Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHost.exe problems, high ping on internet, possibly Vundo infection [Log included]


  • Please log in to reply
24 replies to this topic

#1 J.L. Jeremiah

J.L. Jeremiah

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 12 June 2009 - 08:30 AM

Hey there, guys.

I appreciate any help you can offer, I've been having trouble with my PC as of late, and from the looks of multiple virus scanners, SVChost.exe is infected, in some manner, and running in multiple instances.

I'll post my log up, I won't be back until later today, however.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:31 AM, on 6/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB872FF5-7D9A-42EA-958A-8F64A341566A}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEC1B3DC-694B-45BE-A1C9-212D18913A1D}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yufizifa.dll c:\windows\system32\ c:\windows\system32\busogeto.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast!antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9e545aab730ea) (gupdate1c9e545aab730ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 11579 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:23 PM

Posted 12 June 2009 - 10:42 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 J.L. Jeremiah

J.L. Jeremiah
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 12 June 2009 - 10:22 PM

OTL logfile created on: 6/12/2009 8:01:11 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.43% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.99 Gb Total Space | 172.21 Gb Free Space | 63.55% Space Free | Partition Type: NTFS
Drive D: | 8.45 Gb Total Space | 0.46 Gb Free Space | 5.43% Space Free | Partition Type: FAT32
Drive E: | 348.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEFAULT
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/25 14:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/02/25 14:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005/08/03 00:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2009/06/01 18:32:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/10/11 16:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 21:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/06/04 11:52:43 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/06/01 18:32:47 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/01 18:32:47 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/05/13 13:40:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/12/19 02:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/20 07:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2005/08/05 21:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/30 11:14:00 | 00,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2009/05/09 14:09:24 | 00,606,720 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2005/08/05 21:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/03 00:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2005/08/05 21:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/05/12 07:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
PRC - [2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2006/01/13 17:13:02 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2001/07/03 09:11:52 | 00,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/07/03 09:17:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2009/06/01 18:32:45 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/10 06:10:39 | 01,934,336 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe
PRC - [2007/12/22 16:03:28 | 00,916,240 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\eraser.exe
PRC - [2009/04/23 06:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/05/12 07:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/07 16:49:12 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2009/04/23 06:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/23 06:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/03/18 18:50:30 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2004/09/07 13:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [1998/05/07 09:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2005/08/27 02:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2009/04/27 23:06:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/04 12:02:23 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2004/08/09 21:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2009/06/12 20:00:48 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/08/03 00:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/25 14:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/02/25 16:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - File not found -- -- (avast!antivirus [Auto | Stopped])
SRV - [2009/06/01 18:32:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])
SRV - File not found -- -- (ccSetMgr [Auto | Stopped])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/10/11 16:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 21:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/05/01 10:04:25 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/06/04 11:52:43 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e545aab730ea [Auto | Stopped])
SRV - [2009/06/04 11:42:22 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/09 21:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 11:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/05/13 13:40:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice [Auto | Running])
SRV - [2005/12/19 02:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005/08/05 21:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 07:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 03:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - File not found -- -- (NSCService [On_Demand | Stopped])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 20:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
SRV - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
SRV - [2005/08/04 02:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 00:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2005/10/20 16:01:56 | 01,095,009 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/08/29 15:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 13:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2009/02/25 15:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/02/03 19:31:17 | 00,170,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinavt2.sys -- (ATIAVAIW [On_Demand | Running])
DRV - [2004/08/04 00:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2009/06/01 18:33:00 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (avgldx86 [System | Running])
DRV - [2009/06/01 18:32:59 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (avgmfx86 [System | Running])
DRV - [2009/06/01 18:33:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (avgtdix [System | Running])
DRV - [2003/11/05 07:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run [Boot | Running])
DRV - [2005/06/29 17:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2 [Boot | Running])
DRV - [2009/05/07 16:49:13 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2005/07/28 18:07:58 | 00,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2005/06/17 06:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2001/07/05 15:12:04 | 00,015,188 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud [On_Demand | Stopped])
DRV - [2001/07/05 15:12:10 | 00,014,628 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IDMC1Blk.sys -- (IDMC1Blk [On_Demand | Stopped])
DRV - [2001/07/05 15:12:26 | 00,416,564 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\idmc1vme.sys -- (IDMC1Vxp [On_Demand | Stopped])
DRV - [2008/03/03 17:43:42 | 00,193,032 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\mafw.sys -- (MAFW [On_Demand | Stopped])
DRV - [2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2009/05/01 12:16:25 | 00,182,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/09 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 10:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/09/30 11:11:42 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 14:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/05/07 15:35:44 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/09/16 23:20:06 | 00,108,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/10/06 11:53:24 | 00,015,656 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Stopped])
DRV - [2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2008/07/11 11:16:50 | 00,013,352 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV - [2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\S-1-5-21-3649049345-1135565679-4041754438-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\S-1-5-21-3649049345-1135565679-4041754438-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/01 18:32:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/20 19:26:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 19:26:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2006/02/22 15:01:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/04/19 09:29:12 | 00,000,000 | ---D | M]

