 00:30:19.0234 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/09/12 00:30:19.0546 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/09/12 00:30:19.0796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/09/12 00:30:20.0109 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/09/12 00:30:20.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/12 00:30:21.0187 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/12 00:30:21.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/12 00:30:22.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/12 00:30:22.0546 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/12 00:30:23.0125 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/12 00:30:24.0078 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/09/12 00:30:24.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/12 00:30:25.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/12 00:30:25.0843 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2010/09/12 00:30:26.0250 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2010/09/12 00:30:26.0593 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2010/09/12 00:30:27.0687 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/09/12 00:30:28.0593 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/09/12 00:30:28.0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/12 00:30:29.0781 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/12 00:30:30.0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/12 00:30:30.0890 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/12 00:30:31.0921 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/09/12 00:30:32.0468 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys

2010/09/12 00:30:33.0250 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/09/12 00:30:33.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/12 00:30:34.0281 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/12 00:30:34.0828 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/12 00:30:35.0781 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

2010/09/12 00:30:36.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/12 00:30:37.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/12 00:30:38.0140 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/09/12 00:30:38.0406 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/09/12 00:30:38.0671 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/09/12 00:30:38.0921 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/09/12 00:30:39.0671 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/09/12 00:30:40.0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/12 00:30:40.0890 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/12 00:30:41.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/12 00:30:42.0031 tdrpman (603d59923828c6c213b84b14cbf32083) C:\WINDOWS\system32\DRIVERS\tdrpman.sys

2010/09/12 00:30:42.0656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/12 00:30:42.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/12 00:30:43.0625 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

2010/09/12 00:30:44.0125 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys

2010/09/12 00:30:44.0875 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

2010/09/12 00:30:45.0437 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/09/12 00:30:45.0718 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2010/09/12 00:30:46.0140 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2010/09/12 00:30:46.0625 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2010/09/12 00:30:47.0187 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2010/09/12 00:30:47.0718 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2010/09/12 00:30:48.0187 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2010/09/12 00:30:48.0718 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys

2010/09/12 00:30:49.0109 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2010/09/12 00:30:49.0671 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/12 00:30:50.0437 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/09/12 00:30:51.0000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/12 00:30:52.0171 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/09/12 00:30:52.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/12 00:30:53.0156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/12 00:30:53.0453 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/12 00:30:54.0000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/12 00:30:54.0406 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/12 00:30:54.0968 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/09/12 00:30:55.0562 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/12 00:30:56.0125 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/09/12 00:30:56.0453 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/09/12 00:30:56.0859 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/12 00:30:57.0703 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/12 00:30:58.0093 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/09/12 00:30:59.0125 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/12 00:30:59.0968 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2010/09/12 00:31:01.0468 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/09/12 00:31:02.0593 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/12 00:31:02.0937 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/12 00:31:04.0562 ================================================================================

2010/09/12 00:31:04.0562 Scan finished

2010/09/12 00:31:04.0562 ================================================================================

2010/09/12 00:32:36.0687 Deinitialize success

Link to post
Share on other sites

Confirm for me that there's no filesharing app on this system, like limewire or any other "torrent".

Keep TFC (Temp File Cleaner) handy. Run it now.

Then, logoff and restart the system into Safe Mode with Networking

Run TFC once more.

Then,

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Combofix.txt

Link to post
Share on other sites

Thanks again for all the help. I do not have any filesharing app running. Here is the log.

ComboFix 10-09-11.04 - Meg 09/12/2010 13:03:35.1.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1773 [GMT -4:00]

Running from: c:\documents and settings\Meg\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Meg\GoToAssistDownloadHelper.exe

c:\windows\system32\Data

.

((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))

.

2010-09-12 15:49 . 2010-09-12 15:49 -------- d-----w- c:\program files\Common Files\supportsoft

2010-09-12 06:14 . 2007-06-28 18:09 1843200 ----a-w- c:\windows\system32\acXMLParser.dll

2010-09-12 06:14 . 2007-07-30 18:44 3518464 ----a-w- c:\windows\system32\cdintf300.dll

2010-09-11 22:10 . 2010-09-12 03:59 -------- d-----w- C:\rootrepeal

2010-09-08 12:59 . 2010-09-08 12:59 -------- d-----w- c:\program files\ESET

2010-09-08 00:52 . 2010-09-08 00:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-07 12:58 . 2010-07-26 17:42 52080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll

2010-09-07 12:57 . 2010-07-26 17:42 111472 ----a-w- c:\windows\system32\gotomon.dll

2010-09-07 12:57 . 2010-09-07 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CitrixLogs

2010-09-07 01:54 . 2010-09-07 01:54 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb

2010-09-07 01:48 . 2010-09-07 01:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon

2010-09-07 00:33 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2010-09-06 20:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-06 20:03 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-05 18:00 . 2010-09-05 18:00 -------- d-----w- c:\program files\Trend Micro

2010-09-05 17:46 . 2010-09-06 03:05 44544 ----a-w- c:\windows\system32\agremove.exe

2010-09-04 02:27 . 2007-11-27 07:24 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-09-04 02:08 . 2010-09-04 02:08 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\HTC

2010-09-04 02:08 . 2010-09-04 02:27 -------- d-----w- c:\documents and settings\Meg\Application Data\Teleca

2010-09-04 02:07 . 2010-09-04 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC

2010-09-04 02:07 . 2010-09-04 02:07 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-09-04 02:07 . 2010-09-04 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca

2010-09-04 02:05 . 2009-06-10 20:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2010-09-04 02:05 . 2009-06-09 18:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-09-04 02:05 . 2010-09-04 02:05 -------- d-----w- c:\program files\Spirent Communications

2010-09-04 02:05 . 2010-09-04 02:07 -------- d-----w- c:\program files\HTC

2010-09-03 20:49 . 2010-09-03 20:49 -------- d-----w- c:\documents and settings\Meg\Application Data\Intuit

2010-09-03 20:49 . 2010-09-03 20:49 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0

2010-09-03 20:15 . 2010-09-03 20:15 -------- d-----w- c:\program files\iPod

2010-09-03 20:14 . 2010-09-03 20:17 -------- d-----w- c:\program files\iTunes

2010-09-03 20:03 . 2010-09-03 20:04 -------- d-----w- c:\program files\QuickTime

2010-09-03 19:53 . 2010-09-03 19:53 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-03 18:45 . 2010-09-03 18:45 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\IsolatedStorage

2010-09-03 18:41 . 2010-09-03 18:41 -------- d-----w- c:\program files\TurboTax

2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-09-03 14:02 . 2010-09-03 14:02 -------- d-----w- c:\program files\Xfinity TV

2010-09-03 13:33 . 2010-09-03 13:33 -------- d-----w- c:\program files\Windows Media Connect 2

2010-09-03 13:31 . 2010-09-03 13:32 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-09-03 13:31 . 2010-09-03 13:31 -------- d-----w- c:\windows\system32\LogFiles

2010-09-03 06:42 . 2010-09-03 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-09-02 16:09 . 2010-09-02 16:10 -------- d-----w- c:\program files\Common Files\Adobe

2010-09-02 16:04 . 2010-09-02 16:04 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-09-02 16:04 . 2010-09-02 16:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-09-02 16:03 . 2010-09-05 18:03 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Google

2010-09-02 16:02 . 2010-09-05 18:09 -------- d-----w- c:\program files\Google

2010-09-02 16:02 . 2010-09-02 16:04 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Adobe

2010-09-01 05:11 . 2010-09-01 05:11 -------- d-----w- c:\program files\Baarns

2010-08-28 00:52 . 2010-08-28 00:53 -------- d-----w- c:\program files\Common Files\Motive

2010-08-28 00:52 . 2010-08-28 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

2010-08-27 15:22 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2010-08-27 15:08 . 2010-08-27 15:08 74528 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-08-27 15:07 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-08-27 15:07 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-08-27 13:28 . 2010-08-27 13:28 -------- d-----w- c:\windows\system32\wbem\Repository

2010-08-26 21:52 . 2010-09-06 19:47 379608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-08-25 05:11 . 2010-08-25 12:40 -------- d-----w- c:\documents and settings\Meg\Philips backup

2010-08-25 03:35 . 2010-08-25 03:35 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2010-08-25 03:35 . 2010-08-25 03:35 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2010-08-25 03:35 . 2010-08-25 03:35 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2010-08-25 03:35 . 2010-08-25 03:35 368736 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2010-08-25 03:34 . 2010-08-25 03:35 -------- d-----w- c:\program files\Common Files\Acronis

2010-08-25 03:34 . 2010-08-25 03:34 -------- d-----w- c:\program files\Acronis

2010-08-25 02:37 . 2010-08-25 02:37 -------- d-----w- c:\documents and settings\Meg\Application Data\Nuance

2010-08-25 02:36 . 2010-08-25 02:36 -------- d-----w- c:\documents and settings\Meg\Application Data\FLEXnet

2010-08-24 01:32 . 2010-08-24 01:32 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\PCHealth

2010-08-24 01:27 . 2010-08-24 01:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Intuit

2010-08-23 23:25 . 2010-08-23 23:33 -------- d-----w- C:\123ca2a33f23cf854b66aa

2010-08-23 20:56 . 2010-09-03 20:12 3784 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\qbbackup.sys

2010-08-23 20:53 . 2010-09-02 05:29 975648 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe

2010-08-23 20:53 . 2010-09-02 05:29 44832 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe

2010-08-23 20:53 . 2010-08-23 20:53 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcp71.dll

2010-08-23 20:53 . 2010-08-23 20:53 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcr71.dll

2010-08-23 20:33 . 2010-09-03 20:51 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Intuit

