Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Run As pop-up window won't go away

Started by smurf_inferno , Dec 24 2011 09:36 PM

Please log in to reply

23 replies to this topic

#1 smurf_inferno

Active Member

Active Members
42 posts

Posted 24 December 2011 - 09:36 PM

Greetings GSF,

I have gotten, for the second time, a pop-up window that I cannot close. It's a grey system window that says "Run As" and then asks "which user do you want to use to run this program." It gives me two options -- myself and a system administrator. No other program identification. The last time I got this, I rebooted, and lost connectivity to the Internet. I had to restore my settings from a week earlier, then run MSE. And things have been fine for two weeks.

Now the pop-up is back and I'm afraid to reboot. Malwarebytes is asking for a reboot. While it ran MSE popped up and removed an infection. Here's the report:

"Category: Trojan Dropper

"Description: This program is dangerous and installs other programs.

"Recommended action: Remove this software immediately.

"Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

"Items:
file:C:\Documents and Settings\rfindlay\Local Settings\Temp\wrasecxonm.tmp"

Here is the first log from Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122405

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/24/2011 3:25:01 PM
mbam-log-2011-12-24 (15-25-01).txt

Scan type: Quick scan
Objects scanned: 224402
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\NUSB3w32.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\rfindlay\Local Settings\Temp\oswcmexnra.exe (Trojan.Agent) -> Delete on reboot.
c:\Documents and Settings\rfindlay\Local Settings\Temp\kna0.035574431538801465.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\Documents and Settings\rfindlay\Local Settings\Temp\msimg32.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\NUSB3w32.dll (Trojan.Dropper) -> Delete on reboot.
c:\documents and settings\rfindlay\local settings\Temp\wrasecxonm.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

If I can reboot successfully, I'll put in the rest of the logs. Let me know if I need to do other things.

#2 smurf_inferno

Active Member

Active Members
42 posts

Posted 24 December 2011 - 10:43 PM

Okay. I rebooted successfully. And I didn't lose the connection (man, has THAT been a big issue lately). I'm running Windows XP on a Toshiba Protege M700-S7044V.

Here are the remaining logs. Extras.txt did NOT appear on my desktop. I can re-run OTL if you request.

OTL

OTL logfile created on: 12/24/2011 4:27:56 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rfindlay\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 62.25% Memory free
3.81 Gb Paging File | 3.11 Gb Available in Paging File | 81.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 132.43 Gb Total Space | 66.64 Gb Free Space | 50.32% Space Free | Partition Type: NTFS

Computer Name: M700-09-205 | User Name: rfindlay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/01 23:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 18:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/12 18:23:02 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TTPDSRV.exe
PRC - [2007/11/01 15:11:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/12 14:10:48 | 000,806,912 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/09/29 17:33:48 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () -- C:\WINDOWS\system32\WacomTouchService.exe
PRC - [2007/09/27 15:12:52 | 000,107,816 | ---- | M] () -- C:\WINDOWS\system32\WTouchUser.exe
PRC - [2007/09/07 17:11:28 | 000,531,072 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/08/28 17:09:56 | 001,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/08/28 17:09:52 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/08/28 17:09:46 | 000,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/08/22 19:26:00 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2007/07/19 17:27:18 | 004,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/05/22 11:50:02 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/04/13 20:16:16 | 000,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/09 20:07:02 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007/01/09 15:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/08/09 21:48:08 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
PRC - [2006/07/20 21:49:32 | 000,327,680 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 14:13:00 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/04/26 19:35:02 | 000,090,112 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2006/04/10 20:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/16 15:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2005/11/29 22:45:36 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/06/28 22:43:00 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2005/05/17 13:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2005/01/17 18:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/16 13:56:52 | 000,090,112 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
PRC - [2004/06/30 18:29:34 | 000,049,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe
PRC - [2004/02/24 17:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/24 12:18:47 | 000,037,888 | ---- | M] () -- C:\WINDOWS\system32\USB3Nw32.dll
MOD - [2011/10/12 19:19:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 19:19:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/12 19:17:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 19:16:59 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/12 19:16:47 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 17:11:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 17:11:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 17:05:55 | 001,855,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_a9ab4c1a\system.dll
MOD - [2011/10/12 17:05:46 | 003,301,376 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_5f1b90a4\mscorlib.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/17 09:53:29 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2008/06/17 09:51:48 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll
MOD - [2008/06/17 09:51:48 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll
MOD - [2008/06/17 09:51:47 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll
MOD - [2008/04/13 18:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/23 20:57:34 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/10/08 15:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () -- C:\WINDOWS\system32\WacomTouchService.exe
MOD - [2007/09/27 15:12:52 | 000,107,816 | ---- | M] () -- C:\WINDOWS\system32\WTouchUser.exe
MOD - [2007/07/19 17:27:18 | 004,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2007/05/17 15:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NecUsb)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/24 16:06:06 | 000,017,408 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\rpcnetp.exe -- (rpcnetp)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/07 12:51:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/03 13:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/11/12 18:23:02 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TTPDSRV.exe -- (TTPDSrv)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WacomTouchService.exe -- (WacomTouchService)
SRV - [2007/09/07 17:11:28 | 000,531,072 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/08/28 17:09:56 | 001,464,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®
SRV - [2007/08/28 17:09:52 | 000,182,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/08/28 17:09:46 | 000,121,368 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/17 18:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Driver Services (SafeList) ==========

DRV - [2011/12/24 16:06:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B9F88-084E-465A-8DFB-59EFAB764905}\MpKsl228c1608.sys -- (MpKsl228c1608)
DRV - [2011/12/24 15:39:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B9F88-084E-465A-8DFB-59EFAB764905}\MpKsl18f5cb31.sys -- (MpKsl18f5cb31)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/11/06 17:25:36 | 000,101,888 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/01 16:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/09/06 18:28:44 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/30 14:44:58 | 000,030,248 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2007/07/12 12:41:52 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/04/27 12:19:00 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/04/16 11:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/03/26 14:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/09 17:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/02/22 17:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/22 14:55:10 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2007/02/21 20:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 14:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 18:44:00 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/01/24 16:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/23 05:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/09/13 00:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/Result-- The nicest hobby on Earth ;) --t.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com//?oref=login"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:3.7.0.6
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\rfindlay\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\rfindlay\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 22:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 22:26:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\rfindlay\Application Data\Move Networks [2010/01/22 08:17:06 | 000,000,000 | ---D | M]