[2009/06/08 13:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2009/06/08 13:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/08 13:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\hbext0h1.default\extensions
[2009/06/11 16:14:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 23:06:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/13 13:40:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/27 23:06:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 23:06:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 11:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 11:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 11:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 11:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 11:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 11:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (51 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" (SoftThinks)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent ()
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (The Eraser Project)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (Valve Corporation)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {cafeefac-0016-0000-0013-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BB872FF5-7D9A-42EA-958A-8F64A341566A}\\NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{FEC1B3DC-694B-45BE-A1C9-212D18913A1D}\\NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\yufizifa.dll) - C:\WINDOWS\system32\yufizifa.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - c:\windows\system32 [2009/06/12 06:11:00 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (c:\windows\system32\busogeto.dll) - c:\windows\system32\busogeto.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/22 15:15:54 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8459b5a9-1e2a-11de-b6a0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8459b5a9-1e2a-11de-b6a0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/11 20:58:31 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/12 20:00:46 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/12 06:17:42 | 01,266,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB927891.exe
[2009/06/12 06:17:34 | 00,003,038 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fix_svchost.bat
[2009/06/12 06:17:26 | 06,216,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\windowsupdateagent30-x86.exe
[2009/06/11 10:43:03 | 00,042,443 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\necrons-740174.jpg
[2009/06/10 17:20:55 | 55,873,7381 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\RC1218.exe
[2009/06/09 18:11:58 | 00,004,670 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_akers_PSR7.rtf
[2009/06/09 17:33:35 | 00,004,620 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PSR8.rtf
[2009/06/09 17:33:27 | 00,022,811 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR8.odt
[2009/06/09 16:27:35 | 00,025,300 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR7.odt
[2009/06/09 15:26:52 | 00,014,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Akers_J_OHL.odt
[2009/06/09 15:24:51 | 00,013,346 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OralHistoryProject.rtf
[2009/06/09 13:14:08 | 00,131,972 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Rosieeee.jpg
[2009/06/09 06:50:12 | 00,049,473 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Civilization.IV.Beyond.The.Sword-RELOADED.3745388.TPB.torrent
[2009/06/08 13:26:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
[2009/06/08 12:37:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
[2009/06/08 12:33:19 | 00,006,383 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\LimeWire_Pro_5.1.2_MultiLingual_Retail_Final_(mAnaV).4764815.TPB.torrent
[2009/06/08 12:32:58 | 00,002,529 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tube Increaser.lnk
[2009/06/08 12:32:58 | 00,000,000 | ---D | C] -- C:\Program Files\Turbo Tube
[2009/06/08 12:28:05 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tube_Increaser_2.1.4726741.TPB.torrent
[2009/06/08 12:18:00 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\I-Faker_Desktop_Pro__Fake_Hits_Generator__Cracked_By_Gino.3832082.TPB.torrent
[2009/06/08 11:57:21 | 01,122,063 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\One-million-clicks.exe
[2009/06/08 11:53:40 | 00,000,835 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\One_Million_Clicks_1.0_Beta.4145368.TPB.torrent
[2009/06/07 18:47:45 | 00,122,994 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsongfinal.jpg
[2009/06/07 18:44:45 | 00,128,703 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong57.jpg
[2009/06/07 18:41:42 | 00,145,431 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong6.jpg
[2009/06/07 18:38:21 | 00,127,841 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong5.jpg
[2009/06/07 18:35:08 | 00,129,754 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong4.jpg
[2009/06/07 14:30:22 | 00,104,269 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsongthree.jpg
[2009/06/07 14:26:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\New Folder (3)
[2009/06/07 14:19:29 | 00,500,977 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\portrait_of_george_washington.jpg