2010-08-23 20:20 . 2009-06-22 13:14 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2010-08-23 20:11 . 2010-09-12 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit

2010-08-23 20:11 . 2010-09-12 05:38 -------- d-----w- c:\program files\Intuit

2010-08-23 20:11 . 2010-09-03 18:46 -------- d-----w- c:\program files\Common Files\Intuit

2010-08-23 19:36 . 2010-08-23 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11

2010-08-23 19:36 . 2010-08-23 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES

2010-08-23 19:28 . 2010-08-23 19:28 -------- d-----w- c:\windows\system32\XPSViewer

2010-08-23 19:28 . 2010-08-23 19:28 -------- d-----w- c:\program files\MSBuild

2010-08-23 19:28 . 2010-08-23 19:28 -------- d-----w- c:\program files\Reference Assemblies

2010-08-23 19:27 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-08-23 19:26 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-08-23 19:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-08-23 19:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-08-23 19:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-08-23 19:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-08-23 19:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-08-23 19:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-08-23 19:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-08-23 19:25 . 2010-08-23 19:27 -------- d-----w- C:\83d2f382e70aa8b986f70d31

2010-08-23 17:15 . 2010-08-23 17:15 -------- d-----w- c:\windows\Intuit

2010-08-23 16:22 . 2010-08-23 16:22 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Toshiba

2010-08-23 15:45 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-08-23 15:45 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

2010-08-23 15:45 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-08-23 15:45 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2010-08-23 15:45 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-08-23 15:45 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-08-23 15:44 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-08-23 15:44 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

2010-08-23 13:15 . 2010-08-23 13:15 726008 ----a-w- c:\documents and settings\Meg\gotomypc_438.exe

2010-08-23 07:03 . 2010-08-23 07:03 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Yahoo!

2010-08-23 07:00 . 2010-08-23 07:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-08-22 13:35 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-22 13:35 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-08-21 19:13 . 2010-08-21 19:13 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-21 19:03 . 2010-08-21 19:03 -------- d-----w- c:\documents and settings\Meg\Application Data\CyberLink

2010-08-21 19:03 . 2010-08-21 19:09 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\PowerDVD

2010-08-21 12:33 . 2010-08-21 04:11 1143064 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe

2010-08-21 04:35 . 2010-08-21 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft

2010-08-21 04:35 . 2010-09-12 16:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-21 04:34 . 2010-08-21 04:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Zeon

2010-08-21 04:34 . 2010-08-21 04:34 -------- d-----w- c:\documents and settings\Meg\Application Data\Zeon

2010-08-21 04:34 . 2010-08-21 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2010-08-21 04:33 . 2010-08-21 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\zeon

2010-08-21 04:33 . 2010-08-21 04:33 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2010-08-21 04:33 . 2010-08-21 04:33 -------- d-----w- c:\program files\Nuance

2010-08-21 04:33 . 2010-08-21 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2010-08-21 04:12 . 2010-08-21 04:12 -------- d-----w- c:\documents and settings\Meg\Application Data\AVG8

2010-08-21 04:11 . 2010-09-06 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-08-21 04:11 . 2010-08-21 04:11 -------- d-----w- c:\program files\AVG

2010-08-21 04:04 . 2010-08-23 01:12 -------- d-----w- c:\program files\Microsoft Works

2010-08-21 04:03 . 2010-08-21 04:03 -------- d-----w- c:\program files\Microsoft.NET

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-06 23:51 . 2010-09-06 23:51 -------- d-----w- c:\documents and settings\Adm\Application Data\Zeon

2010-09-06 23:49 . 2010-09-06 23:49 -------- d-----w- c:\documents and settings\Adm\Application Data\Teleca

2010-09-06 23:49 . 2010-09-06 23:49 -------- d-----w- c:\documents and settings\Adm\Application Data\Apple Computer

2010-09-04 02:27 . 2010-09-04 02:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

2010-09-04 02:27 . 2010-09-04 02:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-09-03 20:15 . 2010-08-30 20:31 -------- d-----w- c:\program files\Common Files\Apple

2010-09-02 05:30 . 2010-08-23 20:54 211720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe

2010-09-02 05:30 . 2010-08-23 20:54 1394440 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe

2010-09-02 05:30 . 2010-08-23 20:54 24328 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll

2010-08-30 21:21 . 2010-08-30 20:39 -------- d-----w- c:\documents and settings\Meg\Application Data\Apple Computer

2010-08-30 20:38 . 2010-08-30 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-30 20:36 . 2010-08-30 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-08-30 20:34 . 2010-08-30 20:34 -------- d-----w- c:\program files\Apple Software Update

2010-08-30 20:31 . 2010-08-30 20:31 -------- d-----w- c:\program files\Bonjour

2010-08-30 20:31 . 2010-08-30 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-27 15:24 . 2010-08-27 15:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-08-27 15:24 . 2010-08-27 15:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-08-23 20:54 . 2010-08-23 20:54 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll

2010-08-23 20:54 . 2010-08-23 20:54 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlsock10.dll

2010-08-23 20:54 . 2010-08-23 20:54 267568 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll

2010-08-23 20:54 . 2010-08-23 20:54 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll

2010-08-23 20:54 . 2010-08-23 20:54 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll

2010-08-23 20:54 . 2010-08-23 20:54 791856 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblgen10.dll

2010-08-23 20:54 . 2010-08-23 20:54 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe

2010-08-23 20:54 . 2010-08-23 20:54 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblib10.dll

2010-08-23 20:54 . 2010-08-23 20:54 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbcon10.dll

2010-08-23 20:54 . 2010-08-23 20:54 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbtool10.dll

2010-08-23 20:54 . 2010-08-23 20:54 856880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\dblgen11.dll

2010-08-23 20:54 . 2010-08-23 20:54 2184496 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll

2010-08-21 03:13 . 2010-08-21 03:13 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi

2010-08-21 00:19 . 2004-08-10 18:03 79727 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-08-20 21:41 . 2010-08-20 21:23 -------- d-----w- c:\program files\Creative

2010-08-20 21:41 . 2010-08-20 21:41 -------- d--h--w- c:\program files\Creative Installation Information

2010-08-20 21:39 . 2010-08-20 21:39 -------- d-----w- c:\program files\CyberLink

2010-08-20 21:22 . 2010-09-07 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield

2010-08-20 21:22 . 2010-09-06 23:48 -------- d-----w- c:\documents and settings\Adm\Application Data\InstallShield

2010-08-20 21:22 . 2010-08-21 00:15 -------- d-----w- c:\documents and settings\Meg\Application Data\InstallShield

2010-08-20 21:22 . 2010-08-21 00:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield

2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\program files\CONEXANT

2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\program files\Sigmatel

2010-08-20 21:19 . 2010-09-07 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel

2010-08-20 21:19 . 2010-09-06 23:48 -------- d-----w- c:\documents and settings\Adm\Application Data\Intel

2010-08-20 21:19 . 2010-08-21 00:15 -------- d-----w- c:\documents and settings\Meg\Application Data\Intel

2010-08-20 21:16 . 2010-08-20 21:16 -------- d-----w- c:\program files\Common Files\Java

2010-08-20 21:16 . 2010-08-20 21:16 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-20 21:16 . 2010-08-20 21:16 -------- d-----w- c:\program files\Java

2010-08-20 21:12 . 2010-08-20 21:12 -------- d-----w- c:\program files\MSXML 4.0

2010-08-19 12:54 . 2010-08-19 12:54 6857 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_9400.mrk

2010-06-30 12:31 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-10 17:51 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-10 17:51 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-10 17:51 80384 ----a-w- c:\windows\system32\iccvid.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2007-11-15 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7118848]

"nwiz"="nwiz.exe" [2005-12-15 1519616]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2007-09-05 57344]

"MBDef"="MBDef.Exe" [2007-11-15 20480]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-27 1275168]

"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]

"Nuance PDF Professional 6-reminder"="c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-08 2595480]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-08 905056]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-08 140568]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-8-20 24576]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-8-6 1154848]

QuickBooks Web Connector.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2009-2-9 300328]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640]

Xfinity TV Downloads Media Manager.lnk - c:\program files\Xfinity TV\Xfinity TV Downloads Media Manager\MediaManager.exe [2010-7-26 453736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2010-08-20 23:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 17:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]

2007-11-15 19:15 1346893 ----a-w- c:\windows\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avg8wd"=2 (0x2)

"McComponentHostService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 8.0\\QBDBMgrN.exe"=

"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/6/2010 4:03 PM 304464]

S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [7/27/2009 2:15 AM 134944]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/3/2010 10:05 PM 24576]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/6/2010 4:03 PM 20952]

S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK

.

Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://dogpile.com/

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-12 13:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

- - - - - - - > 'lsass.exe'(936)

c:\windows\system32\relog_ap.dll

.

Completion time: 2010-09-12 13:08:53

ComboFix-quarantined-files.txt 2010-09-12 17:08

Pre-Run: 92,282,064,896 bytes free

Post-Run: 92,242,726,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 55808F2574E0D35410B9AFB336C94E50

Link to post
Share on other sites

There's a tv xfinity download app on this system. Has that been turned off?

If the system is not in Normal mode, then Logoff and Restart, and start Windows in normal mode.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

[*]Double click on Combo-Fix.exe { the red lion icon} & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of the latest C:\Combofix.txt

Link to post
Share on other sites

I did download the xfinity which I was calling comcast when all of this began. I haven't been able to get it to work. It has not been on or showing as running in the applications or processes of the task manager. Since it isn't working, I will uninstall it, I can't see a way to turn it off since I can't turn it on.

I am confused in that you said to run Combofix again but then you say not to run it twice. Since I just ran it, I wanted to verify that you did mean for me to run it a second time.