[2009/08/24 15:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Extensions
[2011/11/29 18:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\extensions
[2010/04/27 07:16:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/29 18:05:14 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2011/09/01 23:38:00 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\searchplugins\conduit.xml
[2011/11/09 22:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/05/05 10:32:39 | 000,236,669 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8286 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRot.exe] c:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WTouchUser] C:\WINDOWS\system32\WTouchUser.exe ()
O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spa.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{833D61C5-4222-4DED-A90C-4D6AABF0AC6F}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54EF26F-BF6E-46A5-9DF3-16BEEDC10ACE}: DhcpNameServer = 10.0.12.41 10.0.12.42
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (USB3Nw32.dll) - C:\WINDOWS\System32\USB3Nw32.dll ()
O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O20 - Winlogon\Notify\TSigNP: DllName - (TSigNP.dll) - C:\WINDOWS\System32\TSigNP.dll (TOSHIBA)
O20 - Winlogon\Notify\USB3Nw32: DllName - (USB3Nw32.dll) - C:\WINDOWS\System32\USB3Nw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\rfindlay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rfindlay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 20:59:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/24 15:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/24 15:09:44 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/24 12:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/24 12:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/24 12:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Local Settings\Application Data\SanctionedMedia
[2011/12/13 08:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/02 09:36:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/02 00:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\My Documents\Security
[2011/12/01 23:49:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
[2011/12/01 23:29:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\TFC.exe
[2011/12/01 08:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Application Data\Malwarebytes
[2011/12/01 08:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/01 08:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 09:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\My Documents\Stadium
[2011/11/27 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Application Data\Qywoom
[2007/11/23 22:17:53 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2007/11/23 22:17:53 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[1 C:\Documents and Settings\rfindlay\Desktop\*.tmp files -> C:\Documents and Settings\rfindlay\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/24 16:17:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/24 16:11:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/24 16:07:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/24 16:06:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/24 16:06:06 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/12/24 16:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/24 15:09:50 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/24 15:05:13 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/12/24 13:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/24 12:23:16 | 000,103,733 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:23:16 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/24 12:18:47 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\USB3Nw32.dll
[2011/12/19 13:33:17 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Microsoft\Internet Explorer\Quick Launch\OneNote 2007.lnk
[2011/12/18 15:40:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 19:44:34 | 001,677,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 17:32:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/13 08:46:03 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/02 00:09:35 | 000,879,649 | ---- | M] () -- C:\Documents and Settings\rfindlay\Desktop\SecurityCheck.exe
[2011/12/01 23:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
[2011/12/01 23:29:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\TFC.exe
[2011/11/27 23:36:29 | 000,027,811 | ---- | M] () -- C:\Documents and Settings\rfindlay\My Documents\houstons-hope-gary-kubiak.jpg
[1 C:\Documents and Settings\rfindlay\Desktop\*.tmp files -> C:\Documents and Settings\rfindlay\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/24 15:09:50 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/24 12:23:16 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:23:16 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/24 12:18:47 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\USB3Nw32.dll
[2011/12/13 08:50:10 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/13 08:46:03 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/13 08:44:51 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/13 08:28:24 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/12/02 00:09:34 | 000,879,649 | ---- | C] () -- C:\Documents and Settings\rfindlay\Desktop\SecurityCheck.exe
[2011/11/27 23:36:06 | 000,027,811 | ---- | C] () -- C:\Documents and Settings\rfindlay\My Documents\houstons-hope-gary-kubiak.jpg
[2010/09/28 22:07:47 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/28 22:07:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7020.DAT
[2010/08/19 20:23:52 | 000,056,264 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/22 22:17:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/07 12:24:42 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/10/23 15:17:02 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\rfindlay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/04 08:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/15 14:10:21 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2008/05/15 13:24:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 11:46:20 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2008/05/05 11:46:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2008/05/05 11:43:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/02 13:15:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/02 13:13:55 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/05/02 13:12:01 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/05/02 13:12:00 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/05/02 13:12:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/05/02 13:12:00 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/05/02 13:05:44 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/02 13:05:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/23 22:52:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/23 22:52:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/23 22:52:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/23 22:52:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/23 22:52:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/23 22:52:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/11/23 22:32:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/11/23 22:17:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2007/11/23 22:15:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/11/23 22:14:57 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2007/11/23 21:00:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/23 20:56:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/23 19:45:57 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007/11/23 19:45:40 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/23 19:45:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\gtfirstboot.exe
[2007/11/23 19:41:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/11/23 19:41:38 | 000,467,430 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/11/23 19:41:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/11/23 19:41:38 | 000,080,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/11/23 19:41:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/11/23 19:41:36 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/11/23 19:41:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/11/23 19:41:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/11/23 19:41:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/11/23 19:41:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/11/23 19:41:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/11/23 19:40:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/11/23 19:40:47 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2007/11/23 12:54:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/23 12:53:46 | 001,677,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/05 15:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2000/02/25 20:08:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\rfindlay\Local Settings\Application Data\fusioncache.dat
[2000/01/01 08:58:32 | 000,107,816 | ---- | C] () -- C:\WINDOWS\System32\WTouchUser.exe
[2000/01/01 08:58:01 | 000,095,528 | ---- | C] () -- C:\WINDOWS\System32\WacomTouchService.exe

========== LOP Check ==========

[2008/05/15 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2009/08/24 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/04/30 08:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/06/21 23:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/25 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/11 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/27 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\CiscoCAA
[2010/09/27 12:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\CoreFTP
[2011/10/12 19:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Dropbox
[2010/10/15 11:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\HandBrake
[2009/09/21 11:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Inspiration Software
[2007/11/27 07:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\InterVideo
[2011/10/12 19:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Nvu
[2010/09/20 15:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\OpenOffice.org
[2011/12/02 08:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Qywoom
[2011/04/22 08:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Serif
[2011/03/24 08:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\toshiba
[2007/11/23 22:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\WinBatch
[2009/08/27 07:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Windows Desktop Search
[2009/12/14 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Windows Search
[2011/12/24 16:11:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C1A9365

< End of report >

SECURITY CHECK

Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Java version out of date!
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player ( 10.3.183.7) Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Have a great holiday! And thanks for all your help over the years!

#3 LoPhatPhuud

Master of Disaster Recovery

General Admin
15,731 posts

Posted 25 December 2011 - 04:21 PM

Glad to hear the reboot was successful. Two things to do...

1. Run MBAM again, and post the new log in this thread.

2. Scan with MSE and advise the results.

#4 smurf_inferno

Active Member

Active Members
42 posts

Posted 25 December 2011 - 10:56 PM

Thank you. I've run both scans. The Malwarebytes log is below. Ran an MSE full scan and it found no threats. I also notice that something called Ping.exe is running, sucking up a ton of bandwidth. I've used the task manager to end it, but it comes back after I close and reload Firefox. Neither Malwarebytes nor MSE cleaned it off. Is that a virus?

Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122405

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/25/2011 2:39:19 PM
mbam-log-2011-12-25 (14-39-19).txt

Scan type: Quick scan
Objects scanned: 229936
Time elapsed: 20 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 LoPhatPhuud

Master of Disaster Recovery

General Admin
15,731 posts

Posted 25 December 2011 - 11:56 PM

Please go to http://www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.

<b>
C:\WINDOWS\System32\USB3Nw32.dll
</b>

Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.

#6 smurf_inferno

Active Member

Active Members
42 posts

Posted 26 December 2011 - 05:24 PM

Note on yesterday's Ping activity: That thing kept reloading itself, about every two or three minutes. It didn't matter whether I had a web browser open or not. This morning I have not seen any activity from Ping.