[2009/06/06 22:23:20 | 00,068,694 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelWTF.jpg
[2009/06/06 16:20:08 | 00,012,390 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Picture 007.jpg
[2009/06/06 16:18:42 | 00,012,987 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Picture 006.jpg
[2009/06/06 11:21:07 | 00,106,402 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Laefsnogone.jpg
[2009/06/06 11:17:31 | 00,088,021 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Laefsnogandduck.jpg
[2009/06/06 00:59:01 | 00,100,508 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\watch(2).htm
[2009/06/05 06:14:02 | 00,098,998 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\gtotem_bobcat.jpg
[2009/06/05 06:13:28 | 00,095,822 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\baby bobcat.jpg
[2009/06/05 05:42:28 | 00,176,128 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Waterhouse Sp 09.doc
[2009/06/04 18:25:14 | 00,000,829 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Document.rtf
[2009/06/04 16:36:34 | 00,024,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\_NPCScan-3.1.0.1.zip
[2009/06/04 12:24:24 | 00,186,880 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Manastash Sp09.doc
[2009/06/04 11:56:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Google
[2009/06/04 11:53:27 | 00,001,847 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/06/04 11:52:58 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09(3).doc
[2009/06/04 11:52:53 | 00,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/04 11:52:41 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09(2).doc
[2009/06/04 11:51:18 | 01,038,968 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GoogleUpdater.exe
[2009/06/04 11:43:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/06/04 11:42:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/06/04 11:42:25 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/04 11:42:11 | 01,086,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Updater.exe
[2009/06/04 11:07:05 | 00,115,200 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Prairie Creek Sp09.doc
[2009/06/04 00:02:31 | 81,603,687 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Olivia_OLovely_AP_4GIFs.com.wmv
[2009/06/03 20:00:41 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Fraps_2.9.4_Registered_-_TheOneX.4050438.TPB.torrent.lnk
[2009/06/03 18:40:45 | 00,055,406 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dawnofwarunsga_v10.zip
[2009/06/03 07:11:35 | 00,088,130 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\245sp09.rtf
[2009/06/02 18:00:56 | 00,031,361 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_Scripture.JPG
[2009/06/02 17:54:41 | 00,030,386 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\march(2).htm
[2009/06/02 17:50:21 | 00,030,378 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\march.htm
[2009/06/02 13:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\OldTit
[2009/06/02 13:36:00 | 02,592,714 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\90.zip
[2009/06/02 13:04:53 | 05,168,812 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoW-2.4.0.8089-to-2.4.1.8125-enUS-patch.zip
[2009/06/01 21:53:15 | 00,045,741 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_09.JPG
[2009/06/01 21:46:32 | 00,040,154 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\March.JPG
[2009/06/01 21:43:26 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/01 19:08:18 | 00,209,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Usun_Gore.JPG
[2009/06/01 18:33:06 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/01 18:33:06 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/01 18:33:06 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/01 18:33:00 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/01 18:32:59 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/01 18:32:55 | 37,078,780 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/01 18:32:55 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/01 18:32:55 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/01 18:32:55 | 00,075,358 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/01 18:32:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/01 18:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/01 18:32:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/01 18:20:17 | 65,103,168 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\HP_Administrator\Desktop\avg_free_stf_en_85_339a1525.exe
[2009/06/01 18:16:46 | 00,000,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fix.zip
[2009/06/01 16:30:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\WMVE
[2009/06/01 16:30:11 | 03,728,716 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoWModelViewer_0.6.0.3_Win32_Release(2).zip
[2009/06/01 13:58:32 | 00,245,533 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\MGLega.jpg
[2009/06/01 13:50:06 | 00,173,339 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Night-Elves-and-Mount.jpg
[2009/06/01 13:39:26 | 00,132,321 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\germanica_family.zip
[2009/06/01 13:38:59 | 01,398,948 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoW.psd