Thank you again!!!!

Meg

Link to post
Share on other sites

I am confused in that you said to run Combofix again but then you say not to run it twice. Since I just ran it, I wanted to verify that you did mean for me to run it a second time.

Thank you again!!!!

Meg

Last run was in Safe mode with Networking. I'd like for you to have Windows in Normal mode, and then run Combo-fix one more time.

(yes, a second time)

Link to post
Share on other sites

Here you go - thanks again!

ComboFix 10-09-12.04 - Meg 09/13/2010 17:08:47.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1392 [GMT -4:00]

Running from: c:\documents and settings\Meg\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))

.

2010-09-12 20:10 . 2010-09-12 20:10 849184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks Enterprise Solutions 8.0\Components\DownloadQB18\EPatch\qbpatch.exe

2010-09-12 20:10 . 2010-09-12 20:10 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks Enterprise Solutions 8.0\Components\DownloadQB18\EPatch\msvcp71.dll

2010-09-12 20:10 . 2010-09-12 20:10 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks Enterprise Solutions 8.0\Components\DownloadQB18\EPatch\msvcr71.dll

2010-09-12 19:40 . 2010-09-13 14:01 6142 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks Enterprise Solutions 8.0\qbbackup.sys

2010-09-12 17:49 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-12 17:49 . 2010-09-12 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-12 17:49 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-12 15:49 . 2010-09-12 15:49 -------- d-----w- c:\program files\Common Files\supportsoft

2010-09-12 06:14 . 2007-06-28 18:09 1843200 ----a-w- c:\windows\system32\acXMLParser.dll

2010-09-12 06:14 . 2009-01-20 22:33 3833856 ----a-w- c:\windows\system32\cdintf300.dll

2010-09-11 22:10 . 2010-09-12 03:59 -------- d-----w- C:\rootrepeal

2010-09-08 12:59 . 2010-09-08 12:59 -------- d-----w- c:\program files\ESET

2010-09-08 00:52 . 2010-09-08 00:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-07 12:58 . 2010-07-26 17:42 52080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll

2010-09-07 12:57 . 2010-07-26 17:42 111472 ----a-w- c:\windows\system32\gotomon.dll

2010-09-07 12:57 . 2010-09-07 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CitrixLogs

2010-09-07 01:54 . 2010-09-07 01:54 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb

2010-09-07 01:48 . 2010-09-07 01:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon

2010-09-07 00:33 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2010-09-05 18:00 . 2010-09-05 18:00 -------- d-----w- c:\program files\Trend Micro

2010-09-05 17:46 . 2010-09-06 03:05 44544 ----a-w- c:\windows\system32\agremove.exe

2010-09-04 02:27 . 2007-11-27 07:24 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-09-04 02:08 . 2010-09-04 02:08 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\HTC

2010-09-04 02:08 . 2010-09-04 02:27 -------- d-----w- c:\documents and settings\Meg\Application Data\Teleca

2010-09-04 02:07 . 2010-09-04 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC

2010-09-04 02:07 . 2010-09-04 02:07 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-09-04 02:07 . 2010-09-04 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca

2010-09-04 02:05 . 2009-06-10 20:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2010-09-04 02:05 . 2009-06-09 18:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-09-04 02:05 . 2010-09-04 02:05 -------- d-----w- c:\program files\Spirent Communications

2010-09-04 02:05 . 2010-09-04 02:07 -------- d-----w- c:\program files\HTC

2010-09-03 20:49 . 2010-09-03 20:49 -------- d-----w- c:\documents and settings\Meg\Application Data\Intuit

2010-09-03 20:49 . 2010-09-03 20:49 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0

2010-09-03 20:15 . 2010-09-03 20:15 -------- d-----w- c:\program files\iPod

2010-09-03 20:14 . 2010-09-03 20:17 -------- d-----w- c:\program files\iTunes

2010-09-03 20:03 . 2010-09-03 20:04 -------- d-----w- c:\program files\QuickTime

2010-09-03 19:53 . 2010-09-03 19:53 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-03 18:45 . 2010-09-03 18:45 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\IsolatedStorage

2010-09-03 18:41 . 2010-09-03 18:41 -------- d-----w- c:\program files\TurboTax

2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-09-03 14:02 . 2010-09-03 14:02 -------- d-----w- c:\program files\Xfinity TV

2010-09-03 13:33 . 2010-09-03 13:33 -------- d-----w- c:\program files\Windows Media Connect 2

2010-09-03 13:31 . 2010-09-03 13:32 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-09-03 13:31 . 2010-09-03 13:31 -------- d-----w- c:\windows\system32\LogFiles

2010-09-03 06:42 . 2010-09-03 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-09-02 16:09 . 2010-09-02 16:10 -------- d-----w- c:\program files\Common Files\Adobe

2010-09-02 16:04 . 2010-09-02 16:04 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-09-02 16:04 . 2010-09-02 16:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-09-02 16:03 . 2010-09-05 18:03 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Google

2010-09-02 16:02 . 2010-09-05 18:09 -------- d-----w- c:\program files\Google

2010-09-02 16:02 . 2010-09-02 16:04 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Adobe

2010-09-01 05:11 . 2010-09-01 05:11 -------- d-----w- c:\program files\Baarns

2010-08-28 00:52 . 2010-08-28 00:53 -------- d-----w- c:\program files\Common Files\Motive

2010-08-28 00:52 . 2010-08-28 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

2010-08-27 15:22 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2010-08-27 15:08 . 2010-08-27 15:08 74528 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-08-27 15:07 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-08-27 15:07 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-08-27 13:28 . 2010-08-27 13:28 -------- d-----w- c:\windows\system32\wbem\Repository

2010-08-26 21:52 . 2010-09-13 20:44 379608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-08-25 05:11 . 2010-08-25 12:40 -------- d-----w- c:\documents and settings\Meg\Philips backup

2010-08-25 03:35 . 2010-08-25 03:35 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2010-08-25 03:35 . 2010-08-25 03:35 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2010-08-25 03:35 . 2010-08-25 03:35 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2010-08-25 03:35 . 2010-08-25 03:35 368736 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2010-08-25 03:34 . 2010-08-25 03:35 -------- d-----w- c:\program files\Common Files\Acronis

2010-08-25 03:34 . 2010-08-25 03:34 -------- d-----w- c:\program files\Acronis

2010-08-25 02:37 . 2010-08-25 02:37 -------- d-----w- c:\documents and settings\Meg\Application Data\Nuance

2010-08-25 02:36 . 2010-08-25 02:36 -------- d-----w- c:\documents and settings\Meg\Application Data\FLEXnet

2010-08-24 01:32 . 2010-08-24 01:32 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\PCHealth

2010-08-24 01:27 . 2010-08-24 01:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Intuit

2010-08-23 23:25 . 2010-08-23 23:33 -------- d-----w- C:\123ca2a33f23cf854b66aa

2010-08-23 20:56 . 2010-09-13 20:31 3784 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\qbbackup.sys

2010-08-23 20:53 . 2010-09-02 05:29 975648 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe

2010-08-23 20:53 . 2010-09-02 05:29 44832 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe

2010-08-23 20:53 . 2010-08-23 20:53 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcp71.dll

2010-08-23 20:53 . 2010-08-23 20:53 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcr71.dll

2010-08-23 20:33 . 2010-09-03 20:51 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Intuit

2010-08-23 20:20 . 2009-06-22 13:14 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2010-08-23 20:11 . 2010-09-12 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit

2010-08-23 20:11 . 2010-09-12 05:38 -------- d-----w- c:\program files\Intuit

2010-08-23 20:11 . 2010-09-03 18:46 -------- d-----w- c:\program files\Common Files\Intuit

2010-08-23 19:36 . 2010-08-23 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11

2010-08-23 19:36 . 2010-08-23 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES

2010-08-23 19:28 . 2010-08-23 19:28 -------- d-----w- c:\windows\system32\XPSViewer

2010-08-23 19:28 . 2010-08-23 19:28 -------- d-----w- c:\program files\MSBuild

2010-08-23 19:28 . 2010-08-23 19:28 -------- d-----w- c:\program files\Reference Assemblies

2010-08-23 19:27 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-08-23 19:26 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-08-23 19:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-08-23 19:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-08-23 19:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-08-23 19:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-08-23 19:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-08-23 19:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-08-23 19:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-08-23 19:25 . 2010-08-23 19:27 -------- d-----w- C:\83d2f382e70aa8b986f70d31

2010-08-23 17:15 . 2010-08-23 17:15 -------- d-----w- c:\windows\Intuit

2010-08-23 16:22 . 2010-08-23 16:22 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Toshiba

2010-08-23 15:45 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-08-23 15:45 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

2010-08-23 15:45 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-08-23 15:45 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2010-08-23 15:45 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-08-23 15:45 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-08-23 15:44 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-08-23 15:44 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

2010-08-23 13:15 . 2010-08-23 13:15 726008 ----a-w- c:\documents and settings\Meg\gotomypc_438.exe

2010-08-23 07:03 . 2010-08-23 07:03 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\Yahoo!