Followed your instructions. I found one file, I think. I am pasting both the URL and scan results. Thank you:

http://www.virustota...11bb-1324919316

File name:
USB3Nw32.dll
Submission date:
2011-12-26 17:08:36 (UTC)
Current status:
finished
Result:
21/ 43 (48.8%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.26.00 2011.12.26 Trojan/Win32.Sasfis
AntiVir 7.11.20.18 2011.12.25 -
Antiy-AVL 2.0.3.7 2011.12.26 Trojan/Win32.Sasfis.gen
Avast 6.0.1289.0 2011.12.25 Win32:Malware-gen
AVG 10.0.0.1190 2011.12.26 Generic26.APOD
BitDefender 7.2 2011.12.26 Gen:Variant.Sasfis.2
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.26 -
ClamAV 0.97.3.0 2011.12.26 -
Commtouch 5.3.2.6 2011.12.25 -
Comodo 11093 2011.12.26 TrojWare.Win32.TrojanDownloader.Murlo.~JH2
DrWeb 5.0.2.03300 2011.12.26 Trojan.Siggen3.28020
Emsisoft 5.1.0.11 2011.12.26 Trojan.Win32.Sasfis!IK
eSafe 7.0.17.0 2011.12.25 -
eTrust-Vet 37.0.9646 2011.12.26 -
F-Prot 4.6.5.141 2011.12.25 -
F-Secure 9.0.16440.0 2011.12.26 Gen:Variant.Sasfis.2
Fortinet 4.3.388.0 2011.12.26 W32/Sasfis.AFE!tr
GData 22 2011.12.26 Gen:Variant.Sasfis.2
Ikarus T3.1.1.109.0 2011.12.26 Trojan.Win32.Sasfis
Jiangmin 13.0.900 2011.12.26 -
K7AntiVirus 9.120.5775 2011.12.26 Trojan
Kaspersky 9.0.0.837 2011.12.26 Trojan.Win32.Sasfis.ctjn
McAfee 5.400.0.1158 2011.12.26 BackDoor-FDD
McAfee-GW-Edition 2010.1E 2011.12.26 -
Microsoft 1.7903 2011.12.26 -
NOD32 6743 2011.12.26 -
Norman 6.07.13 2011.12.26 W32/Suspicious_Gen2.UKUGR
nProtect 2011-12-26.01 2011.12.26 Gen:Variant.Sasfis.2
Panda 10.0.3.5 2011.12.26 Generic Trojan
PCTools 8.0.0.5 2011.12.26 -
Prevx 3.0 2011.12.26 -
Rising 23.89.06.07 2011.12.26 -
Sophos 4.72.0 2011.12.26 Mal/Agent-AFE
SUPERAntiSpyware 4.40.0.1006 2011.12.24 -
Symantec 20111.2.0.82 2011.12.26 -
TheHacker 6.7.0.1.365 2011.12.25 -
TrendMicro 9.500.0.1008 2011.12.26 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.26 TROJ_GEN.R72C9LP
VBA32 3.12.16.4 2011.12.26 Trojan.Sasfis.cqoq
VIPRE 11308 2011.12.26 -
ViRobot 2011.12.26.4847 2011.12.26 -
VirusBuster 14.1.133.0 2011.12.25 -
Additional information
MD5 : df5c8604056e007a2b2066856debc454
SHA1 : 593e67f17d44f141023476ecb86c25d752fbd578
SHA256: bc55dc1c55a02fafc14f8a9c3ba304d0e99f03385285b37328ef2565f88611bb

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

#7 smurf_inferno

Active Member

Active Members
42 posts

Posted 26 December 2011 - 05:31 PM

Note: Ping.exe is back. Sigh.

#8 LoPhatPhuud

Master of Disaster Recovery

General Admin
15,731 posts

Posted 26 December 2011 - 07:29 PM

The file ping.exe is a legitimate Micosoft program. The issue is what program is using it? But that is not the pressing issue. There is a trojan that needs to be removed.

First:
Run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:
CODE
:OTL
MOD - [2011/12/24 12:18:47 | 000,037,888 | ---- | M] () -- C:\WINDOWS\system32\USB3Nw32.dll
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (USB3Nw32.dll) - C:\WINDOWS\System32\USB3Nw32.dll ()
O20 - Winlogon\Notify\USB3Nw32: DllName - (USB3Nw32.dll) - C:\WINDOWS\System32\USB3Nw32.dll ()

:Services

:Reg

:Files
C:\WINDOWS\System32\USB3Nw32.dll

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Second:
Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.

#9 smurf_inferno

Active Member

Active Members
42 posts

Posted 26 December 2011 - 08:17 PM

When I run OTL the second time, am I running a scan? Or a fix with the same custom info put in the box like last time?

Here's the OTL Fix log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NecUsb3Sevice\ deleted successfully.
C:\WINDOWS\system32\USB3Nw32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\USB3Nw32\ deleted successfully.
File C:\WINDOWS\System32\USB3Nw32.dll not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\System32\USB3Nw32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 21770 bytes
->Temporary Internet Files folder emptied: 612083213 bytes
->Java cache emptied: 1076 bytes
->Flash cache emptied: 25879 bytes

User: rfindlay
->Temp folder emptied: 670044 bytes
->Temporary Internet Files folder emptied: 5781978 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 120785339 bytes
->Flash cache emptied: 5652 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24263462 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1124615 bytes

Total Files Cleaned = 729.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: rfindlay
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12262011_140224

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#10 smurf_inferno

Active Member

Active Members
42 posts

Posted 26 December 2011 - 09:31 PM

Here's the OTL scan. I also checked the LOP and Purity Check boxes.

OTL logfile created on: 12/26/2011 3:20:33 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rfindlay\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.34% Memory free
3.81 Gb Paging File | 2.70 Gb Available in Paging File | 70.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 132.43 Gb Total Space | 66.63 Gb Free Space | 50.32% Space Free | Partition Type: NTFS

Computer Name: M700-09-205 | User Name: rfindlay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/01 23:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 18:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/12 18:23:02 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TTPDSRV.exe
PRC - [2007/11/01 15:11:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/12 14:10:48 | 000,806,912 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/09/29 17:33:48 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () -- C:\WINDOWS\system32\WacomTouchService.exe
PRC - [2007/09/27 15:12:52 | 000,107,816 | ---- | M] () -- C:\WINDOWS\system32\WTouchUser.exe
PRC - [2007/09/07 17:11:28 | 000,531,072 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/08/28 17:09:56 | 001,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/08/28 17:09:52 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/08/28 17:09:46 | 000,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/08/22 19:26:00 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2007/07/19 17:27:18 | 004,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/05/22 11:50:02 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/04/13 20:16:16 | 000,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/09 20:07:02 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007/01/09 15:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/08/09 21:48:08 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
PRC - [2006/07/20 21:49:32 | 000,327,680 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 14:13:00 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/04/26 19:35:02 | 000,090,112 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2006/04/10 20:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/16 15:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2005/11/29 22:45:36 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/06/28 22:43:00 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2005/05/17 13:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2005/01/17 18:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/16 13:56:52 | 000,090,112 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
PRC - [2004/06/30 18:29:34 | 000,049,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe
PRC - [2004/02/24 17:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/12 19:19:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 19:19:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/12 19:17:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 19:16:59 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/12 19:16:47 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 17:11:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 17:11:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 17:05:55 | 001,855,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_a9ab4c1a\system.dll
MOD - [2011/10/12 17:05:46 | 003,301,376 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_5f1b90a4\mscorlib.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/17 09:53:29 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2008/06/17 09:51:48 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll
MOD - [2008/06/17 09:51:48 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll
MOD - [2008/06/17 09:51:47 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll
MOD - [2008/04/13 18:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/23 20:57:34 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/10/08 15:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () -- C:\WINDOWS\system32\WacomTouchService.exe
MOD - [2007/09/27 15:12:52 | 000,107,816 | ---- | M] () -- C:\WINDOWS\system32\WTouchUser.exe
MOD - [2007/07/19 17:27:18 | 004,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2007/05/17 15:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NecUsb)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/26 15:01:59 | 000,017,408 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\rpcnetp.exe -- (rpcnetp)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/07 12:51:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/03 13:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/11/12 18:23:02 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TTPDSRV.exe -- (TTPDSrv)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WacomTouchService.exe -- (WacomTouchService)
SRV - [2007/09/07 17:11:28 | 000,531,072 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/08/28 17:09:56 | 001,464,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®
SRV - [2007/08/28 17:09:52 | 000,182,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/08/28 17:09:46 | 000,121,368 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/17 18:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Driver Services (SafeList) ==========

