WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows update access denied error:0x8007043c

Started by Melax , Mar 10 2011 10:24 AM

This topic is locked

21 replies to this topic

#1 Melax

Authentic Member

Authentic Member
47 posts

Posted 10 March 2011 - 10:24 AM

Hello, I had an infected notebook (Browser redirect ->urlfraudcheck.com and couldn't access Microsoft.com), I decided to replace the drive (it was old) with a larger capacity one. I was successful but made (Stupid me) the mistake of "recycling" the old 160G drive by installing it into a SATA USB enclosure and went on to format it with my Desktop. I think that there must been an autorun file that infected the desktop. Now I can't perform windows update, I had installed Microsoft security essential and detected a threat but MSE was unable to get rid of it, it tries and then display an error message. I ran the malicious software removal and it detected one threat, stated "partial removal". I still can't access Microsoft update. I ran Malwarebytes and detected 3 threats and had them removed. Thank you in advance for any help. Please find the Hijackthis log below--

********************************************************************************
***************************************************************
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:38 AM, on 3/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Thunder\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Window Movie Maker] C:\Documents and Settings\Thunder\Application Data\beta.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe
O4 - HKCU\..\Run: [Window Movie Maker] C:\Documents and Settings\Thunder\Application Data\beta.exe
O4 - HKLM\..\Policies\Explorer\Run: [Window Movie Maker] C:\Documents and Settings\Thunder\Application Data\beta.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1246220607619
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8169 bytes

Advertisements

Register to Remove

#2 Melax

Authentic Member

Authentic Member
47 posts

Posted 10 March 2011 - 03:35 PM

Follow-up: I logged as Admin, changed the ownership of the c:\system volume information folder to the user I logged-on (thunder) because I was trying to investigate why there was no undo restore button then when I was shutting down, I got the message that important updates will be performed prior to shut down, I was a little skeptical and almost didn't allow it but then I just let it do it and bingo, update seemed to have occurred, I was able to go to windows update and verify that I have the latest update. I'm downloading Microsoft security essentials now, it is scanning... I still don't trust it 100 %...

#3 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 11 March 2011 - 11:30 PM

Hi Melax, welcome to the forum.

To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

I need some information on some unidentified files. We will use Virustotal Please submit this file for analysis

To submit a file to virustotal, please click on this link

Http://www.virustotal.com

copy and paste the following into the upload a file box

C:\Documents and Settings\Thunder\Application Data\beta.exe

scroll down a bit and click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete.

Next

Please run this scan in normal windows if possible.

Download OTL to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with

VirusTotal results
both OTL logs

Please describe any problems you are having.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#4 Melax

Authentic Member

Authentic Member
47 posts

Posted 12 March 2011 - 01:22 PM

Hello Oldman,

Thank you for your response. The link provided for virustotal gave me a 404 error, I went directly to the website by typing the url. The next thing I noticed is the beta.exe file is gone from my computer! Now between the Hijjack scan posted and your response, as I posted it in my follow-up, The computer was able to run windows update and I currently have Microsoft security essentials running, so perhaps is it how this file got removed ?

Please find the Otl Scan results below.

Kind regards.
********************************************************************************
*********************************************************************************
*****************
OTL.txt
OTL logfile created on: 3/12/2011 2:08:38 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Thunder\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.38 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 35.60 Gb Free Space | 46.64% Space Free | Partition Type: NTFS

Computer Name: DELL-450 | User Name: Thunder | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Thunder\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\brmfrsmg.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\BMUpdate.exe (EchoBahn.com)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Thunder\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ctagent.dll (Creative Technology Ltd)

========== Win32 Services (SafeList) ==========

========== Driver Services (SafeList) ==========

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "file:///E:/Advent%20files/Docs/bookmarks.html"
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/05 19:32:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 23:42:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 23:42:12 | 000,000,000 | ---D | M]