[2009/06/01 13:20:56 | 00,183,894 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\gpw-200702-65-UnitedStatesNavy-041027-N-9500T-001-Moon-reflects-sunrise-sunset-colors-total-lunar-eclipse-20041027-medium.jpg
[2009/06/01 12:58:57 | 21,744,502 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fansite_kit.zip
[2009/06/01 12:49:57 | 46,274,979 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WorldofWarcraft_Fansite_Kit_en-US.zip
[2009/06/01 12:37:10 | 00,024,987 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\y171495236141928.jpg
[2009/06/01 10:56:55 | 00,241,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Elune.JPG
[2009/06/01 10:52:50 | 00,262,848 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_Marches.JPG
[2009/05/31 23:38:11 | 00,010,996 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bookmarks 2009-05-31.json
[2009/05/31 22:23:48 | 00,008,506 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR_Ch5_Jeremiah_Akers.rtf
[2009/05/31 12:46:34 | 00,230,731 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Marcayus_Killing.JPG
[2009/05/31 11:52:04 | 00,566,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowmapview-0.6.zip
[2009/05/31 10:57:57 | 00,124,227 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evilbanner.jpg
[2009/05/31 10:54:15 | 00,208,612 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Moonfire.JPG
[2009/05/31 09:21:24 | 03,671,882 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_13.tga
[2009/05/31 08:48:46 | 01,729,898 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Sinvarel_01.mp3
[2009/05/31 08:04:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Wooshes
[2009/05/31 06:49:28 | 00,028,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\international-flags.jpg
[2009/05/31 05:11:45 | 00,305,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AonFIRE.aep
[2009/05/30 12:16:44 | 00,029,149 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\abe.gif
[2009/05/30 11:14:35 | 00,036,868 | ---- | C] () -- C:\Program Files\uninst-Lux.exe
[2009/05/30 06:29:38 | 00,048,278 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OHL.rtf
[2009/05/30 06:14:24 | 00,014,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OHL.odt
[2009/05/30 05:59:29 | 46,929,762 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grimoire of Footsteps.zip
[2009/05/30 05:59:14 | 11,301,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CaruusWoWReplacementSoundPackage.zip
[2009/05/30 05:58:00 | 18,284,971 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sound Wizardry Grimoire of Whooshes.zip
[2009/05/30 05:44:55 | 00,566,182 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowmapview-0.6.1-wip(2).zip
[2009/05/30 05:20:29 | 00,073,466 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\crow2.wav
[2009/05/29 22:40:59 | 00,000,000 | ---D | C] -- C:\Logs
[2009/05/29 22:08:02 | 00,114,877 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\index(2).htm
[2009/05/29 22:08:00 | 00,114,867 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\index.htm
[2009/05/29 14:09:11 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\flare.zip
[2009/05/29 14:06:24 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\combine.zip
[2009/05/29 13:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft (BC)
[2009/05/29 07:57:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\WoWInstall
[2009/05/28 15:20:20 | 00,023,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2899d1220307072-super-easy-wire-download-wire_svn.zip
[2009/05/27 21:08:38 | 00,001,611 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Team Fortress 2 Dedicated Server.lnk
[2009/05/27 16:49:30 | 04,258,314 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_12.tga
[2009/05/27 16:08:58 | 03,405,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_11.tga
[2009/05/27 14:09:31 | 00,736,342 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Billy Mays - Breakin' Your Back.mp3
[2009/05/27 13:31:13 | 00,038,902 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\typical-desktop.jpg
[2009/05/27 13:26:02 | 00,108,644 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Tero_China.JPG
[2009/05/27 13:23:39 | 00,244,694 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Amish corner computer desk 82.jpg
[2009/05/27 13:04:04 | 00,040,122 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\china.jpg
[2009/05/27 12:33:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Movie Projects
[2009/05/27 11:28:00 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2009/05/27 11:11:08 | 00,036,868 | ---- | C] () -- C:\Program Files\uninst-Particular.exe
[2009/05/27 11:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trapcode
[2009/05/27 11:11:08 | 00,000,000 | ---D | C] -- C:\Presets
[2009/05/27 10:49:13 | 00,006,468 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TRAPCODE_PLUG-INS_FOR_AFTER_EFFECTS.4453653.TPB.torrent
[2009/05/27 09:58:17 | 00,018,437 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts for mindblader (hotmail).ctt
[2009/05/27 06:31:10 | 00,000,499 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fraps.lnk
[2009/05/27 06:26:34 | 00,050,573 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\npc_control_v2.zip
[2009/05/26 23:21:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/26 23:21:32 | 00,000,000 | ---D | C] -- C:\Fraps