DRV - [2011/12/26 15:02:17 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{836CED61-0550-498D-AE45-7C84D77DCBC9}\MpKsl9c5648ba.sys -- (MpKsl9c5648ba)
DRV - [2011/12/26 14:08:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{836CED61-0550-498D-AE45-7C84D77DCBC9}\MpKsl19e5ecef.sys -- (MpKsl19e5ecef)
DRV - [2011/12/26 13:57:48 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{836CED61-0550-498D-AE45-7C84D77DCBC9}\MpKslad0e4681.sys -- (MpKslad0e4681)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/11/06 17:25:36 | 000,101,888 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/01 16:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/09/06 18:28:44 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/30 14:44:58 | 000,030,248 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2007/07/12 12:41:52 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/04/27 12:19:00 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/04/16 11:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/03/26 14:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/09 17:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/02/22 17:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/22 14:55:10 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2007/02/21 20:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 14:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 18:44:00 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/01/24 16:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/23 05:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/09/13 00:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/Result-- The nicest hobby on Earth ;) --t.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com//?oref=login"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:3.7.0.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\rfindlay\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\rfindlay\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 22:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 22:26:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\rfindlay\Application Data\Move Networks [2010/01/22 08:17:06 | 000,000,000 | ---D | M]

[2009/08/24 15:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Extensions
[2011/12/24 18:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\extensions
[2010/04/27 07:16:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/01 23:38:00 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\searchplugins\conduit.xml
[2011/11/09 22:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/05/05 10:32:39 | 000,236,669 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8286 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRot.exe] c:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WTouchUser] C:\WINDOWS\system32\WTouchUser.exe ()
O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spa.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{833D61C5-4222-4DED-A90C-4D6AABF0AC6F}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54EF26F-BF6E-46A5-9DF3-16BEEDC10ACE}: DhcpNameServer = 10.0.12.41 10.0.12.42
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (USB3Nw32.dll) - File not found
O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O20 - Winlogon\Notify\TSigNP: DllName - (TSigNP.dll) - C:\WINDOWS\System32\TSigNP.dll (TOSHIBA)
O24 - Desktop WallPaper: C:\Documents and Settings\rfindlay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rfindlay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 20:59:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/24 21:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/24 15:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/24 15:09:44 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/24 12:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/24 12:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/24 12:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Local Settings\Application Data\SanctionedMedia
[2011/12/13 08:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/02 09:36:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/02 00:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\My Documents\Security
[2011/12/01 23:49:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
[2011/12/01 23:29:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\TFC.exe
[2011/12/01 08:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Application Data\Malwarebytes
[2011/12/01 08:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/01 08:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 09:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\My Documents\Stadium
[2011/11/27 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Application Data\Qywoom
[2007/11/23 22:17:53 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2007/11/23 22:17:53 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[1 C:\Documents and Settings\rfindlay\Desktop\*.tmp files -> C:\Documents and Settings\rfindlay\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 15:17:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/26 15:13:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 15:07:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/26 15:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 15:02:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 15:01:59 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/12/25 13:39:36 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/12/24 15:09:50 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/24 13:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/24 12:23:16 | 000,103,733 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:23:16 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/19 13:33:17 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Microsoft\Internet Explorer\Quick Launch\OneNote 2007.lnk
[2011/12/18 15:40:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 19:44:34 | 001,677,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 17:32:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/13 08:46:03 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/02 00:09:35 | 000,879,649 | ---- | M] () -- C:\Documents and Settings\rfindlay\Desktop\SecurityCheck.exe
[2011/12/01 23:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
[2011/12/01 23:29:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\TFC.exe
[2011/11/27 23:36:29 | 000,027,811 | ---- | M] () -- C:\Documents and Settings\rfindlay\My Documents\houstons-hope-gary-kubiak.jpg
[1 C:\Documents and Settings\rfindlay\Desktop\*.tmp files -> C:\Documents and Settings\rfindlay\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/24 15:09:50 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/24 12:23:16 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:23:16 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/13 08:50:10 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/13 08:46:03 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/13 08:44:51 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/13 08:28:24 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/12/02 00:09:34 | 000,879,649 | ---- | C] () -- C:\Documents and Settings\rfindlay\Desktop\SecurityCheck.exe
[2011/11/27 23:36:06 | 000,027,811 | ---- | C] () -- C:\Documents and Settings\rfindlay\My Documents\houstons-hope-gary-kubiak.jpg
[2010/09/28 22:07:47 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/28 22:07:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7020.DAT
[2010/08/19 20:23:52 | 000,056,264 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/22 22:17:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/07 12:24:42 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/10/23 15:17:02 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\rfindlay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/04 08:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/15 14:10:21 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2008/05/15 13:24:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 11:46:20 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2008/05/05 11:46:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2008/05/05 11:43:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/02 13:15:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/02 13:13:55 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/05/02 13:12:01 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/05/02 13:12:00 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/05/02 13:12:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/05/02 13:12:00 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/05/02 13:05:44 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/02 13:05:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/23 22:52:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/23 22:52:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/23 22:52:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/23 22:52:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/23 22:52:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/23 22:52:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/11/23 22:32:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/11/23 22:17:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2007/11/23 22:15:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/11/23 22:14:57 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2007/11/23 21:00:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/23 20:56:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/23 19:45:57 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007/11/23 19:45:40 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/23 19:45:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\gtfirstboot.exe
[2007/11/23 19:41:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/11/23 19:41:38 | 000,467,430 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/11/23 19:41:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/11/23 19:41:38 | 000,080,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/11/23 19:41:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/11/23 19:41:36 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/11/23 19:41:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/11/23 19:41:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/11/23 19:41:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/11/23 19:41:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/11/23 19:41:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/11/23 19:40:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/11/23 19:40:47 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2007/11/23 12:54:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/23 12:53:46 | 001,677,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/05 15:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2000/02/25 20:08:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\rfindlay\Local Settings\Application Data\fusioncache.dat
[2000/01/01 08:58:32 | 000,107,816 | ---- | C] () -- C:\WINDOWS\System32\WTouchUser.exe
[2000/01/01 08:58:01 | 000,095,528 | ---- | C] () -- C:\WINDOWS\System32\WacomTouchService.exe