2010-08-23 07:00 . 2010-08-23 07:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-08-22 13:35 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-22 13:35 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-08-21 19:13 . 2010-09-13 20:59 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-21 19:03 . 2010-08-21 19:03 -------- d-----w- c:\documents and settings\Meg\Application Data\CyberLink

2010-08-21 19:03 . 2010-08-21 19:09 -------- d-----w- c:\documents and settings\Meg\Local Settings\Application Data\PowerDVD

2010-08-21 12:33 . 2010-08-21 04:11 1143064 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe

2010-08-21 04:35 . 2010-08-21 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft

2010-08-21 04:35 . 2010-09-13 20:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-21 04:34 . 2010-08-21 04:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Zeon

2010-08-21 04:34 . 2010-08-21 04:34 -------- d-----w- c:\documents and settings\Meg\Application Data\Zeon

2010-08-21 04:34 . 2010-08-21 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2010-08-21 04:33 . 2010-08-21 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\zeon

2010-08-21 04:33 . 2010-08-21 04:33 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2010-08-21 04:33 . 2010-08-21 04:33 -------- d-----w- c:\program files\Nuance

2010-08-21 04:33 . 2010-08-21 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-06 23:51 . 2010-09-06 23:51 -------- d-----w- c:\documents and settings\Adm\Application Data\Zeon

2010-09-06 23:49 . 2010-09-06 23:49 -------- d-----w- c:\documents and settings\Adm\Application Data\Teleca

2010-09-06 23:49 . 2010-09-06 23:49 -------- d-----w- c:\documents and settings\Adm\Application Data\Apple Computer

2010-09-04 02:27 . 2010-09-04 02:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

2010-09-04 02:27 . 2010-09-04 02:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-09-03 20:15 . 2010-08-30 20:31 -------- d-----w- c:\program files\Common Files\Apple

2010-09-02 05:30 . 2010-08-23 20:54 211720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe

2010-09-02 05:30 . 2010-08-23 20:54 1394440 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe

2010-09-02 05:30 . 2010-08-23 20:54 24328 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll

2010-08-30 21:21 . 2010-08-30 20:39 -------- d-----w- c:\documents and settings\Meg\Application Data\Apple Computer

2010-08-30 20:38 . 2010-08-30 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-30 20:36 . 2010-08-30 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-08-30 20:34 . 2010-08-30 20:34 -------- d-----w- c:\program files\Apple Software Update

2010-08-30 20:31 . 2010-08-30 20:31 -------- d-----w- c:\program files\Bonjour

2010-08-30 20:31 . 2010-08-30 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-27 15:24 . 2010-08-27 15:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-08-27 15:24 . 2010-08-27 15:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-08-23 20:54 . 2010-08-23 20:54 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll

2010-08-23 20:54 . 2010-08-23 20:54 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlsock10.dll

2010-08-23 20:54 . 2010-08-23 20:54 267568 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll

2010-08-23 20:54 . 2010-08-23 20:54 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll

2010-08-23 20:54 . 2010-08-23 20:54 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll

2010-08-23 20:54 . 2010-08-23 20:54 791856 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblgen10.dll

2010-08-23 20:54 . 2010-08-23 20:54 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe

2010-08-23 20:54 . 2010-08-23 20:54 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblib10.dll

2010-08-23 20:54 . 2010-08-23 20:54 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbcon10.dll

2010-08-23 20:54 . 2010-08-23 20:54 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbtool10.dll

2010-08-23 20:54 . 2010-08-23 20:54 856880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\dblgen11.dll

2010-08-23 20:54 . 2010-08-23 20:54 2184496 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll

2010-08-21 03:13 . 2010-08-21 03:13 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi

2010-08-21 00:19 . 2004-08-10 18:03 79727 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-08-20 21:41 . 2010-08-20 21:23 -------- d-----w- c:\program files\Creative

2010-08-20 21:41 . 2010-08-20 21:41 -------- d--h--w- c:\program files\Creative Installation Information

2010-08-20 21:39 . 2010-08-20 21:39 -------- d-----w- c:\program files\CyberLink

2010-08-20 21:22 . 2010-09-07 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield

2010-08-20 21:22 . 2010-09-06 23:48 -------- d-----w- c:\documents and settings\Adm\Application Data\InstallShield

2010-08-20 21:22 . 2010-08-21 00:15 -------- d-----w- c:\documents and settings\Meg\Application Data\InstallShield

2010-08-20 21:22 . 2010-08-21 00:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield

2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\program files\CONEXANT

2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\program files\Sigmatel

2010-08-20 21:19 . 2010-09-07 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel

2010-08-20 21:19 . 2010-09-06 23:48 -------- d-----w- c:\documents and settings\Adm\Application Data\Intel

2010-08-20 21:19 . 2010-08-21 00:15 -------- d-----w- c:\documents and settings\Meg\Application Data\Intel

2010-08-20 21:16 . 2010-08-20 21:16 -------- d-----w- c:\program files\Common Files\Java

2010-08-20 21:16 . 2010-08-20 21:16 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-20 21:16 . 2010-08-20 21:16 -------- d-----w- c:\program files\Java

2010-08-20 21:12 . 2010-08-20 21:12 -------- d-----w- c:\program files\MSXML 4.0

2010-08-19 12:54 . 2010-08-19 12:54 6857 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_9400.mrk

2010-06-30 12:31 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-10 17:51 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-10 17:51 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-10 17:51 80384 ----a-w- c:\windows\system32\iccvid.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-12_17.07.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-13 20:53 . 2010-09-13 20:53 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat

+ 2000-03-23 10:25 . 2000-03-23 11:25 58368 c:\windows\system32\spool\drivers\w32x86\3\HPDOMON.DLL

+ 2001-09-19 10:23 . 2001-09-19 10:23 53248 c:\windows\system32\spool\drivers\w32x86\3\HPBMMON.DLL

+ 2001-07-31 08:17 . 2001-07-31 08:17 94274 c:\windows\system32\spool\drivers\w32x86\3\HPBHEALR.DLL

+ 2003-05-31 03:30 . 2000-11-28 12:05 97552 c:\windows\system32\spool\drivers\w32x86\3\hpbf322f.dll

+ 2003-05-31 03:30 . 2003-07-11 14:35 45056 c:\windows\system32\spool\drivers\w32x86\3\hpbafd32.dll

+ 2010-09-12 22:19 . 2010-09-12 22:19 25088 c:\windows\Installer\8d1b4e.msi

- 2010-08-21 19:13 . 2010-08-21 19:13 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-08-21 19:13 . 2010-09-13 21:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-09-12 06:06 . 2010-09-13 03:49 40960 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 40960 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 45056 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 45056 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 45056 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut2.CB4E6205_F99A_4C51_ADD4_184506EFAB87.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 45056 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut2.CB4E6205_F99A_4C51_ADD4_184506EFAB87.exe

+ 2010-09-13 03:48 . 2010-09-13 03:48 24576 c:\windows\assembly\GAC_MSIL\QBWCCommon\2.0.0.116__82cc56431f1a971d\QBWCCommon.dll

+ 2010-09-13 03:48 . 2010-09-13 03:48 16384 c:\windows\assembly\GAC\QBWCInterfaces\2.0.0.116__82cc56431f1a971d\QBWCInterfaces.dll

+ 2010-09-13 03:48 . 2010-09-13 03:48 77824 c:\windows\assembly\GAC\IEProtocol\2.0.0.116__82cc56431f1a971d\IEProtocol.dll

+ 2007-07-30 18:44 . 2009-01-20 22:33 403973 c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\acpdfui300.dll

+ 2007-07-30 18:44 . 2009-01-20 22:33 434339 c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\acpdf300.dll

+ 2003-05-31 03:30 . 2002-12-14 00:50 122880 c:\windows\system32\spool\drivers\w32x86\3\hpbftm32.dll

+ 2003-05-31 03:30 . 2000-11-28 12:06 459264 c:\windows\system32\spool\drivers\w32x86\3\hpbf322k.dll

+ 2003-05-31 03:30 . 2000-11-28 12:06 165136 c:\windows\system32\spool\drivers\w32x86\3\hpbf322j.dll

+ 2003-05-31 03:30 . 2000-11-28 12:05 348944 c:\windows\system32\spool\drivers\w32x86\3\hpbf322i.dll

+ 2007-07-30 18:44 . 2009-01-20 22:33 403973 c:\windows\system32\spool\drivers\w32x86\3\acpdfui300.dll

+ 2007-07-30 18:44 . 2009-01-20 22:33 434339 c:\windows\system32\spool\drivers\w32x86\3\acpdf300.dll

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe

- 2010-09-12 06:06 . 2010-09-12 06:06 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe

+ 2010-09-12 06:06 . 2010-09-13 03:49 335872 c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe

+ 2007-09-11 12:38 . 2007-09-11 12:38 496928 c:\windows\Installer\$PatchCache$\Managed\57A71288D5774D74BB908F10256601AF\18.0.4001\StopQBServer.dll

+ 2007-09-05 14:17 . 2007-09-05 14:17 552960 c:\windows\Installer\$PatchCache$\Managed\57A71288D5774D74BB908F10256601AF\18.0.4001\stlport_vc746.dll

+ 2007-09-05 14:17 . 2007-09-05 14:17 155648 c:\windows\Installer\$PatchCache$\Managed\57A71288D5774D74BB908F10256601AF\18.0.4001\SSCE5232.dll

+ 2007-09-05 14:17 . 2007-09-05 14:17 143360 c:\windows\Installer\$PatchCache$\Managed\57A71288D5774D74BB908F10256601AF\18.0.4001\OLBService.dll

+ 2007-07-30 18:44 . 2009-01-20 22:33 3833856 c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\cdintf300.dll

+ 2003-05-31 03:30 . 2000-11-28 12:05 1069840 c:\windows\system32\spool\drivers\w32x86\3\hpbf322h.dll

+ 2003-05-31 03:30 . 2003-12-30 08:20 1558800 c:\windows\system32\spool\drivers\w32x86\3\hpbf322g.dll

+ 2003-05-31 03:30 . 2003-12-30 08:21 2049296 c:\windows\system32\spool\drivers\w32x86\3\hpbf322e.dll

+ 2007-07-30 18:44 . 2009-01-20 22:33 3833856 c:\windows\system32\spool\drivers\w32x86\3\cdintf300.dll