[2009/05/26 23:19:58 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fraps_2.9.4_Registered_-_TheOneX.4050438.TPB.torrent
[2009/05/26 22:40:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Adobe
[2009/05/26 12:26:20 | 01,573,447 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\obse_0016.zip
[2009/05/26 12:25:44 | 05,340,989 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Oblivion_v1.2.0416English.exe
[2009/05/26 12:15:16 | 02,925,272 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\deadlyreflex.zip
[2009/05/24 18:56:21 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sit Spot Sp09(2).doc
[2009/05/24 18:49:15 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09.doc
[2009/05/24 10:27:00 | 02,363,812 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trial Account Creator Lite 1.1.zip
[2009/05/23 18:46:59 | 00,000,866 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowniverse.com Secure WebDisk.lnk
[2009/05/23 18:46:36 | 00,005,331 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowniverse.com Secure WebDisk.vbs
[2009/05/23 18:44:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\flash-mp3-player
[2009/05/23 18:41:10 | 00,178,895 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\flash-mp3-player.10.0.5.zip
[2009/05/23 18:39:12 | 00,007,107 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wp-google-analytics.1.2.3.zip
[2009/05/23 16:33:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\New Folder (2)
[2009/05/23 16:03:14 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/05/23 16:02:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org
[2009/05/23 16:02:06 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/05/23 16:01:28 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/05/23 16:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/05/23 15:57:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/05/23 15:39:36 | 15,525,5392 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/05/23 12:21:47 | 00,013,461 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_akers_Exam_2.rtf
[2009/05/23 11:34:36 | 03,350,534 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL - From Agony, To Ascension, To Zeal (Aphel's Theme).mp3
[2009/05/22 20:10:06 | 00,003,263 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PR5.rtf
[2009/05/22 19:24:15 | 00,011,628 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\viewCourses.htm
[2009/05/21 22:45:16 | 01,622,796 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - Leafsong (Reprise).mp3
[2009/05/21 19:48:35 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shortcut to JL Jeremiah - The War of the Shifting Sands.mp3.lnk
[2009/05/21 17:29:27 | 00,611,334 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Duke_Nuken_WoW.mp3
[2009/05/21 17:21:43 | 00,331,302 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Announcer_bleeped.mp3
[2009/05/21 17:18:29 | 00,266,518 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WHATAREYOUUu.mp3
[2009/05/21 16:12:51 | 00,026,035 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\lifecraft.zip
[2009/05/21 16:07:49 | 01,351,840 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Intro.wav
[2009/05/21 15:41:43 | 04,858,131 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - The War of the Shifting Sands.mp3
[2009/05/21 13:50:30 | 00,240,937 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafieAphelTally.jpg
[2009/05/21 13:30:20 | 02,664,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafieAphelTally.psd
[2009/05/21 12:51:50 | 00,190,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Tally_nocum.jpg
[2009/05/21 12:51:32 | 00,191,337 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Tally_cum.jpg
[2009/05/21 11:56:39 | 00,009,052 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_PSR4.rtf
[2009/05/21 11:55:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/20 16:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/05/20 16:38:13 | 00,000,000 | ---D | C] -- C:\Program Files\P2P_Energy
[2009/05/20 16:35:14 | 06,569,098 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Limewire_Turbo_v5.5.5.0.rar
[2009/05/20 14:15:38 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2009/05/20 14:15:31 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2009/05/20 14:13:46 | 00,321,288 | ---- | C] (Zango, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\eMuleSetup.exe
[2009/05/20 13:07:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2009/05/20 13:06:00 | 00,913,188 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Po-kay-man.png
[2009/05/20 12:50:41 | 05,131,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoWBeef_Radio_01.mp3
[2009/05/20 12:08:12 | 01,199,089 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_01.mp3
[2009/05/20 10:54:51 | 00,004,393 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Ero.rtf
[2009/05/20 06:31:20 | 01,247,804 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ovation_Acoustic_Guitars.sfArk
[2009/05/20 06:31:11 | 02,835,383 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GuitarSetPasisHeavyAndClean.rar
[2009/05/20 06:29:48 | 00,287,502 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\nathans_guitar.zip
[2009/05/20 06:28:49 | 00,857,502 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Acoustic_Guitar_Chords.zip