========== LOP Check ==========

[2008/05/15 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2009/08/24 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/04/30 08:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/06/21 23:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/25 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/11 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/27 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\CiscoCAA
[2010/09/27 12:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\CoreFTP
[2011/10/12 19:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Dropbox
[2010/10/15 11:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\HandBrake
[2009/09/21 11:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Inspiration Software
[2007/11/27 07:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\InterVideo
[2011/10/12 19:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Nvu
[2010/09/20 15:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\OpenOffice.org
[2011/12/02 08:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Qywoom
[2011/04/22 08:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Serif
[2011/03/24 08:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\toshiba
[2007/11/23 22:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\WinBatch
[2009/08/27 07:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Windows Desktop Search
[2009/12/14 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Windows Search
[2011/12/26 15:07:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C1A9365

< End of report >

#11 smurf_inferno

Active Member

Active Members
42 posts

Posted 26 December 2011 - 10:54 PM

Add: That Ping.exe may be a legitimate Windows program, but something is slowing mys system down to non-functional levels. When I bring up the Task Manager, I see Ping at the top, its memory usage a good six or seven times that of any other process (like Firefox). Twice today, the system has slowed down so much, the cursor stops moving, it takes minutes for a window to "paint," and I've had to force shut down.

Not sure what's causing this. After I reboot things are fine for a while. I hope what we're doing isn't causing, but solving this.

Thanks for all the help. - R

#12 LoPhatPhuud

Master of Disaster Recovery

General Admin
15,731 posts

Posted 27 December 2011 - 12:18 AM

Thanks for the info. One more file to check. It can be both good and bad. Need to check.

Please go to http://www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.

<b>
C:\WINDOWS\system32\rpcnetp.exe
</b>

Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.

#13 LoPhatPhuud

Master of Disaster Recovery

General Admin
15,731 posts

Posted 27 December 2011 - 12:41 AM

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
http://www.dslreports.com/faq/16564

#14 smurf_inferno

Active Member

Active Members
42 posts

Posted 27 December 2011 - 10:46 PM

Here is the VirusTotal URL and log:

http://www.virustota...daad-1325025455

File name:
rpcnetp.exe
Submission date:
2011-12-27 22:37:35 (UTC)
Current status:
finished
Result:
2/ 43 (4.7%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.27.00 2011.12.27 -
AntiVir 7.11.20.49 2011.12.27 -
Antiy-AVL 2.0.3.7 2011.12.27 -
Avast 6.0.1289.0 2011.12.27 -
AVG 10.0.0.1190 2011.12.27 Suspicion: unknown virus
BitDefender 7.2 2011.12.27 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.27 -
ClamAV 0.97.3.0 2011.12.27 -
Commtouch 5.3.2.6 2011.12.27 -
Comodo 11111 2011.12.27 -
DrWeb 5.0.2.03300 2011.12.27 -
Emsisoft 5.1.0.11 2011.12.27 -
eSafe 7.0.17.0 2011.12.25 -
eTrust-Vet 37.0.9649 2011.12.27 -
F-Prot 4.6.5.141 2011.12.27 -
F-Secure 9.0.16440.0 2011.12.27 -
Fortinet 4.3.388.0 2011.12.27 -
GData 22 2011.12.27 -
Ikarus T3.1.1.109.0 2011.12.27 -
Jiangmin 13.0.900 2011.12.27 -
K7AntiVirus 9.120.5786 2011.12.27 Trojan
Kaspersky 9.0.0.837 2011.12.27 -
McAfee 5.400.0.1158 2011.12.27 -
McAfee-GW-Edition 2010.1E 2011.12.27 -
Microsoft 1.7903 2011.12.27 -
NOD32 6747 2011.12.27 -
Norman 6.07.13 2011.12.27 -
nProtect 2011-12-27.01 2011.12.27 -
Panda 10.0.3.5 2011.12.27 -
PCTools 8.0.0.5 2011.12.27 -
Prevx 3.0 2011.12.27 -
Rising 23.90.01.02 2011.12.27 -
Sophos 4.72.0 2011.12.27 -
SUPERAntiSpyware 4.40.0.1006 2011.12.27 -
Symantec 20111.2.0.82 2011.12.27 -
TheHacker 6.7.0.1.366 2011.12.27 -
TrendMicro 9.500.0.1008 2011.12.27 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.27 -
VBA32 3.12.16.4 2011.12.27 -
VIPRE 11313 2011.12.27 -
ViRobot 2011.12.27.4849 2011.12.27 -
VirusBuster 14.1.136.0 2011.12.27 -
Additional information
MD5 : 29b57cb6e15b39cf5c2b8b45143546ed
SHA1 : 6d97c61479445cc7e8d6ba9394c92f79e6b52209
SHA256: 46c04164b5f43a04a18246f760c218459a08d55718472494d364692dee99daad

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

#15 smurf_inferno

Active Member

Active Members
42 posts

Posted 28 December 2011 - 01:35 AM

Here's the log for AntiRookit. It found over a hundred hidden files, but did not recommend any of them for removal.