+ 2009-09-03 05:35 . 2009-09-03 05:35 1916928 c:\windows\Installer\$PatchCache$\Managed\57A71288D5774D74BB908F10256601AF\18.0.4001\xerces_c_2_5_0_qb.dll

+ 2007-09-11 12:38 . 2007-09-11 12:38 2372896 c:\windows\Installer\$PatchCache$\Managed\57A71288D5774D74BB908F10256601AF\18.0.4001\PortFile.DLL

+ 2010-09-13 20:59 . 2010-09-13 20:59 20303872 c:\windows\Installer\64581.msp

+ 2010-09-12 20:10 . 2010-09-12 20:10 32088576 c:\windows\Installer\2eea42.msp

+ 2010-09-12 20:10 . 2010-09-12 20:10 13307904 c:\windows\Installer\2eea41.msp

+ 2010-09-12 20:10 . 2010-09-12 20:10 27146240 c:\windows\Installer\2eea40.msp

+ 2010-09-12 20:10 . 2010-09-12 20:10 25185792 c:\windows\Installer\2eea3f.msp

+ 2010-09-12 20:10 . 2010-09-12 20:10 26104320 c:\windows\Installer\2eea3e.msp

+ 2010-09-12 20:10 . 2010-09-12 20:10 22082560 c:\windows\Installer\2eea3d.msp

+ 2010-09-12 20:10 . 2010-09-12 20:10 13420032 c:\windows\Installer\2eea3c.msp

+ 2010-09-12 20:10 . 2010-09-12 20:10 23607296 c:\windows\Installer\2eea3b.msp

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2007-11-15 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7118848]

"nwiz"="nwiz.exe" [2005-12-15 1519616]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2007-09-05 57344]

"MBDef"="MBDef.Exe" [2007-11-15 20480]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-27 1275168]

"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]

"Nuance PDF Professional 6-reminder"="c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-08 2595480]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-08 905056]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-08 140568]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-8-20 24576]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-8-6 1154848]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2010-08-20 23:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 17:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk

backup=c:\windows\pss\QuickBooks Web Connector.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]

2007-11-15 19:15 1346893 ----a-w- c:\windows\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avg8wd"=2 (0x2)

"McComponentHostService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 8.0\\QBDBMgrN.exe"=

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/12/2010 1:49 PM 304464]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [7/27/2009 2:15 AM 134944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/12/2010 1:49 PM 20952]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/3/2010 10:05 PM 24576]

S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]

.

Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://dogpile.com/

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-13 17:20

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1292)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

- - - - - - - > 'lsass.exe'(1352)

c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(5220)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-13 17:25:47

ComboFix-quarantined-files.txt 2010-09-13 21:25

ComboFix2.txt 2010-09-12 17:08

Pre-Run: 88,932,503,552 bytes free

Post-Run: 88,974,745,600 bytes free

- - End Of File - - 058CA21C9634474B96CE9435F573B120

Link to post
Share on other sites

Please close any of your open windows/programs and exit; saving any open work you have.

Step 1

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    c:\windows\Installer\{88217A75-775D-47D4-BB09-F801526610FA}\NewShortcut*.exe
    recycler /alldrives
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Step 3

Reply with copy of the OTL MovedFiles log

and the OTL.txt

Link to post
Share on other sites

Here is the 3rd log.

OTL logfile created on: 9/13/2010 10:23:14 PM - Run 2

OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Meg\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.67 Gb Total Space | 82.84 Gb Free Space | 57.66% Space Free | Partition Type: NTFS

Drive D: | 499.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DFJ080B1

Current User Name: Meg

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 22:00:12 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meg\Desktop\OTL.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/08/06 18:16:44 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2010/08/06 16:51:04 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2010/07/26 13:42:38 | 001,955,696 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe

PRC - [2010/07/26 13:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe

PRC - [2010/07/26 13:42:32 | 000,575,344 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe

PRC - [2010/07/26 13:42:24 | 001,089,392 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/03/19 15:05:08 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

PRC - [2010/03/17 15:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

PRC - [2010/03/17 15:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

PRC - [2010/03/17 15:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe

PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

PRC - [2009/07/27 02:15:50 | 001,275,168 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe

PRC - [2009/07/27 02:15:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe

PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe

PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2009/06/19 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE

PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe

PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

PRC - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/07 21:46:28 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/09/07 21:04:16 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2007/09/07 21:00:52 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2007/09/07 21:00:50 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007/09/07 20:59:40 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2007/09/05 15:06:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

PRC - [2007/02/20 13:29:08 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2006/10/18 19:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2006/10/18 19:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2006/10/18 19:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2006/10/18 18:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2006/10/18 18:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2006/10/18 18:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2006/10/18 18:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2006/02/16 10:20:20 | 001,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

PRC - [2006/01/20 17:18:12 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

PRC - [2005/12/05 00:50:00 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

PRC - [2005/12/03 03:23:08 | 000,217,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2005/11/18 18:46:00 | 001,724,416 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2005/08/17 10:59:34 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2005/08/16 23:11:28 | 000,065,536 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/09/13 22:00:12 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meg\Desktop\OTL.exe

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007/02/20 13:29:46 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/08/20 19:32:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/08/06 16:51:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2010/07/26 13:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009/07/27 02:15:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)

SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2007/09/07 21:46:28 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/09/07 21:00:50 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2006/10/18 19:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2006/10/18 19:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2006/10/18 18:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2006/10/18 18:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2005/08/30 18:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Meg\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/08/24 23:35:27 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010/08/24 23:35:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2010/08/24 23:35:22 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2010/08/24 23:35:12 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2006/10/19 10:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006/10/16 21:55:28 | 001,711,104 | ---- | M] (Intel

Link to post
Share on other sites

Here is the rest of the 3rd log:

========== Files - Modified Within 30 Days ==========

[2010/09/13 22:19:17 | 000,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/09/13 22:19:17 | 000,022,843 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2010/09/13 22:18:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/09/13 22:18:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/09/13 22:18:14 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/13 22:17:33 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Meg\ntuser.dat

[2010/09/13 22:17:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Meg\ntuser.ini

[2010/09/13 22:03:12 | 000,005,751 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\otl inst.rtf

[2010/09/13 22:00:12 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meg\Desktop\OTL.exe

[2010/09/13 17:20:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/09/13 17:01:36 | 003,843,568 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\Combo-Fix.exe

[2010/09/13 16:51:36 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/09/13 16:51:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/09/13 03:07:58 | 000,005,672 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\gcb 033109 pg 2.pdf

[2010/09/13 03:07:46 | 000,004,783 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\gcb 3-31-09.pdf

[2010/09/13 02:53:31 | 011,374,592 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\Destin Circle, LLLP.QBW

[2010/09/13 02:53:31 | 000,196,608 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\Destin Circle, LLLP.QBW.TLG

[2010/09/13 02:53:31 | 000,000,364 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\Destin Circle, LLLP.QBW.ND

[2010/09/13 02:52:06 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\Destin Circle, LLLP.ND

[2010/09/13 02:49:30 | 000,005,538 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\2660 043009 pg 2.pdf

[2010/09/13 02:49:24 | 000,004,789 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\2660 043009.pdf

[2010/09/13 02:46:07 | 000,005,672 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\2660 033109 pg 2.pdf

[2010/09/13 02:45:59 | 000,004,927 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\2660 033109.pdf

[2010/09/13 02:42:57 | 000,005,126 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\8330 033109 pg 2.pdf

[2010/09/13 02:42:49 | 000,004,714 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\8330 033109.pdf

[2010/09/13 02:39:46 | 000,006,064 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\2660 022809 pg 2.pdf

[2010/09/13 02:39:38 | 000,004,937 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\2660 022809.pdf

[2010/09/13 02:34:55 | 000,005,608 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\8330 022909 pg 2.pdf

[2010/09/13 02:34:49 | 000,004,798 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\8330 022909.pdf

[2010/09/13 02:30:17 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\ELM Industries, Incorporated.QBW.ND

[2010/09/13 02:30:16 | 027,865,088 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\ELM Industries, Incorporated.QBW

[2010/09/13 02:30:16 | 000,196,608 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\ELM Industries, Incorporated.QBW.TLG

[2010/09/13 02:29:40 | 011,374,592 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\Dumplings Highpoint, LLLP.QBW

[2010/09/13 02:29:40 | 000,196,608 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\Dumplings Highpoint, LLLP.QBW.TLG

[2010/09/13 02:29:40 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\Dumplings Highpoint, LLLP.QBW.ND

[2010/09/13 02:28:37 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\Dumplings Highpoint, LLLP.ND

[2010/09/13 02:25:15 | 000,005,710 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\6499 033109 pg 2.pdf

[2010/09/13 02:25:10 | 000,004,805 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\6499 033109.pdf

[2010/09/13 02:21:52 | 000,066,026 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 083109 pg 2.pdf

[2010/09/13 02:21:45 | 000,004,786 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 083109.pdf

[2010/09/13 02:16:17 | 000,005,697 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 073109 pg 2.pdf

[2010/09/13 02:16:11 | 000,054,928 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 073109.pdf

[2010/09/13 02:14:14 | 000,005,958 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 063009 pg 2.pdf

[2010/09/13 02:14:08 | 000,055,376 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 063009.pdf

[2010/09/13 02:12:12 | 000,005,940 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 053109 pg 2.pdf

[2010/09/13 02:12:06 | 000,055,470 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 053109.pdf

[2010/09/13 02:10:17 | 000,006,209 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 043009 pg 2.pdf

[2010/09/13 02:10:04 | 000,005,056 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 043009.pdf