[2009/06/28 20:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thunder\Application Data\Mozilla\Extensions
[2011/03/12 14:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thunder\Application Data\Mozilla\Firefox\Profiles\4ddqcgf1.default\extensions
[2010/05/02 12:09:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Thunder\Application Data\Mozilla\Firefox\Profiles\4ddqcgf1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/15 17:53:59 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Thunder\Application Data\Mozilla\Firefox\Profiles\4ddqcgf1.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/03/11 11:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/31 13:00:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/12 19:59:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/29 11:36:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/05 19:32:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/12 19:58:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [PCLEPCI] C:\Program Files\Pinnacle\PPE\PPE.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Window Movie Maker] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe (EchoBahn.com)
O4 - HKCU..\Run: [Window Movie Maker] File not found
O4 - Startup: C:\Documents and Settings\Thunder\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Window Movie Maker = C:\Documents and Settings\Thunder\Application Data\beta.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1246220607619 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Thunder\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Thunder\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/11 17:57:39 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/12 14:07:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thunder\Desktop\OTL.exe
[2011/03/10 18:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\My Pictures
[2011/03/10 18:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\My Videos
[2011/03/10 18:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\OneNote Notebooks
[2011/03/10 18:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\School
[2011/03/10 18:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\Scan2PDF
[2011/03/10 11:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\Virus
[2011/03/10 11:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\New Folder
[2011/03/10 10:54:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Thunder\Desktop\HijackThis.exe
[2011/03/10 09:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\Malwarebytes
[2011/03/10 09:12:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/10 09:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/10 09:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/10 09:12:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/10 09:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/10 09:10:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Thunder\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/10 01:20:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Thunder\My Documents
[2011/03/10 00:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/10 00:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/10 00:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/10 00:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\bookmark g_files
[2011/03/10 00:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\World1
[2011/03/10 00:46:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/09 22:40:25 | 000,000,000 | ---D | C] -- C:\eeepc_iso
[2011/03/09 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2011/03/09 22:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\RMPrepUSB
[2011/03/09 09:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/03 20:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\xml-pull
[2011/03/03 20:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\scalingrenderer
[2011/03/03 20:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\org
[2011/03/03 20:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\javax
[2011/03/03 20:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\de
[2011/03/01 12:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\NT Password editor
[2011/03/01 11:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\FreeBurner
[2011/02/28 09:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Scan2PDF
[2011/02/27 23:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/02/25 09:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\Pictures Misc
[2011/02/23 18:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Local Settings\Application Data\AirMouse
[2011/02/23 18:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Local Settings\Application Data\Downloaded Installations
[2011/02/23 18:47:18 | 004,465,568 | ---- | C] (RPA Tech, Inc ) -- C:\Documents and Settings\Thunder\Desktop\setup2.5.0.exe
[2011/02/14 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/12 14:22:38 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Documents and Settings\Thunder\Desktop\MinecraftSP.exe
[2011/01/24 20:37:42 | 009,777,448 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2007/04/09 11:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 11:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/12 14:10:24 | 014,746,624 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\outlook.pst
[2011/03/12 14:07:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thunder\Desktop\OTL.exe
[2011/03/12 14:07:05 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2011/03/12 14:07:05 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2011/03/12 13:56:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/12 13:52:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1409082233-725345543-1003UA.job
[2011/03/12 13:17:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/12 13:12:13 | 000,002,652 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/03/12 13:11:53 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/12 13:11:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/12 13:11:44 | 1609,637,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/11 20:52:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1409082233-725345543-1003Core.job
[2011/03/11 18:59:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/11 17:53:51 | 000,000,038 | ---- | M] () -- C:\WINDOWS\BMUpdate.ini
[2011/03/11 13:58:09 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/11 10:52:58 | 000,033,738 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\3900 Ford Road.jpg
[2011/03/11 08:55:13 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/10 19:15:48 | 016,395,215 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Performance4.pdf
[2011/03/10 16:07:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/10 15:55:56 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/10 15:55:56 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/10 15:55:56 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/10 15:55:56 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/10 15:55:56 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/10 15:55:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/10 15:39:11 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Microsoft Outlook 2010.lnk
[2011/03/10 10:54:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Thunder\Desktop\HijackThis.exe
[2011/03/10 09:12:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/10 09:11:24 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Thunder\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/09 22:10:08 | 001,548,199 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Install_RMPrepUSB_Lite_v2.1.617.zip
[2011/03/09 10:32:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/09 08:49:39 | 000,049,235 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\bookmark1.htm
[2011/03/09 08:48:35 | 000,052,074 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\bookmark.htm
[2011/03/07 23:31:08 | 010,321,985 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Floola-win.zip
[2011/03/07 22:53:53 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Microsoft Word 2010.lnk
[2011/03/07 19:41:59 | 000,723,718 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\SDK's Mods 1.3 v4.zip
[2011/03/07 19:10:14 | 000,072,749 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\ModLoader B1.3_01v5.zip
[2011/03/05 19:58:10 | 000,173,190 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\INVedit(2).zip
[2011/03/05 19:29:18 | 000,814,609 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\SDK's Mods 1.3 v1.zip
[2011/03/03 23:27:29 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk
[2011/03/02 10:35:07 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Thunder\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/02 09:56:52 | 000,027,163 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\ICAO TOEFL paper.pdf
[2011/03/01 14:30:22 | 000,231,507 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\Tax Return full version.pdf
[2011/03/01 14:28:21 | 000,205,044 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\Tax returns 2010.pdf
[2011/03/01 13:11:18 | 000,140,935 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\W2 Fox & Roach 2010.pdf
[2011/03/01 11:53:12 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Free Easy Burner.lnk
[2011/03/01 10:44:47 | 000,553,125 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\PFS_Online_Instruction_Workbook.pdf
[2011/02/28 11:32:19 | 006,154,847 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\1964 Tamatia Love- Sherman Offer.pdf
[2011/02/28 10:53:47 | 004,379,020 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\1964 1.pdf
[2011/02/28 10:05:01 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Thunder\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/02/28 09:53:51 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scan2PDF.lnk
[2011/02/26 17:01:26 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flight Instructor.lnk
[2011/02/26 17:01:26 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Install Fighter Ace 2.lnk
[2011/02/26 17:01:26 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flight Simulator 2002.lnk
[2011/02/26 08:50:40 | 000,003,352 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingMulti.class
[2011/02/24 00:16:40 | 000,011,129 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ModSettings.class
[2011/02/24 00:16:40 | 000,005,414 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\nr.class
[2011/02/24 00:16:40 | 000,004,136 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ModAction.class
[2011/02/24 00:16:40 | 000,003,272 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\GuiWidgetScreen.class
[2011/02/24 00:16:40 | 000,003,037 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingInt.class
[2011/02/24 00:16:40 | 000,002,909 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetText.class
[2011/02/24 00:16:40 | 000,002,888 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingFloat.class
[2011/02/24 00:16:40 | 000,002,849 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\bq.class
[2011/02/24 00:16:40 | 000,002,742 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\rf.class
[2011/02/24 00:16:40 | 000,002,674 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingKey.class
[2011/02/24 00:16:40 | 000,002,619 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetFloat.class
[2011/02/24 00:16:40 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetInt.class
[2011/02/24 00:16:40 | 000,002,518 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetClassicWindow.class
[2011/02/24 00:16:40 | 000,002,484 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetKeybinding.class
[2011/02/24 00:16:40 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\lo.class
[2011/02/24 00:16:40 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\GuiModScreen.class
[2011/02/24 00:16:40 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetBoolean.class
[2011/02/24 00:16:40 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingBoolean.class
[2011/02/24 00:16:40 | 000,001,935 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetMulti.class
[2011/02/24 00:16:40 | 000,001,895 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingText.class
[2011/02/24 00:16:40 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetClassicTwocolumn.class
[2011/02/24 00:16:40 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetSetting.class
[2011/02/24 00:16:40 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ModSettingScreen.class
[2011/02/24 00:16:40 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\GuiModSelect.class
[2011/02/24 00:16:40 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\Subscreen.class
[2011/02/24 00:16:40 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ModCallback.class
[2011/02/24 00:16:40 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\Setting.class
[2011/02/24 00:16:40 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetSlider.class
[2011/02/24 00:16:40 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ScreenScaleProxy.class
[2011/02/23 18:48:55 | 004,465,568 | ---- | M] (RPA Tech, Inc ) -- C:\Documents and Settings\Thunder\Desktop\setup2.5.0.exe
[2011/02/21 19:34:40 | 000,011,144 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\font.fnt
[2011/02/21 12:49:16 | 001,663,331 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Rayan Wrestling Team.JPG
[2011/02/21 03:06:38 | 000,006,671 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\twlGuiTheme.xml
[2011/02/19 13:56:16 | 001,500,588 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\Globefish seafood highlights.pdf
[2011/02/19 13:50:35 | 000,834,240 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\Japan Tuna Report March 2004.pdf
[2011/02/19 12:41:24 | 000,116,724 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\senegal_fishery_profile_apr08.pdf
[2011/02/17 17:30:54 | 015,624,192 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\viviane ndour_1er anniversaire_.mp3
[2011/02/17 17:29:30 | 027,666,155 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\viviane ndour_1er anniversaire_.mp4
[2011/02/13 15:22:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/11 09:28:10 | 000,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 22:11:47 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2011/02/10 20:05:36 | 000,346,022 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Minecraft1.3_1
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/11 10:52:58 | 000,033,738 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\3900 Ford Road.jpg
[2011/03/10 21:33:03 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/10 19:13:38 | 016,395,215 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Performance4.pdf
[2011/03/10 16:07:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/10 11:51:50 | 1609,637,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/10 09:12:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 22:09:55 | 001,548,199 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Install_RMPrepUSB_Lite_v2.1.617.zip
[2011/03/09 09:29:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/09 08:49:39 | 000,049,235 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\bookmark1.htm
[2011/03/09 08:48:34 | 000,052,074 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\bookmark.htm
[2011/03/07 23:29:36 | 010,321,985 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Floola-win.zip
[2011/03/07 19:10:51 | 000,723,718 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\SDK's Mods 1.3 v4.zip
[2011/03/07 19:10:12 | 000,072,749 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\ModLoader B1.3_01v5.zip
[2011/03/05 19:53:22 | 000,173,190 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\INVedit(2).zip
[2011/03/05 19:24:46 | 000,814,609 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\SDK's Mods 1.3 v1.zip
[2011/03/03 23:27:29 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk
[2011/03/03 20:19:42 | 000,011,144 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\font.fnt
[2011/03/03 20:19:42 | 000,006,671 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\twlGuiTheme.xml
[2011/03/03 20:19:42 | 000,005,414 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\nr.class
[2011/03/03 20:19:42 | 000,002,742 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\rf.class
[2011/03/03 20:19:42 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\lo.class
[2011/03/03 20:19:42 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\twlGuiThemeIndentedbuttons.png
[2011/03/03 20:19:41 | 000,011,129 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ModSettings.class
[2011/03/03 20:19:41 | 000,004,136 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ModAction.class
[2011/03/03 20:19:41 | 000,003,352 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingMulti.class
[2011/03/03 20:19:41 | 000,003,272 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\GuiWidgetScreen.class
[2011/03/03 20:19:41 | 000,003,037 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingInt.class
[2011/03/03 20:19:41 | 000,002,909 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetText.class
[2011/03/03 20:19:41 | 000,002,888 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingFloat.class
[2011/03/03 20:19:41 | 000,002,849 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\bq.class
[2011/03/03 20:19:41 | 000,002,674 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingKey.class
[2011/03/03 20:19:41 | 000,002,619 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetFloat.class
[2011/03/03 20:19:41 | 000,002,573 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetInt.class
[2011/03/03 20:19:41 | 000,002,518 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetClassicWindow.class
[2011/03/03 20:19:41 | 000,002,484 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetKeybinding.class
[2011/03/03 20:19:41 | 000,002,363 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\GuiModScreen.class
[2011/03/03 20:19:41 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetBoolean.class
[2011/03/03 20:19:41 | 000,002,253 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingBoolean.class
[2011/03/03 20:19:41 | 000,001,935 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetMulti.class
[2011/03/03 20:19:41 | 000,001,895 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingText.class
[2011/03/03 20:19:41 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetClassicTwocolumn.class
[2011/03/03 20:19:41 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetSetting.class
[2011/03/03 20:19:41 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ModSettingScreen.class
[2011/03/03 20:19:41 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\GuiModSelect.class
[2011/03/03 20:19:41 | 000,001,539 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\Subscreen.class
[2011/03/03 20:19:41 | 000,001,086 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ModCallback.class
[2011/03/03 20:19:41 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\Setting.class
[2011/03/03 20:19:41 | 000,000,487 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetSlider.class
[2011/03/03 20:19:41 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ScreenScaleProxy.class
[2011/03/02 09:56:52 | 000,027,163 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\ICAO TOEFL paper.pdf
[2011/03/01 14:30:22 | 000,231,507 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\Tax Return full version.pdf
[2011/03/01 14:28:21 | 000,205,044 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\Tax returns 2010.pdf
[2011/03/01 13:11:18 | 000,140,935 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\W2 Fox & Roach 2010.pdf
[2011/03/01 11:53:12 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Free Easy Burner.lnk
[2011/03/01 10:44:47 | 000,553,125 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\PFS_Online_Instruction_Workbook.pdf
[2011/02/28 11:32:19 | 006,154,847 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\1964 Tamatia Love- Sherman Offer.pdf
[2011/02/28 10:53:47 | 004,379,020 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\1964 1.pdf
[2011/02/28 10:05:01 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Thunder\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/02/28 09:53:51 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scan2PDF.lnk
[2011/02/26 17:01:26 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flight Instructor.lnk
[2011/02/26 17:01:26 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Install Fighter Ace 2.lnk
[2011/02/26 17:01:26 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flight Simulator 2002.lnk
[2011/02/21 12:49:15 | 001,663,331 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Rayan Wrestling Team.JPG
[2011/02/19 13:56:16 | 001,500,588 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\Globefish seafood highlights.pdf
[2011/02/19 13:50:35 | 000,834,240 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\Japan Tuna Report March 2004.pdf
[2011/02/19 12:41:24 | 000,116,724 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\senegal_fishery_profile_apr08.pdf
[2011/02/17 17:30:00 | 015,624,192 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\viviane ndour_1er anniversaire_.mp3
[2011/02/17 17:29:28 | 027,666,155 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\viviane ndour_1er anniversaire_.mp4
[2011/02/13 15:21:27 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2011/02/10 20:05:31 | 000,346,022 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Minecraft1.3_1
[2010/12/12 23:27:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/11 20:18:28 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010/12/11 18:16:01 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2010/12/11 18:14:28 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Thunder\Local Settings\Application Data\fusioncache.dat
[2010/12/11 17:57:39 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2010/12/11 17:57:38 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/12/11 17:57:38 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/12/11 17:57:38 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/12/11 17:57:38 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/12/11 17:57:38 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/09/19 16:11:47 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010/09/19 16:11:47 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/09/19 16:08:54 | 000,002,652 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2010/09/19 16:07:07 | 000,000,871 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2010/09/19 16:07:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/19 16:06:51 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2010/09/19 11:07:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2010/09/05 14:10:59 | 000,000,261 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2010/09/05 14:10:38 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/09/05 14:10:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2010/09/05 14:08:18 | 000,002,588 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/05 14:08:18 | 000,000,091 | ---- | C] () -- C:\WINDOWS\calera.ini
[2010/09/05 14:08:14 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2010/09/05 14:08:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2010/09/05 14:08:14 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2010/09/05 14:08:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2010/09/05 14:07:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\VISSETUP.INI
[2010/08/18 22:01:01 | 000,138,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/18 22:00:21 | 000,214,864 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/08/18 21:58:21 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/08/09 21:39:41 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini
[2010/04/11 12:31:43 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Thunder\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 16:37:48 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsl01.bin
[2009/12/27 15:38:13 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/12/27 15:38:10 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/12/14 21:09:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/16 16:48:57 | 000,000,615 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/11/14 16:46:17 | 000,000,100 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/11/14 14:39:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/08 11:22:55 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009/11/08 11:12:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/25 08:40:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/28 20:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/28 14:32:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/28 14:26:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/28 10:09:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/28 10:08:08 | 000,325,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/01 15:11:28 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0C.dll
[2007/05/01 15:11:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_10.dll
[2007/05/01 15:11:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0A.dll
[2007/05/01 15:11:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_09.dll
[2007/05/01 15:11:28 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_11.dll
[2007/05/01 15:11:26 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255.Dll
[2007/05/01 15:11:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_07.dll
[2007/05/01 15:11:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0402.dll
[2007/05/01 14:34:56 | 002,011,136 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12.Dll
[2007/05/01 14:34:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0C.dll
[2007/05/01 14:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_10.dll
[2007/05/01 14:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0A.dll
[2007/05/01 14:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_07.dll
[2007/05/01 14:34:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_09.dll
[2007/05/01 14:34:56 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0402.dll
[2007/05/01 14:34:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_11.dll
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 11:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 11:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 11:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 11:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 11:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 11:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 11:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2007/04/09 11:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/04/09 11:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 11:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 11:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/03/16 16:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/12/05 13:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/10/02 08:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/07/29 13:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/12 23:04:23 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\userport.sys
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,482,462 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,086,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/02 19:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 19:03:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\getvpdc.exe
[2004/08/02 19:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2004/06/19 20:07:42 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\userport.sys
[2004/03/11 00:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe

========== LOP Check ==========

[2010/09/01 07:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/09/01 07:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/11 20:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/12/11 20:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/09/05 19:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/07/25 19:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2010/12/11 18:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/12/27 14:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/24 20:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/08/06 21:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/12 00:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\.minecraft
[2010/08/24 11:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Blackberry Desktop
[2009/07/11 11:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/24 00:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\de
[2010/12/20 09:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\ElevatedDiagnostics
[2011/03/01 12:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\FreeBurner
[2006/11/10 20:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\javax
[2010/12/13 13:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Leadertech
[2006/11/10 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\org
[2010/12/11 20:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Pinnacle Systems
[2010/08/08 18:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Red Kawa
[2010/08/24 11:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Research In Motion
[2011/02/24 00:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\scalingrenderer
[2010/09/19 14:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Scan2PDF
[2010/09/30 08:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Windows Desktop Search
[2010/12/14 12:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Windows Live Writer
[2010/10/14 11:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\Windows Search
[2011/01/26 22:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\WindSolutions
[2010/12/27 20:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thunder\Application Data\xml-pull
[2011/03/12 13:17:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/12/11 18:32:15 | 000,702,934 | ---- | M] () -- C:\adorage-protocol.txt
[2010/12/11 17:57:39 | 000,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/02/10 22:11:47 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2009/06/28 14:29:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/01 07:30:53 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2011/03/12 13:11:44 | 1609,637,888 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/28 14:29:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/11 18:13:37 | 000,214,350 | ---- | M] () -- C:\MSDELog.log
[2009/06/28 14:29:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/28 18:00:03 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/11/14 13:32:00 | 803,741,696 | -HS- | M] () -- C:\pagefile.sys
[2011/03/12 13:12:11 | 001,436,239 | ---- | M] () -- C:\wialog.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/28 14:28:40 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[1999/01/29 00:01:00 | 000,014,336 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPPROC.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/12/13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/06/28 10:07:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/28 10:07:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/28 10:07:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
[2009/06/28 18:04:37 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2010/09/05 14:08:22 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\PaperPort.lnk
[2009/06/28 18:04:37 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2009/06/28 14:29:21 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2009/06/28 15:21:44 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-10 20:58:59

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: EXPLORER.SCF >
[2004/08/04 05:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: EXPLORER.ZIP >
[2009/06/03 20:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.CHM >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/04 05:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.EXE >
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui

< MD5 for: IEXPLORE.HLP >
[2004/08/04 05:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EXE >
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9AB561D

< End of report >

#5 Melax

Authentic Member

Authentic Member
47 posts

Posted 12 March 2011 - 01:24 PM

OTL scan results

Extras.txt

********************************************************************************
*********************************************************************************
**************************
OTL Extras logfile created on: 3/12/2011 2:08:38 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Thunder\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.38 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 35.60 Gb Free Space | 46.64% Space Free | Partition Type: NTFS