Sophos Anti-Rootkit Version 1.5.20 © 2009 Sophos Plc
Started logging on 12/27/2011 at 16:50:33 PM
User "rfindlay" on computer "M700-09-205"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3BEOODA\ngr=celery;sz=616x75;path=food-recipes;path=ingredients-guide;path=celery-00100000062657;dcove=d;pgurl=1;rhost=www.realsimple[1].com;tile=7;ord=374864770147
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LDV1XOKX\90%2c101x1;path=food-recipes;path=ingredients-guide;path=celery-00100000062657;dcove=d;dcopt=ist;pgurl=1;rhost=www.realsimple[1].com;tile=3;ord=374864770147
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1FXGXVAP\rsseg=10458;rsseg=72639;rsseg=10586;qc=d;ptype=channel;sz=940x50;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;rhost=www.realsimple[1].com;tile=2;ord=312256991125
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HGF7MCG8\gr=celery;sz=300x100;path=food-recipes;path=ingredients-guide;path=celery-00100000062657;dcove=d;pgurl=1;rhost=www.realsimple[1].com;tile=8;ord=374864770147
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W6Q341YW\technology;path=make-realsimplecom-your-home-page-00000000008597;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;rhost=www.realsimple[1].com;tile=3;ord=101912791419
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\ngr=celery;sz=170x30;path=food-recipes;path=ingredients-guide;path=celery-00100000062657;dcove=d;pgurl=1;rhost=www.realsimple[1].com;tile=4;ord=374864770147
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D29HA14J\ajs[1].php
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\55FAU4DV\ca[1]
Hidden: file C:\Documents and Settings\rfindlay\My Documents\Downloads\Install Files\coreftplite.exe
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\h=food-recipes;path=ingredients-guide;path=celery-00100000062657;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;rhost=www.realsimple[1].com;tile=6;ord=374864770147
Hidden: file C:\Documents and Settings\NetworkService\Cookies\WZBHJ0UV.txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H0Z39321\sz=300x250%2c300x600;path=food-recipes;path=ingredients-guide;path=celery-00100000062657;dcove=d;pgurl=1;rhost=www.realsimple[1].com;tile=5;ord=374864770147
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\December2011-Brand-Specific-AfterChristmasSale-728x90[1].gif
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\tagcloud[2].swf
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1FXGXVAP\config[1].json
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GLQTKBLO\bg-advertisement-large[1].gif
Hidden: file C:\System Volume Information\_restore{765B3D1D-9F4D-4CF8-9FA9-8D8A5105F6AC}\RP802\A0131127.sys
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1FXGXVAP\education;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=16;sz=468x62,300x251;;source=site;t=;tile=2;ord=2844876059029990[1]
Hidden: file C:\Program Files\Toshiba\ConfigFree\CFBTSrch.exe
Hidden: file C:\Documents and Settings\NetworkService\Cookies\G0GD730H.txt
Hidden: file C:\WINDOWS\SUPPORT\TOOLS\MSRDPCLI.EXE
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D29HA14J\log[2].txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\55FAU4DV\223425799[1].jpg
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\eos_content;rating=pg;ctype=video;referrer=bidsystem[1].com;playlist_id=6673476;video_id=6665682;tag=listerine;sz=4x4;tile=1;sec=videos_content;ord=87393963
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LDV1XOKX\mcls=ATF;tile=1;ord=4175466269871058;u=_fmnuce0d83a3d2ca4efcdbe7996a08db280c_fmlce86d059edc3dbaabe5de13935d837082e_fmvcc7b5d34ca1129e97143a8c44d916c5eb3;[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PRKPYY4S\quant[1].js
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1FXGXVAP\ting=pg;ctype=video;referrer=bidsystem[1].com;playlist_id=6673476;video_id=6665682;tag=listerine;sz=728x90,1x1,970x66;tile=2;sec=videos_content;ord=87393963
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HGF7MCG8\rating=pg;ctype=video;referrer=bidsystem[1].com;playlist_id=6673476;video_id=6665682;tag=listerine;sz=300x250,300x600;tile=4;sec=videos_content;ord=87393963
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1FXGXVAP\_content;rating=pg;ctype=video;referrer=bidsystem[1].com;playlist_id=6673476;video_id=6665682;tag=listerine;sz=300x80;tile=5;sec=videos_content;ord=87393963
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HGF7MCG8\_content;rating=pg;ctype=video;referrer=bidsystem[1].com;playlist_id=6673476;video_id=6665682;tag=listerine;sz=728x91;tile=6;sec=videos_content;ord=87393963
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\background_gradient[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\32OAFR04\.1i;btg=dx.4;btg=dx.9;btg=dx.12;btg=dx.15;btg=dx.22;btg=dx.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx[1].36;ord=4701326
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\32OAFR04\.1i;btg=dx.4;btg=dx.9;btg=dx.12;btg=dx.15;btg=dx.22;btg=dx.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx[1].36;ord=4702185
Hidden: file C:\Documents and Settings\Default\Local Settings\Temp\_uninstall5100
Hidden: file C:\WINDOWS\Options\Added programs\ScratchInstaller.exe
Hidden: file C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
Hidden: file C:\System Volume Information\_restore{765B3D1D-9F4D-4CF8-9FA9-8D8A5105F6AC}\RP819\A0132449.rbf
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H0Z39321\828e6,food,iblocal.jobs_l-an.93-ex.arl;;sz=728x90;net=iblocal;ord1=66014;cmw=nowl;contx=food;dc=d;btg=iblocal.jobs_l;btg=an.93;btg=ex[1].arl;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NCH23BRQ\-recipes;path=ingredients-guide;path=celery-00100000062657;dcove=d;cmpos=globalheader;cmtyp=tout;pgurl=1;rhost=www.realsimple[1].com;tile=1;ord=374864770147
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y9JVSDX5\al.jobs_l;;sz=300x250;net=cm;env=ifr;ord1=952532;dcopt=ist;cmw=owl;contx=trav;an=20;bu=100;br=44;dc=d;btg=ex.arl;btg=an.93;btg=iblocal[1].jobs_l;ord=7626805
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y9JVSDX5\cal.jobs_l;;sz=728x90;net=cm;env=ifr;ord1=124064;dcopt=ist;cmw=owl;contx=trav;an=20;bu=100;br=44;dc=d;btg=ex.arl;btg=an.93;btg=iblocal[1].jobs_l;ord=7626711
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1FXGXVAP\al.jobs_l;;sz=160x600;net=cm;env=ifr;ord1=896961;dcopt=ist;cmw=owl;contx=trav;an=20;bu=100;br=44;dc=d;btg=ex.arl;btg=an.93;btg=iblocal[1].jobs_l;ord=7627023
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\717081708
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\Desktop.ini
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\L\erhheinl
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\cfg.ini
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\@
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\U\00000002.@
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\U\00000004.@
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\U\80000000.@
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\U\80000004.@
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\bckfg.tmp
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\kwrd.dll
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LDV1XOKX\sion;dcopt=ist;tile=1;sz=300x250;title=thejackiechanadventuresfullepisodes;tag%3da- Read our board rules -lechristmas%3btag%3dfistsoffury%3btag%3dkraftlong%3bord=6375504505[1]
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\lsflt7.ver
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LDV1XOKX\h=food-recipes;path=ingredients-guide;path=celery-00100000062657;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;rhost=www.realsimple[1].com;tile=2;ord=374864770147
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C60K12B8\MDB4MjUw-ALy0R6QA-gCmAPAB6gDAeAEAaAGFg%2526num%253D0%2526sig%253DAOD64_37X0y3CPp_aMZqzgFgTp69t9cl9Q%2526client%253Dca-pub-7154010006226795%2526adurl%253D[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PRKPYY4S\crossdomainCAE5TY4B.xml
