OTL logfile created on: 6/2/2010 1:48:47 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
767.00 Mb Total Physical Memory | 516.00 Mb Available Physical Memory | 67.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.91 Gb Total Space | 121.28 Gb Free Space | 65.94% Space Free | Partition Type: NTFS
Drive D: | 649.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.82% Space Free | Partition Type: FAT32
Computer Name: VAIO
Current User Name: Mike
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/06/02 04:36:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ========== MOD - [2010/06/02 04:36:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2008/04/14 08:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (lvprcsrv)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2006/09/28 17:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/07/10 09:28:14 | 001,826,816 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/07/09 13:27:20 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/07/09 13:26:54 | 000,118,877 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/07/09 13:19:04 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/07/09 13:17:54 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/06/23 03:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/23 03:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 19:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 19:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 19:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/03/12 15:18:06 | 000,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 15:17:46 | 001,221,864 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 15:17:10 | 000,029,928 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 14:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 16:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 16:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 16:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/10/31 04:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)
========== Driver Services (SafeList) ========== DRV - [2010/05/28 16:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100528.002\navex15.sys -- (NAVEX15)
DRV - [2010/05/28 16:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100528.002\naveng.sys -- (NAVENG)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 20:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/02/18 01:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/12/23 02:46:40 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/17 14:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 14:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 13:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/17 13:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/14 02:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 02:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 02:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2007/02/16 08:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/12/06 11:30:19 | 000,916,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/09/02 17:49:46 | 000,028,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2005/03/14 13:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/02/03 14:45:58 | 000,091,776 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2005/02/03 14:44:54 | 000,005,760 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2005/02/03 14:44:38 | 000,010,496 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2004/11/23 18:13:32 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004/07/30 09:55:48 | 000,091,830 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2004/07/15 11:42:00 | 002,459,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/03 07:47:58 | 000,768,512 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/03/12 22:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004/03/12 22:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2004/03/11 14:58:10 | 000,263,616 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/03/11 14:58:08 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/05/24 02:44:00 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/03/06 14:23:00 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slz1unic.sys -- (slz1unic) SL Series (WDM)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/04/09 17:44:22 | 000,039,552 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (ser2pl)
DRV - [2001/08/17 12:49:42 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001/04/13 15:55:04 | 000,021,510 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)
DRV - [2001/04/09 18:34:24 | 000,008,615 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/06 07:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://search.yahoo.com/?fr=avantsearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.htmlIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
[2010/06/01 08:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 08:29:03 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
O1 HOSTS File: ([2010/06/01 22:40:14 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [asam] C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe (eSXi)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [xkovnvub] C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu\bygtlmptssd.exe (Unhmy)
O4 - HKCU..\Run: [asam] C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe (eSXi)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Mike\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [xkovnvub] C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu\bygtlmptssd.exe (Unhmy)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-3ER1V.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\Mikey\Application Data\SystemProc\lsass.exe (Mevwgu)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232845184234 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://upload.smugmug.com/photos/activex/ImageUploader4-082807.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} http://cdn.smugmug.com/photos/activex/ImageUploader5-5.0.30.0-080212.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/17 01:46:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c25fab1a-4152-11dd-8fa4-0011675ee79c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c25fab1a-4152-11dd-8fa4-0011675ee79c}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{c25fab1a-4152-11dd-8fa4-0011675ee79c}\Shell\phone\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/06/02 01:48:27 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/06/01 20:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/06/01 01:46:16 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe
[2010/06/01 01:45:06 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\syssvc.exe
[2010/06/01 01:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\yeltmfifu
[2010/05/30 23:32:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\Application Data\SystemProc
[2010/05/30 23:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/28 00:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Fire Pics
[2010/05/26 23:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\May_26_2010
[2010/05/20 01:40:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/20 01:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/20 01:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Apple
[2010/05/20 01:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/20 01:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/17 02:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Nikon
[2010/05/17 02:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/05/17 02:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/05/16 06:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/05/16 06:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2010/05/16 06:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/05/16 06:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/12/23 02:58:31 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2008/12/23 02:58:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[2007/07/29 04:10:07 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2007/07/29 04:10:07 | 000,008,615 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Mike\Desktop\*.tmp files -> C:\Documents and Settings\Mike\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/06/02 04:36:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/06/02 01:42:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/02 01:41:10 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/02 01:38:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/02 01:29:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2010/06/02 01:29:56 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/06/02 01:29:42 | 000,711,168 | ---- | M] () -- C:\WINDOWS\is-3ER1V.exe
[2010/06/02 01:29:42 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-3ER1V.msg
[2010/06/02 01:29:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/02 01:29:42 | 000,000,309 | ---- | M] () -- C:\WINDOWS\is-3ER1V.lst