Computer Name: DELL-450 | User Name: Thunder | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Activision Value\FUN labs\Secret Service\Bin\ss.exe" = C:\Program Files\Activision Value\FUN labs\Secret Service\Bin\ss.exe:*:Enabled:ss
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault
"C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe" = C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe" = C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead
"E:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = E:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault
"E:\Program Files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe" = E:\Program Files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:*:Enabled:Star Wars™: Battlefront™
"E:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = E:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Disabled:BattlefrontII
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"E:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = E:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Thunder\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Thunder\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = E:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"E:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = E:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"E:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = E:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"E:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = E:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"E:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe" = E:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled:MediaManager Application -- (Pinnacle Systems)
"E:\Program Files\MOHAA.exe" = E:\Program Files\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe" = C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:Star Wars™: Republic Commando™
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"E:\Program Files\mohpa.exe" = E:\Program Files\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault™
"E:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe" = E:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™ -- (Electronic Arts Inc.)
"E:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe" = E:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:*:Enabled:Battlefield 2142 -- ()
"C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe" = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse
"E:\Program Files\Microsoft Games\FS2002\fs2002.exe" = E:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Enabled:Microsoft Flight Simulator Module -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0EDB6E89-5EA7-4275-8BB3-54FB190A5052}" = HP Install Network Printer Wizard
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E5A81BA-4702-490A-B729-0BFF6E7CBF96}" = Pinnacle PCI Performance Enhancer
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AviSynth" = AviSynth 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Dangerous Hunts" = Cabela's Dangerous Hunts
"EPSON Printer and Utilities" = EPSON Printer Software
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Free Easy Burner_is1" = Free Easy Burner V 4.1
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OneTouch Version 3.0" = OneTouch Version 3.0
"Picasa 3" = Picasa 3
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"PROSet" = Intel® PRO Ethernet Adapter and Software
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Scan2PDF_is1" = Scan2PDF 1.6
"Terminator Dongle5.0" = Terminator Dongle
"Visioneer PaperPort 6.1" = Visioneer PaperPort 6.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

#6 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 12 March 2011 - 10:16 PM

Hi Melax,

I currently have Microsoft security essentials running, so perhaps is it how this file got removed ?

Probably that is what happened.

Your java is out of date. Click your start button, open Control panel.

Locate the Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Services

:OTL
O4 - HKLM..\Run: [Window Movie Maker] File not found
O4 - HKCU..\Run: [Window Movie Maker] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Window Movie Maker = C:\Documents and Settings\Thunder\Application Data\beta.exe

:Files

:Commands
[emptytemp]
[createrestorepoint
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with

OTL fix log
MBAM log

Any problems?

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#7 Melax

Authentic Member

Authentic Member
47 posts

Posted 13 March 2011 - 12:44 PM

Hello Oldman, I ran OTL twice, because the first time I ran it under a limited account, I ran it again while logged as an administrator. I posted both logs. Malwarebytes didn't detect anything. The only two things I noticed are sometimes the Microsoft security essentials icon stays red, I have to click it to turn it green, The sound icon is missing when I log under thunder but it's been like that for a while. Thank you for your very valuable help Kind Regards. OTL Log #1 (Limited acct) ******************************************************************************** ************************************************************ All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Window Movie Maker scheduled to be deleted on reboot. Unable to create HKLM\Software\OldTimer Tools\OTL key. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Window Movie Maker deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Window Movie Maker deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. ->Temporary Internet Files folder emptied: 33170 bytes Unable to create HKLM\Software\OldTimer Tools\OTL key. ->Flash cache emptied: 41 bytes User: Guest User: LocalService User: NetworkService User: SR71 Administrator User: Thunder Unable to create HKLM\Software\OldTimer Tools\OTL key. ->Temp folder emptied: 452485916 bytes ->Temporary Internet Files folder emptied: 299496091 bytes ->Java cache emptied: 8279018 bytes ->FireFox cache emptied: 96325286 bytes ->Google Chrome cache emptied: 7204446 bytes ->Flash cache emptied: 155222 bytes %systemdrive% .tmp files removed: 0 bytes Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. %systemroot% .tmp files removed: 2195181 bytes Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. Unable to create HKLM\Software\OldTimer Tools\OTL key. %systemroot%\System32 .tmp files removed: 1162769 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 550815505 bytes Total Files Cleaned = 1,352.00 mb Error: Unable to interpret <[createrestorepoint> in the current context! OTL by OldTimer - Version 3.2.22.3 log created on 03132011_135804 ******************************************************************************** **************************** OTL Log #2 (Administrator) ******************************************************************************** ***************************** All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Window Movie Maker deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Window Movie Maker not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Window Movie Maker not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Guest ->Temp folder emptied: 10271 bytes ->Temporary Internet Files folder emptied: 786487 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 93891035 bytes ->Flash cache emptied: 1584 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 1213892 bytes ->Temporary Internet Files folder emptied: 33505 bytes User: SR71 Administrator ->Temp folder emptied: 12183194 bytes ->Temporary Internet Files folder emptied: 2005713 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 46720159 bytes ->Flash cache emptied: 497 bytes User: Thunder ->Temp folder emptied: 828 bytes ->Temporary Internet Files folder emptied: 130045 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2175612 bytes %systemroot%\System32 .tmp files removed: 1162769 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 14026309833 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 36747912 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 13,565.00 mb Error: Unable to interpret <[createrestorepoint> in the current context! OTL by OldTimer - Version 3.2.22.3 log created on 03132011_141158 ******************************************************************************** ******************************************************** Malwarebytes Log ******************************************************************************** ******************************************************** Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6044 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/13/2011 2:30:55 PM mbam-log-2011-03-13 (14-30-55).txt Scan type: Quick scan Objects scanned: 170795 Time elapsed: 6 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#8 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 13 March 2011 - 09:51 PM

Hi Melax,

I'm not sure what's going on with MSE. Will it start eventually if you don't click on it?

The sound icon is missing when I log under thunder but it's been like that for a while.

This may be just a registry enty that we can replace. Log onto an account in which the icon does show on the system tray and run OTL with the following instructions.

Next

Please open OTL

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)
In the window under Custom Scans/Fixes copy and paste the following

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
msconfig
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Next

Log onto the Thunder account and run the same scan.

Please post both logs.

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#9 Melax

Authentic Member

Authentic Member
47 posts

Posted 14 March 2011 - 04:54 PM

Hello Oldman,

I ran OTL under Thunder (with admin privileges), The sound icon is not present, and the MSE icon stays red. However when I go into the security center, the anti virus (MSE) shows started, I suspected it because when I double click on the red icon (or single click and the click "open") it instantly turns green. So it seems to be an icon status display issue and not the service itself. I'm posting the OTL log and then will copy the otl.exe file on the destop of theSR71 user to run it under that user name. I also noticed that if I switch user from Thunder (No sound icon) to SR71 (sound icon present) and then revert back to Thunder, the sound icon is present but when I reboot (Thunder) it's not there ! so it seems that the SR71 profile calls for the icon to be placed in the tray and as long as you do not reboot, the icon stays even when you switch users. The other way of displaying the icon under Thunder is to go to: control panel/sound & audio devices, untick the "place the volume icon in the task bar", click apply and then tick it click apply again...

********************************************************************************
************
OTL Log: Thunder (w/Admin privileges)
********************************************************************************
************

OTL logfile created on: 3/14/2011 6:32:18 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Thunder\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 17.64 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 35.48 Gb Free Space | 46.48% Space Free | Partition Type: NTFS

Computer Name: DELL-450 | User Name: Thunder | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/12 15:07:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thunder\Desktop\OTL.exe
PRC - [2011/03/05 00:42:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/01/19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

========== Modules (SafeList) ==========

MOD - [2011/03/12 15:07:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thunder\Desktop\OTL.exe
MOD - [2010/11/05 20:32:13 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2007/04/09 12:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)

========== Driver Services (SafeList) ==========

DRV - [2011/03/14 18:28:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{755F041A-545E-4088-A890-2DE6B9609B96}\MpKsl564be05d.sys -- (MpKsl564be05d)
DRV - [2011/01/01 19:28:59 | 000,138,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/06/10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/06/11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/05/24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/01 16:11:28 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0255.sys -- (SaiH0255)
DRV - [2007/05/01 15:34:56 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFF12.sys -- (SaiHFF12)
DRV - [2007/05/01 15:34:56 | 000,016,256 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiIFF12.sys -- (SaiIFF12) Immersion's HID USB Driver (FF12)
DRV - [2007/04/24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/03/01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/06/02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/01/06 14:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/08/18 16:33:48 | 000,014,564 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCLEPCI.sys -- (PCLEPCI)
DRV - [2003/08/08 04:01:00 | 000,004,256 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\userport.sys -- (UserPort)
DRV - [2002/10/16 14:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001/08/17 13:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "file:///E:/Advent%20files/Docs/bookmarks.html"
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/05 20:32:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/12 17:45:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 00:42:12 | 000,000,000 | ---D | M]