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3BEOODA\crossdomain[2].xml
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W6Q341YW\GetAd[1].aspx
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y9JVSDX5\31931-2[1].js
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\AdServerServlet[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C60K12B8\ad[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GLQTKBLO\adServer[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GLQTKBLO\local_atf[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H0Z39321\AdServerServlet[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1FXGXVAP\beacon[4].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HGF7MCG8\default;pos=3;tile=3;sz=160x600;ord=3765221439[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NCH23BRQ\seller_menu[1].css
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\32ZHY387\ads[3]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C60K12B8\bsg%3D124346%3Bbsg%3D127636%3Bbsg%3D1174483%3Bbsg%3D1177003%3Bbsg%3D1170643%3Bbsg%3D1180723%3Bbsg%3D1172443%3B%3B~aopt%3D2%2F0%2F9c37%2F0%3B~sscs%3D%3F[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\32ZHY387\searchmedia[1].gif
Hidden: file C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0358AE62-6A9C-4549-B87B-680300A983F0}\mpengine.dll
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\queen-elizabeth-122511-3[1].jpg
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PRKPYY4S\skin[1].js
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\royal-last-042911-4[1].jpg
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NCH23BRQ\149835[1].jpg
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U9L3QGP9\150689[1].jpg
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\32ZHY387\continue-ofie[1].html
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3BEOODA\star_rating_5[1].gif
Hidden: file C:\Documents and Settings\NetworkService\Cookies\LI4TY9G4.txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NMVU5WM3\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[1].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PRKPYY4S\AdDisplayTrackerServlet[3].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3BEOODA\jquery[2].js
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\isolate[1].html
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\isolate[2].html
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W6Q341YW\AdDisplayTrackerServlet[4].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HGF7MCG8\take-behind-scenes-look-hobbit-set-572133[1].txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\3783538161660454864[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PRKPYY4S\AdDisplayTrackerServlet[4].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HGF7MCG8\aT0xNzA3LHM9NzI4eDkwLG49aWZyYW1lLGI9MA==[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LDV1XOKX\aT0xNzA3LHM9MzAweDI1MCxuPWlmcmFtZSxiPTA=[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LDV1XOKX\AdDisplayTrackerServlet[4].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NMVU5WM3\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[2].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PYD783EW\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[1].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PYD783EW\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[2].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EUQGWMUY\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[1].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PYD783EW\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[3].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NMVU5WM3\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[3].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PYD783EW\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[4].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\17NC2EEV\womenshealthbase_com[1].txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PYD783EW\.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[5].at5;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D29HA14J\lick.net%252Fadi%252Fbuz.hark%252Fmisc%253Bpos%253D160a%253Bexp%253D1%253Badnt%253D1%253Btile%253D4%253Bsz%253D160x600%253Bord%253D935349903966974[1].9%253F
Hidden: file C:\Program Files\Google\Google Earth\plugin\ie\6.1.0.5001\plugin_ax.dll
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\click.net%252Fadi%252Fbuz[1].hark%252Fmisc%253Bpos%253D300b%253Badnt%253D1%253Btile%253D2%253Bsz%253D300x250%253Bexp%253D0%253Bord%253D5161720750264547%253F
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D29HA14J\click.net%252Fadi%252Fbuz[1].hark%252Fmisc%253Bpos%253D160a%253Bexp%253D0%253Badnt%253D1%253Btile%253D4%253Bsz%253D160x600%253Bord%253D3391298609238655%253F
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H0Z39321\28e6,food,iblocal.jobs_l-an.93-ex.arl;;sz=300x250;net=iblocal;ord1=565986;cmw=owl;contx=food;dc=d;btg=iblocal.jobs_l;btg=an.93;btg=ex[1].arl;ord=[timestamp]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0L93HV6D\mcls=ATF;tile=1;ord=3612486853614438;u=_fmnu6319f265264719c2f90838cb78df9c41_fmlce86d059edc3dbaabe5de13935d837082e_fmvc5dae6b859c0b872cf8f5cf75571420b91;[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\t_intro%3Bsubchannel%3Dindex%3Babr%3Dwebtvs%3Bctx%3D23%3Bctx%3D150%3Bctx%3D151%3Bctx%3D379%3Bpos%3D1%3Btile%3D1%3Bsz%3D728x90%3Bord%3D378001866262868[1].txt
Hidden: file C:\System Volume Information\_restore{765B3D1D-9F4D-4CF8-9FA9-8D8A5105F6AC}\RP775\A0128298.rbf
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\st[1].txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0D081K5M\2F%252Fmeviodisplayads.com%252Ffw-nonplayer-banner[1].php%253Fw%253D728%2526h%253D90%2526fwcsid%253Dhome%2526is_ex%253Dno%2526btype%253D1%2526zone%253Dshows
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\st[2].txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0D081K5M\2F%252Fmeviodisplayads.com%252Ffw-nonplayer-banner[2].php%253Fw%253D728%2526h%253D90%2526fwcsid%253Dhome%2526is_ex%253Dno%2526btype%253D1%2526zone%253Dshows
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0D081K5M\btg=dx.22;btg=dx.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[2].xml
Hidden: file C:\Documents and Settings\rfindlay\My Documents\Downloads\Install Files\avc-free.exe
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1FXGXVAP\bsg%3D124346%3Bbsg%3D127636%3Bbsg%3D1174483%3Bbsg%3D1177003%3Bbsg%3D1170643%3Bbsg%3D1180723%3Bbsg%3D1172443%3B%3B~aopt%3D2%2F0%2F9d37%2F0%3B~sscs%3D%3F[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D29HA14J\mcls=ATF;tile=1;ord=4741832326594477;u=_fmnu6319f265264719c2f90838cb78df9c41_fmlce86d059edc3dbaabe5de13935d837082e_fmvce6a4dd8476155658567f0d4ab34180370;[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0D081K5M\btg=dx.22;btg=dx.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[1].xml
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\U\00000001.@
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0D081K5M\x.23;btg=dx.37;btg=dx.38;btg=dx.39;btg=dx.28;btg=dx.29;btg=dx.30;btg=dx.34;btg=dx.36;btg=dx.25;btg=mm.aa5;btg=mm.af1;btg=mm.ar1;btg=mm[1].at5;ord=c6fa8a567a
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0D081K5M\28x90;click=440434426http%3A%2F%2Ffeed-rt.baronsoffers[1].com%2Foffer%2Fclick%2Fq%2FaT0yMDM1LHM9NzI4eDkwLHg9MQ%3D%3D%3Fsubid%3Ddefault%26r%3D;ord=1324935741
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0D081K5M\2F%252Fmeviodisplayads.com%252Ffw-nonplayer-banner[3].php%253Fw%253D728%2526h%253D90%2526fwcsid%253Dhome%2526is_ex%253Dno%2526btype%253D1%2526zone%253Dshows
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\55FAU4DV\=w;btg=cm.smallbusiness_l;btg=cm.educat_m;btg=cm.ent_l;btg=cm.tech_l;btg=bk.na;btg=lt.74;btg=lt.1z;btg=lt.1h;btg=lt.1y;btg=an.93;btg=an[1].51;ord=1325024884
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\55FAU4DV\crossdomain[7].xml