[2010/06/02 01:25:24 | 021,827,584 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\PledgeKeeper 1.14.8.mdb
[2010/06/01 23:17:50 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/01 23:16:19 | 000,001,127 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/01 22:40:21 | 000,002,244 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/01 11:23:33 | 000,002,565 | ---- | M] () -- C:\confin.sys
[2010/06/01 01:45:09 | 000,099,584 | ---- | M] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\syssvc.exe
[2010/06/01 01:45:09 | 000,099,584 | ---- | M] (eSXi) -- C:\Documents and Settings\Mike\Local Settings\Application Data\asam.exe
[2010/05/27 11:01:39 | 041,725,952 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Nightroom PledgeKeeper.mdb
[2010/05/27 04:25:26 | 001,963,873 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\yaya 004.jpg
[2010/05/26 01:19:05 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FIRE_Thank you 2010.doc
[2010/05/25 01:03:34 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Generic ads_1.doc
[2010/05/25 00:14:30 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\AG's complaint about Foundation.doc
[2010/05/24 01:15:29 | 018,632,704 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Fred.mdb
[2010/05/21 01:31:48 | 018,632,704 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FIRE Reports.mdb
[2010/05/20 01:05:09 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/20 01:05:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/05/19 02:34:21 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\thank you letter FIRE 2010.doc
[2010/05/18 01:18:30 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/18 01:17:50 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/18 01:12:21 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/05/18 01:09:19 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.DLL
[2010/05/17 23:48:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\ad for sheriff's foundation may 2010.doc
[2010/05/17 23:16:10 | 000,467,835 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\invo six pts fire tech 5 10.pdf
[2010/05/17 23:14:51 | 000,356,970 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\LENNAR.pdf
[2010/05/17 03:41:14 | 002,688,224 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/05/17 01:00:16 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\insurance for show.doc
[2010/05/16 06:26:14 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2010/05/16 06:26:14 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Mike\Application Data\Strings
[2010/05/16 06:26:14 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2010/05/11 19:52:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/04 02:07:31 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\FOOSTER FREEZE.doc
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Mike\Desktop\*.tmp files -> C:\Documents and Settings\Mike\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/02 01:29:42 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-3ER1V.exe
[2010/06/02 01:29:42 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-3ER1V.msg
[2010/06/02 01:29:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/02 01:29:42 | 000,000,309 | ---- | C] () -- C:\WINDOWS\is-3ER1V.lst
[2010/06/01 21:31:17 | 000,002,244 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/05/30 23:34:18 | 000,002,565 | ---- | C] () -- C:\confin.sys
[2010/05/27 04:24:22 | 001,963,873 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\yaya 004.jpg
[2010/05/26 01:16:57 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FIRE_Thank you 2010.doc
[2010/05/25 01:03:34 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Generic ads_1.doc
[2010/05/25 00:14:30 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\AG's complaint about Foundation.doc
[2010/05/20 01:05:09 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/05/20 01:05:09 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/19 02:34:20 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\thank you letter FIRE 2010.doc
[2010/05/17 23:48:41 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\ad for sheriff's foundation may 2010.doc
[2010/05/17 23:16:10 | 000,467,835 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\invo six pts fire tech 5 10.pdf
[2010/05/17 23:14:27 | 000,356,970 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\LENNAR.pdf
[2010/05/17 02:32:53 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/05/17 01:00:16 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\insurance for show.doc
[2010/05/16 06:26:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2010/05/16 06:26:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Mike\Application Data\Strings
[2010/05/16 06:26:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/16 06:26:14 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2010/05/16 03:59:45 | 000,777,728 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FACA Brochure.pub
[2010/05/04 02:07:30 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\FOOSTER FREEZE.doc
[2010/05/01 07:14:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010/04/28 02:08:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2010/03/11 05:38:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/03/11 05:38:24 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/03/10 11:53:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/11/23 11:28:06 | 000,000,498 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2009/11/23 11:04:26 | 000,000,099 | ---- | C] () -- C:\WINDOWS\PolkaDot.ini
[2009/11/23 09:09:56 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2009/11/23 09:09:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2009/11/14 08:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2009/11/14 08:16:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2009/11/14 08:16:16 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2009/11/14 08:16:14 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/12/23 02:46:40 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd8781.sys
[2008/12/18 07:07:13 | 000,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/29 02:44:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/05/03 09:43:33 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/12/13 05:59:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ZDrive.INI
[2007/12/06 04:13:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
[2007/11/05 22:42:21 | 000,000,316 | ---- | C] () -- C:\WINDOWS\bcards.INI
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/06 01:28:14 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BW.ini
[2007/01/06 10:57:19 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/29 10:17:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/11/10 06:05:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
[2006/08/30 15:37:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/05/07 01:02:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/04/10 03:50:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/05/31 06:20:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/04/25 12:05:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI5_SETUP.ini
[2005/04/25 12:04:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2005/04/25 10:52:15 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2005/04/25 08:51:55 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005/02/19 03:16:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/19 03:09:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/02/19 03:07:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/19 03:07:13 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/19 03:07:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/19 03:07:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/19 03:07:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/19 03:07:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/14 19:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/14 19:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/09/16 04:58:02 | 000,000,217 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/08/17 02:55:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/17 02:05:52 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/17 01:33:01 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/17 01:32:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2004/08/17 01:32:58 | 000,000,724 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/04 06:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/06/25 05:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/15 19:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/01/08 07:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/23 11:13:58 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/11/28 09:42:56 | 000,000,039 | ---- | C] () -- C:\WINDOWS\pperfect7.ini
[2001/10/25 07:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1999/12/03 10:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1999/01/28 04:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:40482594E8AE31C5
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945
< End of report >