[2010/09/13 02:07:35 | 000,010,677 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 033109 pg 2.pdf

[2010/09/13 02:07:11 | 000,005,108 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\4748 033109.pdf

[2010/09/13 01:41:27 | 000,061,954 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\3495 3-31-09 recon 2.pdf

[2010/09/13 01:41:12 | 000,004,716 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\3495 4-30-09 recon.pdf

[2010/09/13 01:38:42 | 000,065,725 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\3495 3-31-09 2.pdf

[2010/09/13 01:38:25 | 000,004,801 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\3495 3-31-09 recon.pdf

[2010/09/13 01:31:16 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\Junebug Properties, LLLC.QBW.ND

[2010/09/13 01:31:15 | 014,618,624 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\Junebug Properties, LLLC.QBW

[2010/09/13 01:31:15 | 000,196,608 | R--- | M] () -- C:\Documents and Settings\Meg\Desktop\Junebug Properties, LLLC.QBW.TLG

[2010/09/13 01:30:18 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\Junebug Properties, LLLC.ND

[2010/09/13 01:28:27 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\ELM Industries, Incorporated.ND

[2010/09/12 23:14:23 | 000,000,357 | ---- | M] () -- C:\WINDOWS\hpbafd.ini

[2010/09/12 14:56:17 | 000,002,065 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Enterprise Solutions - Contractor Edition 8.0.lnk

[2010/09/12 13:49:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/12 13:06:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/09/12 12:13:18 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\combo-fix.rtf

[2010/09/12 00:22:59 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\tdsskiller.zip

[2010/09/12 00:12:08 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\rkill.com

[2010/09/11 23:58:09 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\avenger.zip

[2010/09/11 17:55:40 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\RootRepeal.zip

[2010/09/11 13:58:08 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Business 2009.lnk

[2010/09/11 13:42:11 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/09/11 13:42:11 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/09/11 13:42:09 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/09/10 15:46:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/09/10 12:13:47 | 003,905,952 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\w_georgia_part_2009.01a.0101.com

[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Meg\Desktop\TDSSKiller.com

[2010/09/06 23:31:08 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\My Computer.lnk

[2010/09/06 23:30:09 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010/09/06 21:22:56 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\tfc safemode.rtf

[2010/09/06 20:34:16 | 000,436,657 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\error messages.docx

[2010/09/06 19:49:23 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

[2010/09/06 19:49:02 | 000,022,843 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2010/09/06 14:33:18 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Meg\Desktop\mbam-setup-1.46.com

[2010/09/06 14:32:02 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\SecurityCheck.com

[2010/09/05 23:05:44 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe

[2010/09/05 21:15:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meg\Desktop\TFC.com

[2010/09/05 15:43:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\nqyby96b.com

[2010/09/05 15:42:50 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\dds.com

[2010/09/03 22:27:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

[2010/09/03 22:27:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010/09/03 16:17:10 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/09/03 16:04:25 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/09/03 15:57:55 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\money100504.xls

[2010/09/03 15:28:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/09/03 09:33:24 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Meg\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/09/03 09:33:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/09/03 09:33:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/09/03 09:32:24 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/09/03 09:31:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/09/03 09:31:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/02 12:10:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/09/02 11:27:47 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini

[2010/08/30 18:32:52 | 000,009,620 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\refinance.xlsx

[2010/08/27 19:35:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Meg\My Documents\~$ror messages.docx

[2010/08/27 11:24:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2010/08/27 11:24:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2010/08/27 11:08:22 | 000,074,528 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT

[2010/08/26 22:59:54 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\Lullabelles Closet, LLC.QBW.ND

[2010/08/25 23:57:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Meg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2010/08/25 22:31:24 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Meg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/25 08:40:40 | 000,174,368 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\~2009 Roof Master Services, L.L.C. Form 1065 Partnerships Tax Return.tax2009

[2010/08/25 08:40:40 | 000,052,460 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\WordBookletTemplates.zip

[2010/08/25 08:40:33 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\to do.xls

[2010/08/25 03:01:14 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\rehearsal dinner insert card.doc

[2010/08/25 03:01:12 | 000,010,578 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\poll.docx

[2010/08/25 03:01:10 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\October 09.xls

[2010/08/25 01:41:48 | 003,604,480 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\Lullabelles Closet, LLC.QBW.TLG

[2010/08/25 01:41:48 | 000,040,132 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\Meg S. Rooney Resume 9-28-09.pdf

[2010/08/25 01:41:48 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\Margaret Gilbert.doc

[2010/08/25 01:41:47 | 008,130,560 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\Lullabelles Closet, LLC.QBW

[2010/08/25 01:41:35 | 000,520,989 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\IMAG0029.jpg

[2010/08/25 01:41:34 | 000,009,333 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\HW-GA-Roster001.ZIP

[2010/08/25 01:41:34 | 000,009,332 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\HW-GA-Roster002.ZIP

[2010/08/25 01:35:40 | 000,223,232 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\embassy suites.doc

[2010/08/25 01:35:40 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\fig cake.doc

[2010/08/25 01:35:40 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\FOR HANDICAPPED SEATING.doc

[2010/08/25 01:35:40 | 000,008,575 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\evo questions.xlsx

[2010/08/25 01:25:43 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\Copy of money100504.xls

[2010/08/25 01:25:43 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\cover letter 9-29-09.doc

[2010/08/25 01:25:24 | 000,084,396 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\bulldog efile 2008.pdf

[2010/08/25 01:25:05 | 000,451,691 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\2008 IRS extension.pdf

[2010/08/24 23:35:27 | 000,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys

[2010/08/24 23:35:27 | 000,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys

[2010/08/24 23:35:22 | 000,129,248 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys

[2010/08/24 23:35:12 | 000,368,736 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys

[2010/08/24 23:35:11 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 11.0.lnk

[2010/08/24 22:36:45 | 002,249,118 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\100725 - Bulletin.pdf

[2010/08/24 00:16:13 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\campus.doc

[2010/08/23 21:27:30 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/23 16:36:53 | 000,074,528 | R--- | M] () -- C:\Documents and Settings\Meg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/08/23 16:35:04 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Premier - Contractor Edition 2010.lnk

[2010/08/23 16:19:08 | 000,001,328 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Process Credit Cards & eChecks in QuickBooks.lnk

[2010/08/23 16:19:08 | 000,001,286 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Checks & More for QuickBooks.lnk

[2010/08/23 16:19:08 | 000,001,234 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Payroll for QuickBooks.lnk

[2010/08/23 16:19:08 | 000,001,202 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get More Customers with Intuit.lnk

[2010/08/23 16:19:08 | 000,001,180 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Support for QuickBooks.lnk

[2010/08/23 16:19:07 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[2010/08/23 14:21:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\tosOBEX.INI

[2010/08/23 10:05:35 | 007,341,632 | R--- | M] () -- C:\Documents and Settings\Meg\Local Settings\Application Data\IconCache.db

[2010/08/23 09:15:44 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Meg\gotomypc_438.exe

[2010/08/23 02:59:06 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\~$campus.docx

[2010/08/23 02:59:05 | 000,014,784 | ---- | M] () -- C:\Documents and Settings\Meg\My Documents\campus.docx

[2010/08/20 23:19:38 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk

[2010/08/20 23:13:38 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2010/08/20 21:44:39 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/08/20 21:32:03 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2010/08/20 21:32:03 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[2010/08/20 20:45:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Meg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/08/20 20:15:29 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2010/08/20 20:15:27 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT

[2010/08/20 20:15:21 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/08/20 20:14:49 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2010/08/20 20:10:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2010/08/20 20:09:01 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini

[2010/08/20 20:08:56 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf

[2010/08/20 19:49:02 | 000,009,523 | ---- | M] () -- C:\Documents and Settings\Meg\Desktop\DellDriverDownloadManager.application

[2010/08/20 17:41:51 | 000,000,026 | ---- | M] () -- C:\WINDOWS\VoiceCenter.vci

[2010/08/20 17:23:45 | 000,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc

[2010/08/20 17:23:07 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

[2010/08/20 17:16:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/08/20 17:16:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/08/20 17:16:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/08/20 17:16:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/08/20 17:16:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/08/19 08:57:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/08/19 08:57:10 | 000,006,857 | RH-- | M] () -- C:\dell.sdr

[2010/08/19 08:54:18 | 000,001,120 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI

[2010/08/19 08:54:16 | 000,006,857 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_Dell_INS_9400.mrk

[1 C:\Documents and Settings\Meg\My Documents\*.tmp files -> C:\Documents and Settings\Meg\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/13 22:03:12 | 000,005,751 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\otl inst.rtf

[2010/09/13 17:01:22 | 003,843,568 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\Combo-Fix.exe

[2010/09/13 16:52:50 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/13 03:07:57 | 000,005,672 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\gcb 033109 pg 2.pdf

[2010/09/13 03:07:46 | 000,004,783 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\gcb 3-31-09.pdf

[2010/09/13 02:52:17 | 000,196,608 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\Destin Circle, LLLP.QBW.TLG

[2010/09/13 02:52:06 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\Destin Circle, LLLP.ND

[2010/09/13 02:52:04 | 011,374,592 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\Destin Circle, LLLP.QBW

[2010/09/13 02:52:04 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\Destin Circle, LLLP.QBW.ND

[2010/09/13 02:49:29 | 000,005,538 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\2660 043009 pg 2.pdf

[2010/09/13 02:49:24 | 000,004,789 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\2660 043009.pdf

[2010/09/13 02:46:06 | 000,005,672 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\2660 033109 pg 2.pdf

[2010/09/13 02:45:58 | 000,004,927 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\2660 033109.pdf

[2010/09/13 02:42:56 | 000,005,126 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\8330 033109 pg 2.pdf