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LDV1XOKX\0a771df6b7c9d45ad777ee521e7a0a9ebba44cf8[1].jpg
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U9L3QGP9\fcd81122-784b-4bec-98c5-0c9fbb28dfb8[1].swf
Hidden: file C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll
Hidden: file C:\System Volume Information\_restore{765B3D1D-9F4D-4CF8-9FA9-8D8A5105F6AC}\RP812\A0132021.dll
Hidden: file C:\Program Files\Adobe\Acrobat 9.0\Acrobat\plug_ins\Preflight\PreflightLib.dll
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C60K12B8\llegehumor[1].com;sec=article_content;article_id=5845038;tag=christmas;tag=children;tag=holidays;tag=ignorance;sz=4x4;tile=1;sec=article_content;ord=3391660
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0262BQY5\gehumor[1].com;sec=article_content;article_id=5845038;tag=christmas;tag=children;tag=holidays;tag=ignorance;sz=300x80;tile=4;sec=article_content;ord=3391660
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NCH23BRQ\gehumor[1].com;sec=article_content;article_id=5845038;tag=christmas;tag=children;tag=holidays;tag=ignorance;sz=728x91;tile=5;sec=article_content;ord=3391660
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GLQTKBLO\education;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=16;sz=468x62,300x251;;source=site;t=;tile=2;ord=9339370556758734[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DA29CVZ\education;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=16;sz=468x62,300x251;;source=site;t=;tile=2;ord=5921193617967885[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\55FAU4DV\%253DADK_77641_n24903%2526utm_medium%253Dcpc%2526utm_campaign%253DSpry_test%2526utm_term%253D698EDD0C%25252D459D%25252D4972%25252DA889%25252D3611FB6CF358[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W6Q341YW\bsg%3D124346%3Bbsg%3D127636%3Bbsg%3D1174483%3Bbsg%3D1177003%3Bbsg%3D1170643%3Bbsg%3D1180723%3Bbsg%3D1172443%3B%3B~aopt%3D2%2F0%2F9d37%2F0%3B~sscs%3D%3F[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0262BQY5\education;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=16;sz=468x62,300x251;;source=site;t=;tile=2;ord=5278889428414809[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\32ZHY387\bsg%3D124346%3Bbsg%3D127636%3Bbsg%3D1174483%3Bbsg%3D1177003%3Bbsg%3D1170643%3Bbsg%3D1180723%3Bbsg%3D1172443%3B%3B~aopt%3D2%2F0%2F9d37%2F0%3B~sscs%3D%3F[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PRKPYY4S\bsg%3D124346%3Bbsg%3D127636%3Bbsg%3D1174483%3Bbsg%3D1177003%3Bbsg%3D1170643%3Bbsg%3D1180723%3Bbsg%3D1172443%3B%3B~aopt%3D2%2F0%2F9d37%2F0%3B~sscs%3D%3F[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\55FAU4DV\our-hands-fountain-of-youth;pid=articles_find-your-hands-fountain-of-youth;kw=;test=%7Bget_test%7D;pga=ad;dcopt=ist;tile=2;sz=728x90;ord=6110648521219804[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\55FAU4DV\q8r_K0ybZmzKBy5cjG1Cl8xij1a0V4BZUixqs6wvY6g7uSo2F5TvsvTwL983x_c31oEhm6Ooh3yjLYMZarSfxnfweRIdvfNwNlu_HBAjr_zTmVLuejGqyY9uAEppjlUF1IeuO5d93qEns2itF80U=[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PRKPYY4S\s;s1=articles;s2=;pid=articles_find-your-hands-fountain-of-youth;kw=;test=%7Bget_test%7D;pga=ad;pos=left;dcopt=ist;tile=4;sz=160x600;ord=6110648521219804[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H0Z39321\hfE9GREpoTU0zbTd8MTMyNDk3MDUzMTgxN3wxfDBGSmMyaDk0YnJ8MFI5UGlWd211MXw3MGE3MmVlNC1mZDczLTRmOTktYjAwMy00N2NmY2FmMTUxODh8NjI5MDQ4fDE3MDAwMHwyMC4wfDB8LjBQ[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U9L3QGP9\923277=good;at_248923276=good;at_249032483=good;at_249147860=good;at_247111730=good;at_247131450=good;at_247599625=good;at_247531327=good;at_24;~cs=a[1].gif
Hidden: file C:\System Volume Information\_restore{765B3D1D-9F4D-4CF8-9FA9-8D8A5105F6AC}\RP775\A0128310.rbf
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3BEOODA\education;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=16;sz=468x62,300x251;;source=site;t=;tile=2;ord=6705512451203985[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H0Z39321\education;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=16;sz=468x62,300x251;;source=site;t=;tile=2;ord=2049632450890238[1]
Hidden: file C:\Program Files\Adobe\Adobe Flash CS3 Video Encoder\AdobeLM_libFNP.dll
Hidden: file C:\Program Files\Adobe\Adobe Flash CS3\AdobePSL.dll
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS3\Plug-ins\Illustrator Formats\Save For Web.aip
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\AdobePSL.dll
Hidden: file C:\Program Files\Adobe\Adobe InDesign CS3\AdobePSL.dll
Hidden: file C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\File Formats\Dicom.8bi
Hidden: file C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Import-Export\Save for Web.8be
Hidden: file C:\Documents and Settings\NetworkService\Cookies\DHA0HBEN.txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X48PV3QH\=1;pos=lb;ugc=false;url=http%3A%2F%2Fuiadserver.com%2Fte%2Fsa[1].php%3Fid-5c9b90f6cfb3c09c0dc90ae839f8d039%26vid-43790995%26subid-44665;ord=8548067457740901
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U9L3QGP9\m1[1].gif
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U9L3QGP9\proxy[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\32ZHY387\glamadapt_psrv[1].act
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y9JVSDX5\1[1]
Hidden: file C:\Program Files\Adobe\Adobe Fireworks CS3\AdobePSL.dll
Hidden: file C:\Documents and Settings\rfindlay\Local Settings\Application Data\Adobe\Updater5\Install\indesign5-en_US-RELEASE\ID_504.exe
Hidden: file C:\Documents and Settings\rfindlay\My Documents\Downloads\Install Files\comiclife-win.exe
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y9JVSDX5\l;u=,iblocal-10201602028_1325030885,124a5744c4828e6,ent,an.84;;sz=300x250;net=iblocal;env=ifr;ord1=944558;cmw=owl;contx=ent;dc=w;btg=an[1].84;ord=2a9d332e15
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HGF7MCG8\l;u=,iblocal-10215649080_1325030914,124a5744c4828e6,ent,an.84;;sz=300x250;net=iblocal;env=ifr;ord1=443283;cmw=owl;contx=ent;dc=w;btg=an[1].84;ord=37aa415549
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\55FAU4DV\l;u=,iblocal-10323117121_1325030913,124a5744c4828e6,ent,an.84;;sz=300x250;net=iblocal;env=ifr;ord1=872953;cmw=owl;contx=ent;dc=w;btg=an[1].84;ord=75ba88967b
Hidden: file C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\AudioMixer.x32
Hidden: file C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\F4VAsset.x32
Hidden: file C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\FLVAsset.x32
Hidden: file C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\MP4Asset.x32
Hidden: file C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
Hidden: file C:\WINDOWS\$NtUninstallKB61402$\3393791379\keywords
Hidden: file C:\Program Files\Serif\MoviePlus\X3\Tutorials\US1033\MoviePlus X3 Program CD.exe
Hidden: file C:\Documents and Settings\rfindlay\My Documents\Downloads\Install Files\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
Hidden: file C:\System Volume Information\_restore{765B3D1D-9F4D-4CF8-9FA9-8D8A5105F6AC}\RP818\A0132379.dll
Hidden: file C:\Documents and Settings\rfindlay\My Documents\My Pictures\Lord Lifesaver - need this - q\MOV to WMV\unins000.exe
Hidden: file C:\Documents and Settings\rfindlay\My Documents\My Pictures\Lord Lifesaver - need this - q\MOV to WMV\movtowmv.exe
Hidden: file C:\Documents and Settings\rfindlay\My Documents\My Pictures\Lord Lifesaver - need this - q\MOV to WMV\movtowmv.dll
Stopped logging on 12/27/2011 at 18:41:54 PM

Back to HELP! Think you are Infected?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Run As pop-up window won't go away

#1 smurf_inferno

#2 smurf_inferno

#3 LoPhatPhuud

#4 smurf_inferno

#5 LoPhatPhuud

#6 smurf_inferno

#7 smurf_inferno

#8 LoPhatPhuud

#9 smurf_inferno

#10 smurf_inferno

#11 smurf_inferno

#12 LoPhatPhuud

#13 LoPhatPhuud

#14 smurf_inferno

#15 smurf_inferno

0 user(s) are reading this topic

Sign In