[2009/06/28 21:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thunder\Application Data\Mozilla\Extensions
[2011/03/14 15:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thunder\Application Data\Mozilla\Firefox\Profiles\4ddqcgf1.default\extensions
[2010/05/02 13:09:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Thunder\Application Data\Mozilla\Firefox\Profiles\4ddqcgf1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 15:12:01 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Thunder\Application Data\Mozilla\Firefox\Profiles\4ddqcgf1.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/03/14 15:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/31 14:00:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/12 20:59:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/29 12:36:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/13 13:46:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/05 20:32:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/12 20:58:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCLEPCI] C:\Program Files\Pinnacle\PPE\PPE.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe (EchoBahn.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1246220607619 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Thunder\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Thunder\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/11 18:57:39 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "WZCSVC"
MsConfig - Services: "TOSHIBA Bluetooth Service"
MsConfig - Services: "EPSONStatusAgent2"
MsConfig - Services: "CiSvc"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "mnmsrvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Thunder^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Thunder^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk - C:\Program Files\Visioneer\PaperPort\Config\Ereg\REMIND32.EXE - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Thunder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OneTouch Monitor - hkey= - key= - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

========== Files/Folders - Created Within 30 Days ==========

[2011/03/13 18:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Softland
[2011/03/13 18:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FBackup 4
[2011/03/13 18:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011/03/13 13:58:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/13 13:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/13 13:46:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/13 13:46:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/13 13:46:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/13 13:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/12 15:07:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thunder\Desktop\OTL.exe
[2011/03/10 19:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\My Pictures
[2011/03/10 19:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\My Videos
[2011/03/10 19:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\OneNote Notebooks
[2011/03/10 19:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\School
[2011/03/10 19:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\My Documents\Scan2PDF
[2011/03/10 12:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\Virus
[2011/03/10 12:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\New Folder
[2011/03/10 11:54:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Thunder\Desktop\HijackThis.exe
[2011/03/10 10:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\Malwarebytes
[2011/03/10 10:12:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/10 10:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/10 10:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/10 10:12:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/10 10:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/10 10:10:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Thunder\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/10 02:20:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Thunder\My Documents
[2011/03/10 01:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/10 01:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/10 01:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/10 01:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\bookmark g_files
[2011/03/10 01:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\World1
[2011/03/10 01:46:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/09 23:40:25 | 000,000,000 | ---D | C] -- C:\eeepc_iso
[2011/03/09 23:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2011/03/09 23:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\RMPrepUSB
[2011/03/09 10:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/03 21:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\xml-pull
[2011/03/03 21:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\scalingrenderer
[2011/03/03 21:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\org
[2011/03/03 21:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\javax
[2011/03/03 21:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\de
[2011/03/01 13:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\NT Password editor
[2011/03/01 12:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Application Data\FreeBurner
[2011/02/28 10:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Scan2PDF
[2011/02/28 00:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/02/25 10:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Desktop\Pictures Misc
[2011/02/23 19:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Local Settings\Application Data\AirMouse
[2011/02/23 19:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thunder\Local Settings\Application Data\Downloaded Installations
[2011/02/23 19:47:18 | 004,465,568 | ---- | C] (RPA Tech, Inc ) -- C:\Documents and Settings\Thunder\Desktop\setup2.5.0.exe
[2011/02/14 17:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/24 21:37:42 | 009,777,448 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/03/14 18:33:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/14 18:32:15 | 000,482,462 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 18:32:15 | 000,086,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/14 18:28:55 | 000,000,038 | ---- | M] () -- C:\WINDOWS\BMUpdate.ini
[2011/03/14 18:28:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/14 18:28:07 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2011/03/14 18:28:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/14 18:28:06 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1005.job
[2011/03/14 18:27:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/14 18:27:57 | 1609,637,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/14 18:27:11 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:27:11 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:27:11 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:27:11 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:27:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:18:57 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2011/03/14 18:03:04 | 014,746,624 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\outlook.pst
[2011/03/14 17:56:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/14 17:52:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1409082233-725345543-1003UA.job
[2011/03/14 15:30:47 | 000,573,885 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\duo_quickstartguide.pdf
[2011/03/14 10:41:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/14 10:35:56 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1409082233-725345543-1005.job
[2011/03/13 20:52:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1409082233-725345543-1003Core.job
[2011/03/13 18:44:48 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2011/03/13 17:51:11 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/13 15:29:10 | 000,002,652 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/03/13 14:54:52 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2011/03/12 15:07:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thunder\Desktop\OTL.exe
[2011/03/11 14:58:09 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/11 11:52:58 | 000,033,738 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\3900 Ford Road.jpg
[2011/03/10 20:15:48 | 016,395,215 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Performance4.pdf
[2011/03/10 17:07:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/10 16:55:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/10 16:39:11 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Microsoft Outlook 2010.lnk
[2011/03/10 11:54:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Thunder\Desktop\HijackThis.exe
[2011/03/10 10:12:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/10 10:11:24 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Thunder\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/09 23:10:08 | 001,548,199 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Install_RMPrepUSB_Lite_v2.1.617.zip
[2011/03/09 11:32:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/09 09:49:39 | 000,049,235 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\bookmark1.htm
[2011/03/09 09:48:35 | 000,052,074 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\bookmark.htm
[2011/03/08 00:31:08 | 010,321,985 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Floola-win.zip
[2011/03/07 23:53:53 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Microsoft Word 2010.lnk
[2011/03/07 20:41:59 | 000,723,718 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\SDK's Mods 1.3 v4.zip
[2011/03/07 20:10:14 | 000,072,749 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\ModLoader B1.3_01v5.zip
[2011/03/05 20:58:10 | 000,173,190 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\INVedit(2).zip
[2011/03/05 20:29:18 | 000,814,609 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\SDK's Mods 1.3 v1.zip
[2011/03/04 00:27:29 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk
[2011/03/02 11:35:07 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Thunder\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/02 10:56:52 | 000,027,163 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\ICAO TOEFL paper.pdf
[2011/03/01 15:30:22 | 000,231,507 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\Tax Return full version.pdf
[2011/03/01 15:28:21 | 000,205,044 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\Tax returns 2010.pdf
[2011/03/01 14:11:18 | 000,140,935 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\W2 Fox & Roach 2010.pdf
[2011/03/01 12:53:12 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Free Easy Burner.lnk
[2011/03/01 11:44:47 | 000,553,125 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\PFS_Online_Instruction_Workbook.pdf
[2011/02/28 12:32:19 | 006,154,847 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\1964 Tamatia Love- Sherman Offer.pdf
[2011/02/28 11:53:47 | 004,379,020 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\1964 1.pdf
[2011/02/28 10:53:51 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scan2PDF.lnk
[2011/02/26 18:01:26 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flight Instructor.lnk
[2011/02/26 18:01:26 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Install Fighter Ace 2.lnk
[2011/02/26 18:01:26 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flight Simulator 2002.lnk
[2011/02/26 09:50:40 | 000,003,352 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingMulti.class
[2011/02/24 01:16:40 | 000,011,129 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ModSettings.class
[2011/02/24 01:16:40 | 000,005,414 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\nr.class
[2011/02/24 01:16:40 | 000,004,136 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ModAction.class
[2011/02/24 01:16:40 | 000,003,272 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\GuiWidgetScreen.class
[2011/02/24 01:16:40 | 000,003,037 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingInt.class
[2011/02/24 01:16:40 | 000,002,909 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetText.class
[2011/02/24 01:16:40 | 000,002,888 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingFloat.class
[2011/02/24 01:16:40 | 000,002,849 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\bq.class
[2011/02/24 01:16:40 | 000,002,742 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\rf.class
[2011/02/24 01:16:40 | 000,002,674 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingKey.class
[2011/02/24 01:16:40 | 000,002,619 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetFloat.class
[2011/02/24 01:16:40 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetInt.class
[2011/02/24 01:16:40 | 000,002,518 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetClassicWindow.class
[2011/02/24 01:16:40 | 000,002,484 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetKeybinding.class
[2011/02/24 01:16:40 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\lo.class
[2011/02/24 01:16:40 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\GuiModScreen.class
[2011/02/24 01:16:40 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetBoolean.class
[2011/02/24 01:16:40 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingBoolean.class
[2011/02/24 01:16:40 | 000,001,935 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetMulti.class
[2011/02/24 01:16:40 | 000,001,895 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\SettingText.class
[2011/02/24 01:16:40 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetClassicTwocolumn.class
[2011/02/24 01:16:40 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetSetting.class
[2011/02/24 01:16:40 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ModSettingScreen.class
[2011/02/24 01:16:40 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\GuiModSelect.class
[2011/02/24 01:16:40 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\Subscreen.class
[2011/02/24 01:16:40 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ModCallback.class
[2011/02/24 01:16:40 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\Setting.class