[2010/09/13 02:42:49 | 000,004,714 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\8330 033109.pdf

[2010/09/13 02:39:46 | 000,006,064 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\2660 022809 pg 2.pdf

[2010/09/13 02:39:38 | 000,004,937 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\2660 022809.pdf

[2010/09/13 02:34:54 | 000,005,608 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\8330 022909 pg 2.pdf

[2010/09/13 02:34:49 | 000,004,798 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\8330 022909.pdf

[2010/09/13 02:28:52 | 000,196,608 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\Dumplings Highpoint, LLLP.QBW.TLG

[2010/09/13 02:28:37 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\Dumplings Highpoint, LLLP.ND

[2010/09/13 02:28:33 | 011,374,592 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\Dumplings Highpoint, LLLP.QBW

[2010/09/13 02:28:33 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\Dumplings Highpoint, LLLP.QBW.ND

[2010/09/13 02:25:14 | 000,005,710 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\6499 033109 pg 2.pdf

[2010/09/13 02:25:09 | 000,004,805 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\6499 033109.pdf

[2010/09/13 02:21:50 | 000,066,026 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 083109 pg 2.pdf

[2010/09/13 02:21:44 | 000,004,786 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 083109.pdf

[2010/09/13 02:16:16 | 000,005,697 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 073109 pg 2.pdf

[2010/09/13 02:16:10 | 000,054,928 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 073109.pdf

[2010/09/13 02:14:13 | 000,005,958 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 063009 pg 2.pdf

[2010/09/13 02:14:08 | 000,055,376 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 063009.pdf

[2010/09/13 02:12:11 | 000,005,940 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 053109 pg 2.pdf

[2010/09/13 02:12:05 | 000,055,470 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 053109.pdf

[2010/09/13 02:10:15 | 000,006,209 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 043009 pg 2.pdf

[2010/09/13 02:10:04 | 000,005,056 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 043009.pdf

[2010/09/13 02:07:33 | 000,010,677 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 033109 pg 2.pdf

[2010/09/13 02:07:10 | 000,005,108 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\4748 033109.pdf

[2010/09/13 01:41:25 | 000,061,954 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\3495 3-31-09 recon 2.pdf

[2010/09/13 01:41:12 | 000,004,716 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\3495 4-30-09 recon.pdf

[2010/09/13 01:38:39 | 000,065,725 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\3495 3-31-09 2.pdf

[2010/09/13 01:38:24 | 000,004,801 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\3495 3-31-09 recon.pdf

[2010/09/13 01:30:32 | 000,196,608 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\Junebug Properties, LLLC.QBW.TLG

[2010/09/13 01:30:18 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\Junebug Properties, LLLC.ND

[2010/09/13 01:30:13 | 014,618,624 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\Junebug Properties, LLLC.QBW

[2010/09/13 01:30:13 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\Junebug Properties, LLLC.QBW.ND

[2010/09/13 01:28:50 | 000,196,608 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\ELM Industries, Incorporated.QBW.TLG

[2010/09/13 01:28:27 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\ELM Industries, Incorporated.ND

[2010/09/13 01:28:18 | 027,865,088 | R--- | C] () -- C:\Documents and Settings\Meg\Desktop\ELM Industries, Incorporated.QBW

[2010/09/13 01:28:18 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\ELM Industries, Incorporated.QBW.ND

[2010/09/12 23:13:23 | 000,000,357 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2010/09/12 14:56:17 | 000,002,065 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Enterprise Solutions - Contractor Edition 8.0.lnk

[2010/09/12 13:49:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/12 13:01:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/09/12 13:01:36 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/09/12 12:57:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/09/12 12:57:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/09/12 12:57:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/09/12 12:57:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/09/12 12:57:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/09/12 12:13:18 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\combo-fix.rtf

[2010/09/12 00:22:47 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\tdsskiller.zip

[2010/09/12 00:12:07 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\rkill.com

[2010/09/11 23:58:00 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\avenger.zip

[2010/09/11 17:55:28 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\RootRepeal.zip

[2010/09/10 12:13:36 | 003,905,952 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\w_georgia_part_2009.01a.0101.com

[2010/09/06 23:31:08 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\My Computer.lnk

[2010/09/06 21:22:56 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\tfc safemode.rtf

[2010/09/06 20:33:24 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\Meg\Local Settings\Application Data\FASTWiz.log

[2010/09/06 15:57:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\nqyby96b.com

[2010/09/06 14:44:22 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\SecurityCheck.com

[2010/09/06 11:53:17 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\dds.com

[2010/09/05 12:59:11 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Meg\avg8inst.log

[2010/09/03 22:27:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

[2010/09/03 22:27:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010/09/03 16:34:03 | 000,002,405 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Business 2009.lnk

[2010/09/03 16:17:10 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/09/03 16:04:25 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/09/03 09:31:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/09/02 12:10:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/08/30 18:32:51 | 000,009,620 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\refinance.xlsx

[2010/08/30 16:34:28 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/08/30 12:31:28 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Meg\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/08/27 19:35:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Meg\My Documents\~$ror messages.docx

[2010/08/27 12:41:47 | 000,436,657 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\error messages.docx

[2010/08/27 11:24:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2010/08/27 11:24:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2010/08/26 17:52:44 | 000,379,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/08/26 00:23:31 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\Meg\ntuser.dat

[2010/08/25 23:57:01 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Meg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2010/08/25 22:31:24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Meg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/25 08:40:40 | 000,174,368 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\~2009 Roof Master Services, L.L.C. Form 1065 Partnerships Tax Return.tax2009

[2010/08/25 08:40:40 | 000,052,460 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\WordBookletTemplates.zip

[2010/08/25 08:40:32 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\to do.xls

[2010/08/25 03:01:14 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\rehearsal dinner insert card.doc

[2010/08/25 03:01:12 | 000,010,578 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\poll.docx

[2010/08/25 03:01:10 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\October 09.xls

[2010/08/25 01:41:48 | 000,040,132 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\Meg S. Rooney Resume 9-28-09.pdf

[2010/08/25 01:41:48 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\money100504.xls

[2010/08/25 01:41:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\Margaret Gilbert.doc

[2010/08/25 01:41:47 | 003,604,480 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\Lullabelles Closet, LLC.QBW.TLG

[2010/08/25 01:41:43 | 008,130,560 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\Lullabelles Closet, LLC.QBW

[2010/08/25 01:41:43 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\Lullabelles Closet, LLC.QBW.ND

[2010/08/25 01:41:34 | 000,520,989 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\IMAG0029.jpg

[2010/08/25 01:41:34 | 000,009,333 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\HW-GA-Roster001.ZIP

[2010/08/25 01:41:34 | 000,009,332 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\HW-GA-Roster002.ZIP

[2010/08/25 01:35:40 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\fig cake.doc

[2010/08/25 01:35:40 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\FOR HANDICAPPED SEATING.doc

[2010/08/25 01:35:40 | 000,008,575 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\evo questions.xlsx

[2010/08/25 01:35:39 | 000,223,232 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\embassy suites.doc

[2010/08/25 01:25:43 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\Copy of money100504.xls

[2010/08/25 01:25:43 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\cover letter 9-29-09.doc

[2010/08/25 01:25:24 | 000,084,396 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\bulldog efile 2008.pdf

[2010/08/25 01:25:04 | 000,451,691 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\2008 IRS extension.pdf

[2010/08/24 23:35:11 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 11.0.lnk

[2010/08/24 22:36:35 | 002,249,118 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\100725 - Bulletin.pdf

[2010/08/23 16:35:04 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Premier - Contractor Edition 2010.lnk

[2010/08/23 16:19:08 | 000,001,328 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Process Credit Cards & eChecks in QuickBooks.lnk

[2010/08/23 16:19:08 | 000,001,286 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Checks & More for QuickBooks.lnk

[2010/08/23 16:19:08 | 000,001,234 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Payroll for QuickBooks.lnk

[2010/08/23 16:19:08 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get More Customers with Intuit.lnk

[2010/08/23 16:19:08 | 000,001,180 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Support for QuickBooks.lnk

[2010/08/23 16:19:07 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[2010/08/23 15:36:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini

[2010/08/23 14:21:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2010/08/23 11:53:41 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\campus.doc

[2010/08/23 02:59:06 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\~$campus.docx

[2010/08/23 02:59:05 | 000,014,784 | ---- | C] () -- C:\Documents and Settings\Meg\My Documents\campus.docx

[2010/08/20 23:19:38 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk

[2010/08/20 23:13:35 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2010/08/20 21:32:03 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2010/08/20 21:32:03 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[2010/08/20 20:55:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/08/20 20:15:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Meg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/08/20 20:15:43 | 000,000,079 | R--- | C] () -- C:\Documents and Settings\Meg\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/08/20 20:15:42 | 000,065,536 | -H-- | C] () -- C:\Documents and Settings\Meg\ntuser.dat.LOG

[2010/08/20 20:15:42 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Meg\ntuser.ini

[2010/08/20 20:15:27 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT

[2010/08/20 20:15:27 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

[2010/08/20 20:14:49 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1

[2010/08/20 20:10:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2010/08/20 20:09:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/08/20 20:07:04 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm

[2010/08/20 20:07:04 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav

[2010/08/20 20:07:04 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav

[2010/08/20 20:07:04 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav

[2010/08/20 20:07:04 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv

[2010/08/20 20:07:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav

[2010/08/20 20:07:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav

[2010/08/20 20:07:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav

[2010/08/20 20:07:04 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav

[2010/08/20 20:07:04 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav

[2010/08/20 20:07:04 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav

[2010/08/20 20:07:04 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif

[2010/08/20 20:07:04 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif

[2010/08/20 20:07:04 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf

[2010/08/20 20:07:04 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta

[2010/08/20 20:07:04 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif

[2010/08/20 20:07:04 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif

[2010/08/20 20:07:04 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif

[2010/08/20 20:07:04 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif

[2010/08/20 20:07:04 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf

[2010/08/20 20:07:04 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif

[2010/08/20 20:07:04 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif

[2010/08/20 20:07:04 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif

[2010/08/20 20:07:04 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif

[2010/08/20 20:07:04 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif

[2010/08/20 20:07:04 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js

[2010/08/20 20:07:04 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif

[2010/08/20 20:07:04 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif

[2010/08/20 20:07:04 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif

[2010/08/20 20:07:04 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif

[2010/08/20 20:07:04 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif

[2010/08/20 20:07:04 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css

[2010/08/20 20:07:04 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif

[2010/08/20 20:07:04 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif

[2010/08/20 20:07:04 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif

[2010/08/20 20:07:04 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif

[2010/08/20 20:07:04 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf

[2010/08/20 20:07:04 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js

[2010/08/20 20:07:03 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv

[2010/08/20 20:07:03 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm

[2010/08/20 20:07:03 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl

[2010/08/20 20:07:03 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl

[2010/08/20 20:07:03 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl

[2010/08/20 20:07:03 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl

[2010/08/20 20:07:03 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl

[2010/08/20 20:07:03 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl

[2010/08/20 20:07:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm

[2010/08/20 20:07:03 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl

[2010/08/20 20:07:03 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl

[2010/08/20 20:07:03 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl

[2010/08/20 20:07:03 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf

[2010/08/20 20:07:03 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl

[2010/08/20 20:07:03 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl

[2010/08/20 20:07:03 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl

[2010/08/20 20:07:03 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl

[2010/08/20 20:07:03 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl

[2010/08/20 20:07:03 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl

[2010/08/20 20:07:02 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv

[2010/08/20 20:07:02 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip

[2010/08/20 20:07:02 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip

[2010/08/20 20:07:01 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv

[2010/08/20 20:07:01 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp

[2010/08/20 20:07:01 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2010/08/20 20:07:01 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf

[2010/08/20 20:07:01 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif

[2010/08/20 20:07:01 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif

[2010/08/20 20:07:01 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt

[2010/08/20 20:07:00 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js

[2010/08/20 20:06:58 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv

[2010/08/20 20:06:58 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2010/08/20 20:06:58 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css

[2010/08/20 20:06:58 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm

[2010/08/20 20:06:58 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js

[2010/08/20 20:06:58 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif

[2010/08/20 20:06:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif

[2010/08/20 20:06:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif

[2010/08/20 20:06:58 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif

[2010/08/20 20:06:58 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif

[2010/08/20 20:06:58 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif

[2010/08/20 20:06:48 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2010/08/20 19:48:58 | 000,009,523 | ---- | C] () -- C:\Documents and Settings\Meg\Desktop\DellDriverDownloadManager.application

[2010/08/20 17:41:51 | 000,000,033 | ---- | C] () -- C:\WINDOWS\SAENSystems.sni

[2010/08/20 17:41:51 | 000,000,026 | ---- | C] () -- C:\WINDOWS\VoiceCenter.vci

[2010/08/20 17:41:09 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI

[2010/08/20 17:23:36 | 004,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2

[2010/08/20 17:23:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm

[2010/08/20 17:23:18 | 000,022,705 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini

[2010/08/20 17:23:18 | 000,000,424 | RH-- | C] () -- C:\WINDOWS\ctfile.rfc

[2010/08/20 17:23:07 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

[2010/08/20 17:20:07 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

[2010/08/20 17:13:27 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll

[2010/08/20 17:07:53 | 000,022,843 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001

[2010/08/20 17:07:51 | 000,022,843 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010/08/20 17:04:21 | 000,030,098 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml

[2010/08/20 17:04:21 | 000,014,757 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu

[2010/08/19 08:57:09 | 000,006,857 | RH-- | C] () -- C:\dell.sdr

[2010/08/19 08:55:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE

[2010/08/19 08:55:55 | 000,001,488 | ---- | C] () -- C:\WINDOWS\System32\DSR_BAT.BAT

[2010/08/19 08:55:55 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.CFG

[2010/08/19 08:55:29 | 001,346,893 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL

[2010/08/19 08:55:23 | 000,141,497 | ---- | C] () -- C:\WINDOWS\System32\drivers\del1028.cty

[2010/08/19 08:55:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2010/08/19 08:55:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2010/08/19 08:55:04 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2010/08/19 08:55:04 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2010/08/19 08:55:03 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2010/08/19 08:55:03 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2010/08/19 08:55:03 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl

[2010/08/19 08:55:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2010/08/19 08:55:02 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2010/08/19 08:55:01 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2010/08/19 08:55:00 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2010/08/19 08:54:57 | 000,787,512 | ---- | C] () -- C:\WINDOWS\Dell.bmp

[2010/08/19 08:54:15 | 000,006,857 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_Dell_INS_9400.mrk

[2010/08/19 08:52:45 | 000,787,356 | ---- | C] () -- C:\WINDOWS\System32\OEMBKGN1.BMP

[2010/08/19 08:52:45 | 000,096,310 | ---- | C] () -- C:\WINDOWS\System32\DELLWALL.BMP

[2010/08/19 08:52:45 | 000,005,134 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP

[2010/08/19 08:52:45 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini

[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll

[2005/09/01 22:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

[2010/08/24 23:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2010/09/02 12:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/08/30 16:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2010/08/30 16:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2010/09/06 16:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8

[2010/08/20 19:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2010/09/07 08:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs

[2010/08/23 15:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES

[2010/08/21 00:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2010/09/05 14:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/09/03 22:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC

[2010/08/20 17:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2010/09/12 12:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2010/08/20 21:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/09/03 02:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/09/06 20:33:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010/09/02 13:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2010/08/27 20:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive

[2010/08/21 00:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance

[2010/08/20 23:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks

[2004/08/10 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2010/08/21 00:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/08/23 16:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11

[2010/08/20 17:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/09/03 22:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca

[2010/09/13 22:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/08/20 20:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2010/08/20 21:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/08/21 00:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon

[2010/08/30 16:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2010/09/03 15:53:55 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

[2010/08/21 00:11:42 | 000,730,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgcfgex.exe

[2010/08/21 00:11:48 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgcsrvx.exe

[2010/08/21 00:11:44 | 000,845,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgdiag.exe

[2010/08/21 00:11:44 | 002,303,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgdiagex.exe

[2010/08/21 00:11:42 | 000,100,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgdumpx.exe

[2010/08/21 00:11:45 | 001,217,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgfrw.exe

[2010/08/21 00:11:42 | 000,761,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgscanx.exe

[2010/08/21 00:11:42 | 000,341,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgsrmax.exe

[2010/08/21 00:11:44 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgtray.exe

[2010/08/21 00:11:45 | 003,530,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgui.exe

[2010/08/21 00:11:44 | 001,143,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgupd.exe

[2010/08/21 00:11:42 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgwdsvc.exe

[2010/08/21 00:11:44 | 000,423,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\fixcfg.exe

[2008/11/17 17:06:20 | 001,021,216 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe

[2007/03/20 14:25:36 | 000,205,744 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\dwusplay.exe

[2008/11/17 17:06:22 | 000,279,840 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISDM.exe

[2008/11/17 17:06:26 | 000,079,136 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\issch.exe

[2008/11/17 17:06:24 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

[2010/09/02 01:29:31 | 000,044,832 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe

[2010/09/02 01:29:31 | 000,975,648 | ---- | M] (Intuit) -- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe

[2010/09/02 01:30:19 | 001,394,440 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe

[2010/09/02 01:30:19 | 000,211,720 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe

[2010/08/23 16:54:49 | 000,423,216 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe

[2010/09/12 16:10:40 | 000,849,184 | ---- | M] (Intuit) -- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks Enterprise Solutions 8.0\Components\DownloadQB18\EPatch\qbpatch.exe

[2010/08/20 23:12:20 | 034,226,736 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe

< %APPDATA%\*. >

[2010/09/12 23:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Adobe

[2010/08/30 17:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Apple Computer

[2010/08/21 00:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\AVG8

[2010/08/21 15:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\CyberLink

[2010/08/24 22:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\FLEXnet

[2004/08/10 14:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Identities

[2010/08/20 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\InstallShield

[2010/08/20 17:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Intel

[2010/09/03 16:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Intuit

[2010/08/20 21:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Macromedia

[2010/08/20 21:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Malwarebytes

[2010/09/02 13:20:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Meg\Application Data\Microsoft

[2010/08/24 22:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Nuance

[2010/08/20 17:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Sun

[2010/09/03 22:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Teleca

[2010/08/21 00:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meg\Application Data\Zeon

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/08/20 20:13:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/08/20 20:13:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\i386\agp440.sys

[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/08/20 20:13:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/08/20 20:13:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\i386\atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >

[2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys

[2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys

[2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\i386\eventlog.dll

[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\i386\netlogon.dll

[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\i386\scecli.dll

[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: THEMEUI.DLL >

[2008/04/13 20:12:07 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\i386\themeui.dll

[2008/04/13 20:12:07 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\ServicePackFiles\i386\themeui.dll

[2008/04/13 20:12:07 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\themeui.dll

[2004/08/04 06:00:00 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=E6796D51CED309E46D29C0B787735615 -- C:\WINDOWS\$NtServicePackUninstall$\themeui.dll

< MD5 for: USERINIT.EXE >

[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\i386\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:527B6DAD

< End of report >

Once again, thanks for all of your help!!!!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.