[2011/02/24 01:16:40 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\WidgetSlider.class
[2011/02/24 01:16:40 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\ScreenScaleProxy.class
[2011/02/23 19:48:55 | 004,465,568 | ---- | M] (RPA Tech, Inc ) -- C:\Documents and Settings\Thunder\Desktop\setup2.5.0.exe
[2011/02/21 20:34:40 | 000,011,144 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\font.fnt
[2011/02/21 13:49:16 | 001,663,331 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\Rayan Wrestling Team.JPG
[2011/02/21 04:06:38 | 000,006,671 | ---- | M] () -- C:\Documents and Settings\Thunder\Application Data\twlGuiTheme.xml
[2011/02/19 14:56:16 | 001,500,588 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\Globefish seafood highlights.pdf
[2011/02/19 14:50:35 | 000,834,240 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\Japan Tuna Report March 2004.pdf
[2011/02/19 13:41:24 | 000,116,724 | ---- | M] () -- C:\Documents and Settings\Thunder\My Documents\senegal_fishery_profile_apr08.pdf
[2011/02/17 18:30:54 | 015,624,192 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\viviane ndour_1er anniversaire_.mp3
[2011/02/17 18:29:30 | 027,666,155 | ---- | M] () -- C:\Documents and Settings\Thunder\Desktop\viviane ndour_1er anniversaire_.mp4
[2011/02/13 16:22:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/03/14 15:30:41 | 000,573,885 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\duo_quickstartguide.pdf
[2011/03/13 18:44:48 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2011/03/12 18:14:34 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1005.job
[2011/03/12 18:14:33 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1409082233-725345543-1005.job
[2011/03/11 11:52:58 | 000,033,738 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\3900 Ford Road.jpg
[2011/03/10 22:33:03 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/10 20:13:38 | 016,395,215 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Performance4.pdf
[2011/03/10 17:07:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/10 12:51:50 | 1609,637,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/10 10:12:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 23:09:55 | 001,548,199 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Install_RMPrepUSB_Lite_v2.1.617.zip
[2011/03/09 10:29:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/09 09:49:39 | 000,049,235 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\bookmark1.htm
[2011/03/09 09:48:34 | 000,052,074 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\bookmark.htm
[2011/03/08 00:29:36 | 010,321,985 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Floola-win.zip
[2011/03/07 20:10:51 | 000,723,718 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\SDK's Mods 1.3 v4.zip
[2011/03/07 20:10:12 | 000,072,749 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\ModLoader B1.3_01v5.zip
[2011/03/05 20:53:22 | 000,173,190 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\INVedit(2).zip
[2011/03/05 20:24:46 | 000,814,609 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\SDK's Mods 1.3 v1.zip
[2011/03/04 00:27:29 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk
[2011/03/03 21:19:42 | 000,011,144 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\font.fnt
[2011/03/03 21:19:42 | 000,006,671 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\twlGuiTheme.xml
[2011/03/03 21:19:42 | 000,005,414 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\nr.class
[2011/03/03 21:19:42 | 000,002,742 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\rf.class
[2011/03/03 21:19:42 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\lo.class
[2011/03/03 21:19:42 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\twlGuiThemeIndentedbuttons.png
[2011/03/03 21:19:41 | 000,011,129 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ModSettings.class
[2011/03/03 21:19:41 | 000,004,136 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ModAction.class
[2011/03/03 21:19:41 | 000,003,352 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingMulti.class
[2011/03/03 21:19:41 | 000,003,272 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\GuiWidgetScreen.class
[2011/03/03 21:19:41 | 000,003,037 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingInt.class
[2011/03/03 21:19:41 | 000,002,909 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetText.class
[2011/03/03 21:19:41 | 000,002,888 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingFloat.class
[2011/03/03 21:19:41 | 000,002,849 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\bq.class
[2011/03/03 21:19:41 | 000,002,674 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingKey.class
[2011/03/03 21:19:41 | 000,002,619 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetFloat.class
[2011/03/03 21:19:41 | 000,002,573 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetInt.class
[2011/03/03 21:19:41 | 000,002,518 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetClassicWindow.class
[2011/03/03 21:19:41 | 000,002,484 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetKeybinding.class
[2011/03/03 21:19:41 | 000,002,363 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\GuiModScreen.class
[2011/03/03 21:19:41 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetBoolean.class
[2011/03/03 21:19:41 | 000,002,253 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingBoolean.class
[2011/03/03 21:19:41 | 000,001,935 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetMulti.class
[2011/03/03 21:19:41 | 000,001,895 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\SettingText.class
[2011/03/03 21:19:41 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetClassicTwocolumn.class
[2011/03/03 21:19:41 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetSetting.class
[2011/03/03 21:19:41 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ModSettingScreen.class
[2011/03/03 21:19:41 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\GuiModSelect.class
[2011/03/03 21:19:41 | 000,001,539 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\Subscreen.class
[2011/03/03 21:19:41 | 000,001,086 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ModCallback.class
[2011/03/03 21:19:41 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\Setting.class
[2011/03/03 21:19:41 | 000,000,487 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\WidgetSlider.class
[2011/03/03 21:19:41 | 000,000,299 | ---- | C] () -- C:\Documents and Settings\Thunder\Application Data\ScreenScaleProxy.class
[2011/03/02 10:56:52 | 000,027,163 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\ICAO TOEFL paper.pdf
[2011/03/01 15:30:22 | 000,231,507 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\Tax Return full version.pdf
[2011/03/01 15:28:21 | 000,205,044 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\Tax returns 2010.pdf
[2011/03/01 14:11:18 | 000,140,935 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\W2 Fox & Roach 2010.pdf
[2011/03/01 12:53:12 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Free Easy Burner.lnk
[2011/03/01 11:44:47 | 000,553,125 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\PFS_Online_Instruction_Workbook.pdf
[2011/02/28 12:32:19 | 006,154,847 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\1964 Tamatia Love- Sherman Offer.pdf
[2011/02/28 11:53:47 | 004,379,020 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\1964 1.pdf
[2011/02/28 10:53:51 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scan2PDF.lnk
[2011/02/26 18:01:26 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flight Instructor.lnk
[2011/02/26 18:01:26 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Install Fighter Ace 2.lnk
[2011/02/26 18:01:26 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flight Simulator 2002.lnk
[2011/02/21 13:49:15 | 001,663,331 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\Rayan Wrestling Team.JPG
[2011/02/19 14:56:16 | 001,500,588 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\Globefish seafood highlights.pdf
[2011/02/19 14:50:35 | 000,834,240 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\Japan Tuna Report March 2004.pdf
[2011/02/19 13:41:24 | 000,116,724 | ---- | C] () -- C:\Documents and Settings\Thunder\My Documents\senegal_fishery_profile_apr08.pdf
[2011/02/17 18:30:00 | 015,624,192 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\viviane ndour_1er anniversaire_.mp3
[2011/02/17 18:29:28 | 027,666,155 | ---- | C] () -- C:\Documents and Settings\Thunder\Desktop\viviane ndour_1er anniversaire_.mp4
[2011/02/13 16:21:27 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2010/12/13 00:27:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/11 21:18:28 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010/12/11 19:16:01 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2010/12/11 19:14:28 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Thunder\Local Settings\Application Data\fusioncache.dat
[2010/12/11 18:57:39 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2010/12/11 18:57:38 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/12/11 18:57:38 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/12/11 18:57:38 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/12/11 18:57:38 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/12/11 18:57:38 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/09/19 17:11:47 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010/09/19 17:11:47 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/09/19 17:08:54 | 000,002,652 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2010/09/19 17:07:07 | 000,000,871 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2010/09/19 17:07:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/19 17:06:51 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2010/09/19 12:07:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2010/09/05 15:10:59 | 000,000,261 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2010/09/05 15:10:38 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/09/05 15:10:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2010/09/05 15:08:18 | 000,002,588 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/05 15:08:18 | 000,000,091 | ---- | C] () -- C:\WINDOWS\calera.ini
[2010/09/05 15:08:14 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2010/09/05 15:08:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2010/09/05 15:08:14 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2010/09/05 15:08:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2010/09/05 15:07:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\VISSETUP.INI
[2010/08/24 12:59:51 | 001,913,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/18 23:01:01 | 000,138,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/18 23:00:21 | 000,214,864 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/08/18 22:58:21 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/08/09 22:39:41 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini
[2010/04/11 13:31:43 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Thunder\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 17:37:48 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsl01.bin
[2009/12/27 16:38:13 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/12/27 16:38:10 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/12/14 22:09:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/16 17:48:57 | 000,000,615 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/11/14 17:46:17 | 000,000,100 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/11/14 15:39:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/08 12:22:55 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009/11/08 12:12:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/25 09:40:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/28 21:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/28 15:32:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/28 15:26:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/28 11:09:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/28 11:08:08 | 000,325,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/01 16:11:28 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0C.dll
[2007/05/01 16:11:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_10.dll
[2007/05/01 16:11:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0A.dll
[2007/05/01 16:11:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_09.dll
[2007/05/01 16:11:28 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_11.dll
[2007/05/01 16:11:26 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255.Dll
[2007/05/01 16:11:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_07.dll
[2007/05/01 16:11:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0402.dll
[2007/05/01 15:34:56 | 002,011,136 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12.Dll
[2007/05/01 15:34:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0C.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_10.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0A.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_07.dll
[2007/05/01 15:34:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_09.dll
[2007/05/01 15:34:56 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0402.dll
[2007/05/01 15:34:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_11.dll
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2007/04/09 12:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/12/05 14:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/07/29 14:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/13 00:04:23 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\userport.sys
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,482,462 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,086,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/02 20:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 20:03:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\getvpdc.exe
[2004/08/02 20:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2004/06/19 21:07:42 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\userport.sys
[2004/03/11 01:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe

========== Custom Scans ==========

< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008/04/13 20:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BMUpdate" = C:\WINDOWS\system32\BMUpdate.exe -- [2001/07/03 14:12:36 | 000,176,128 | ---- | M] (EchoBahn.com)

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9AB561D

< End of report >

#10 Melax

Authentic Member

Authentic Member
47 posts

Posted 14 March 2011 - 05:03 PM

OTL log: SR71 (admin) , Sound icon present in tray and oh yes The MSE icon turned green without my interaction so I do not know what accounts for the delay ?

********************************************************************************
*********************************************************************************
**************************

OTL logfile created on: 3/14/2011 7:01:06 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\SR71 Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 17.64 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 35.48 Gb Free Space | 46.48% Space Free | Partition Type: NTFS

Computer Name: DELL-450 | User Name: SR71 Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/12 15:07:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SR71 Administrator\Desktop\OTL.exe
PRC - [2011/03/05 00:42:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/01/19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

========== Modules (SafeList) ==========

MOD - [2011/03/12 15:07:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SR71 Administrator\Desktop\OTL.exe
MOD - [2010/11/05 20:32:13 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2007/04/09 12:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2007/02/25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)

========== Driver Services (SafeList) ==========

DRV - [2011/03/14 18:28:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{755F041A-545E-4088-A890-2DE6B9609B96}\MpKsl564be05d.sys -- (MpKsl564be05d)
DRV - [2011/01/01 19:28:59 | 000,138,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/06/10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/06/11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/05/24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/01 16:11:28 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0255.sys -- (SaiH0255)
DRV - [2007/05/01 15:34:56 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFF12.sys -- (SaiHFF12)
DRV - [2007/05/01 15:34:56 | 000,016,256 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiIFF12.sys -- (SaiIFF12) Immersion's HID USB Driver (FF12)
DRV - [2007/04/24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/03/01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/06/02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/01/06 14:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/08/18 16:33:48 | 000,014,564 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCLEPCI.sys -- (PCLEPCI)
DRV - [2003/08/08 04:01:00 | 000,004,256 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\userport.sys -- (UserPort)
DRV - [2002/10/16 14:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001/08/17 13:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/05 20:32:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/12 17:45:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 00:42:12 | 000,000,000 | ---D | M]

[2011/03/12 17:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SR71 Administrator\Application Data\Mozilla\Extensions
[2011/03/13 18:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SR71 Administrator\Application Data\Mozilla\Firefox\Profiles\nd5di18u.default\extensions
[2011/03/12 18:49:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SR71 Administrator\Application Data\Mozilla\Firefox\Profiles\nd5di18u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/14 15:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/31 14:00:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/12 20:59:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/29 12:36:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/13 13:46:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/05 20:32:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/12 20:58:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCLEPCI] C:\Program Files\Pinnacle\PPE\PPE.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1246220607619 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\SR71 Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SR71 Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/11 18:57:39 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "WZCSVC"
MsConfig - Services: "TOSHIBA Bluetooth Service"
MsConfig - Services: "EPSONStatusAgent2"
MsConfig - Services: "CiSvc"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "mnmsrvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Thunder^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Thunder^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk - C:\Program Files\Visioneer\PaperPort\Config\Ereg\REMIND32.EXE - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Thunder\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OneTouch Monitor - hkey= - key= - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

========== Files/Folders - Created Within 30 Days ==========

[2011/03/14 18:57:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SR71 Administrator\Desktop\OTL.exe
[2011/03/13 18:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Softland
[2011/03/13 18:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FBackup 4
[2011/03/13 18:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011/03/13 18:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Softland
[2011/03/13 17:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\skypePM
[2011/03/13 17:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Skype
[2011/03/13 14:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Local Settings\Application Data\Google
[2011/03/13 14:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Google
[2011/03/13 14:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Malwarebytes
[2011/03/13 14:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Windows Search
[2011/03/13 13:58:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/13 13:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/13 13:46:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/13 13:46:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/13 13:46:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/13 13:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/13 13:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Sun
[2011/03/13 13:42:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SR71 Administrator\PrivacIE
[2011/03/12 18:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\My Documents\Downloads
[2011/03/12 17:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Local Settings\Application Data\Adobe
[2011/03/12 17:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Adobe
[2011/03/12 17:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Local Settings\Application Data\Mozilla
[2011/03/12 17:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Mozilla
[2011/03/11 20:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Real
[2011/03/11 20:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Identities
[2011/03/11 19:59:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SR71 Administrator\My Documents\My Music
[2011/03/11 19:59:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SR71 Administrator\My Documents\My Pictures
[2011/03/11 19:59:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SR71 Administrator\IETldCache
[2011/03/11 19:59:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Microsoft
[2011/03/11 19:59:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data
[2011/03/11 19:59:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SR71 Administrator\Favorites
[2011/03/11 19:59:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SR71 Administrator\Cookies
[2011/03/11 19:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Application Data\Macromedia
[2011/03/11 19:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Desktop
[2011/03/11 19:59:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SR71 Administrator\SendTo
[2011/03/11 19:59:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SR71 Administrator\Recent
[2011/03/11 19:59:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SR71 Administrator\Start Menu\Programs\Startup
[2011/03/11 19:59:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SR71 Administrator\Start Menu
[2011/03/11 19:59:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SR71 Administrator\My Documents
[2011/03/11 19:59:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SR71 Administrator\Start Menu\Programs\Accessories
[2011/03/11 19:59:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SR71 Administrator\Templates
[2011/03/11 19:59:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SR71 Administrator\PrintHood
[2011/03/11 19:59:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SR71 Administrator\NetHood
[2011/03/11 19:59:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SR71 Administrator\Local Settings
[2011/03/11 19:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SR71 Administrator\Local Settings\Application Data\Microsoft
[2011/03/10 10:12:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/10 10:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/10 10:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/10 10:12:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/10 10:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/10 01:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/10 01:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/10 01:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/10 01:46:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/09 23:40:25 | 000,000,000 | ---D | C] -- C:\eeepc_iso
[2011/03/09 23:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2011/03/09 23:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\RMPrepUSB
[2011/03/09 10:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/28 10:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Scan2PDF
[2011/02/28 00:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/02/14 17:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/24 21:37:42 | 009,777,448 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/03/14 18:56:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/14 18:55:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/14 18:55:50 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1005.job
[2011/03/14 18:55:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/14 18:55:49 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2011/03/14 18:52:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1409082233-725345543-1003UA.job
[2011/03/14 18:33:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/14 18:32:15 | 000,482,462 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 18:32:15 | 000,086,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/14 18:28:55 | 000,000,038 | ---- | M] () -- C:\WINDOWS\BMUpdate.ini
[2011/03/14 18:27:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/14 18:27:57 | 1609,637,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/14 18:27:11 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:27:11 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:27:11 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:27:11 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:27:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/03/14 18:18:57 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2011/03/14 10:41:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/14 10:35:56 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1409082233-725345543-1005.job
[2011/03/13 20:52:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1409082233-725345543-1003Core.job
[2011/03/13 18:44:48 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2011/03/13 17:51:11 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/13 15:29:10 | 000,002,652 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/03/13 14:54:52 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2011/03/12 18:54:40 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\SR71 Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/12 15:07:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SR71 Administrator\Desktop\OTL.exe
[2011/03/11 20:00:09 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\SR71 Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/11 20:00:08 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\SR71 Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/11 14:58:09 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/10 17:07:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/10 16:55:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/10 10:12:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 11:32:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/28 10:53:51 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scan2PDF.lnk
[2011/02/26 18:01:26 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flight Instructor.lnk
[2011/02/26 18:01:26 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Install Fighter Ace 2.lnk
[2011/02/26 18:01:26 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flight Simulator 2002.lnk
[2011/02/13 16:22:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/03/13 18:44:48 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2011/03/12 18:54:12 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\SR71 Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/12 18:14:34 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1005.job
[2011/03/12 18:14:33 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1409082233-725345543-1005.job
[2011/03/11 20:00:09 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\SR71 Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/11 20:00:09 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\SR71 Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/03/11 20:00:08 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\SR71 Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/11 20:00:00 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\SR71 Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/03/11 19:59:43 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\SR71 Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/03/11 19:59:43 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\SR71 Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/03/10 22:33:03 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/10 17:07:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/10 12:51:50 | 1609,637,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/10 10:12:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 10:29:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/02/28 10:53:51 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scan2PDF.lnk
[2011/02/26 18:01:26 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flight Instructor.lnk
[2011/02/26 18:01:26 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Install Fighter Ace 2.lnk
[2011/02/26 18:01:26 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flight Simulator 2002.lnk
[2011/02/13 16:21:27 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1409082233-725345543-1003.job
[2010/12/13 00:27:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/11 21:18:28 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010/12/11 19:16:01 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2010/12/11 18:57:39 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2010/12/11 18:57:38 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/12/11 18:57:38 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/12/11 18:57:38 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/12/11 18:57:38 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/12/11 18:57:38 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/09/19 17:11:47 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010/09/19 17:11:47 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/09/19 17:08:54 | 000,002,652 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2010/09/19 17:07:07 | 000,000,871 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2010/09/19 17:07:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/19 17:06:51 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2010/09/19 12:07:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2010/09/05 15:10:59 | 000,000,261 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2010/09/05 15:10:38 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/09/05 15:10:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2010/09/05 15:08:18 | 000,002,588 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/05 15:08:18 | 000,000,091 | ---- | C] () -- C:\WINDOWS\calera.ini
[2010/09/05 15:08:14 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2010/09/05 15:08:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2010/09/05 15:08:14 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2010/09/05 15:08:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2010/09/05 15:07:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\VISSETUP.INI
[2010/08/24 12:59:51 | 001,913,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/18 23:01:01 | 000,138,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/18 23:00:21 | 000,214,864 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/08/18 22:58:21 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/08/09 22:39:41 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini
[2010/01/31 17:37:48 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsl01.bin
[2009/12/27 16:38:13 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/12/27 16:38:10 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/12/14 22:09:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/16 17:48:57 | 000,000,615 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/11/14 17:46:17 | 000,000,100 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/11/14 15:39:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/08 12:22:55 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009/11/08 12:12:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/25 09:40:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/28 21:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/28 15:32:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/28 15:26:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/28 11:09:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/28 11:08:08 | 000,325,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/01 16:11:28 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0C.dll
[2007/05/01 16:11:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_10.dll
[2007/05/01 16:11:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0A.dll
[2007/05/01 16:11:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_09.dll
[2007/05/01 16:11:28 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_11.dll
[2007/05/01 16:11:26 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255.Dll
[2007/05/01 16:11:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_07.dll
[2007/05/01 16:11:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0255_0402.dll
[2007/05/01 15:34:56 | 002,011,136 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12.Dll
[2007/05/01 15:34:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0C.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_10.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0A.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_07.dll
[2007/05/01 15:34:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_09.dll
[2007/05/01 15:34:56 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0402.dll
[2007/05/01 15:34:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_11.dll
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2007/04/09 12:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/12/05 14:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/07/29 14:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/13 00:04:23 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\userport.sys
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,482,462 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,086,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/02 20:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 20:03:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\getvpdc.exe
[2004/08/02 20:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2004/06/19 21:07:42 | 000,004,256 | ---- | C] () -- C:\WINDOWS\System32\userport.sys
[2004/03/11 01:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe

========== Custom Scans ==========

< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008/04/13 20:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9AB561D

< End of report >

Advertisements

Register to Remove

#11 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 15 March 2011 - 06:58 AM

Hi Melax,

The MSE icon turned green without my interaction so I do not know what accounts for the delay ?

It may be applying updates. Any message is you hover the cursor over the icon when it's red?

We are talking about the Windows sound icon? If so, in the Thunder account

Click Start, and then click Run.
Copy and paste or type the following command in the Open box, and then click OK:
mmsys.cpl
Click to select the Place volume icon in the taskbar check box.
Click OK.

Is it back?

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#12 Melax

Authentic Member

Authentic Member
47 posts

Posted 15 March 2011 - 12:57 PM

Hi Old Man, When the cursor is on the red MSE icon, the message is : "Computer Status-at risk", It seems to take about 3 to 5mins for the icon to turn green on its own. If I double click on it it immediately turns green. However, as I mentioned it previously, if I go into the security center, the anti virus (MSE) is on and green. As for the sound Icon in the tray, the "place volume icon" is already checked, in order to get the icon, I have to uncheck it, click apply an then recheck it and hit apply. Kind regards,

#13 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 15 March 2011 - 06:54 PM

Hi Melax,

The red icon with MSE appears to be a bug in some versions. The programs is actually running. What version do you have?

Thanks for clarifing what happens to the volume control. We can probably get the sound icon to stay in the tray with a reg tweak. First I'd like to get an export of some registry entries.

Be sure to use the None button as outlined in the instructions, it will make for a shorter log.

Log into the Thunder account and run the following scan

Next

Please open OTL

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following
(do not copy the word code)

(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSaveSettings /rs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|SystemTray /rs
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell|BagMRU Size /rs
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam|BagMRU Size /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#14 Melax

Authentic Member

Authentic Member
47 posts

Posted 16 March 2011 - 08:03 AM

Hi Old man, The MSE version currently running is: 2.0.657.0 I ran the OLT Scan, I attached the Zipped file because it’s way too long to paste it. Kind Regards,

Attached Files

OTL.zip 100.33KB 232 downloads

#15 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 16 March 2011 - 05:46 PM

Hi Melax,

One of the solutions to the red icon in MSE when running XP is to uninstall Windows Defender. Seems there may be a conflict over resources. There are a few other solutions such as using a password to log into the account(s).
http://answers.micro...60-649bb6288f6a

Let's see if we can ge the icon fixed.

Log into the Thunder account. Do what you need to do to make the sound icon show on the system tray.

Once the icon is present download this File and save it your desktop.

You shold now have a file called savesettings.reg on your desktop with an icon like this Posted Image

Right click on the file and click merge. Accept any warning.

Reboot your computer, the icon should still show on the tray.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Body Background

skin color theme