[2009/05/20 06:26:12 | 01,153,082 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AcGuit_Minor_Chords.SF2
[2009/05/20 06:25:51 | 00,871,383 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AcGuit_Minor_Chords.sfArk
[2009/05/20 06:24:16 | 02,842,870 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\TRB62.SF2
[2009/05/20 06:23:44 | 02,285,022 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trb62.zip
[2009/05/20 06:19:01 | 28,000,690 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\27mg_Symphony_Hall_Bank.SF2
[2009/05/20 06:18:48 | 00,000,000 | ---D | C] -- C:\Program Files\sfArk
[2009/05/20 06:17:44 | 00,521,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sfark_setup.exe
[2009/05/20 06:17:10 | 14,678,081 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\27mg_Symphony_Hall_Bank.sfArk
[2009/05/20 06:13:20 | 15,591,016 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sinfonia36.rar
[2009/05/19 23:01:00 | 01,441,505 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL - This is Lolcrusader.mp3
[2009/05/19 21:03:46 | 00,001,668 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Collab.lnk
[2009/05/19 21:03:45 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2009/05/19 21:03:45 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FL Studio 8.lnk
[2009/05/19 21:03:45 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/05/19 21:03:24 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/05/19 21:02:02 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/05/19 20:32:08 | 10,234,7574 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA(2).zip
[2009/05/19 19:20:15 | 00,000,565 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shortcut to AphelHood.jpg.lnk
[2009/05/19 19:20:05 | 00,108,194 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelHood.jpg
[2009/05/19 15:58:53 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA.zip
[2009/05/19 15:58:52 | 48,495,344 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA.zip.part
[2009/05/19 14:35:05 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/05/19 14:35:00 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/19 14:35:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/19 14:24:06 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\Desktop\spybotsd162.exe
[2009/05/18 15:34:57 | 00,009,052 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PR4.rtf
[2009/05/16 18:38:56 | 00,460,750 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafsongAphelFinal.jpg
[2009/05/16 18:21:47 | 00,298,934 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Wiki.jpg
[2009/05/16 18:19:08 | 00,359,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong_Aphel_Wiki.jpg
[2009/05/16 18:08:56 | 00,018,432 | -HS- | C] () -- C:\Thumbs.db
[2009/05/16 18:08:43 | 00,403,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong_Aphel.jpg
[2009/05/16 18:04:28 | 00,000,000 | ---D | C] -- C:\New Folder
[2009/05/16 18:03:24 | 00,392,865 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelRealRobe.jpg
[2009/05/16 18:03:11 | 00,403,789 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafsongandAphel.jpg
[2009/05/16 17:27:02 | 00,921,654 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Land and Water.bmp
[2009/05/16 15:56:59 | 00,024,545 | ---- | C] () -- C:\url.htm
[2009/05/16 15:46:33 | 08,113,585 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelRealRobe.psd
[2009/05/16 15:19:33 | 00,152,102 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_post_1.jpg
[2009/05/15 22:26:00 | 00,323,921 | ---- | C] () -- C:\Leafsongandaphel.jpg
[2009/05/14 18:50:04 | 00,034,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\File Evilbanner.jpg
[2009/05/14 13:48:54 | 00,076,964 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_intro.png
[2009/05/14 13:47:11 | 00,098,995 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evil_Notodo.png
[2009/05/14 13:46:07 | 00,093,879 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evil_Todo.png
[2009/05/14 13:45:10 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_10.tga
[2009/05/14 12:50:22 | 00,183,610 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Corrupter_Banner.jpg
[2009/05/14 12:43:44 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jad.tga
[2009/05/14 12:37:42 | 00,167,142 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\DominatorBanner.jpg
[2009/05/14 12:34:10 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_8.tga
[2009/05/14 12:33:46 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphelhandup.tga
[2009/05/14 12:30:56 | 00,181,332 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\NightElfEvil.jpg
[2009/05/14 12:24:12 | 03,405,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_5.tga
[2009/05/14 12:20:35 | 01,798,656 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Powwow Sp09.doc
[2009/05/14 12:13:41 | 00,166,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Study Guide Q1 Sp09.doc
[2009/05/14 11:56:21 | 03,405,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_6.tga
[2009/05/14 11:54:35 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelDictator.tga
[2009/05/14 11:31:23 | 03,405,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_4.tga
[2009/05/14 11:25:19 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_3.tga
[2009/05/14 10:26:32 | 00,463,641 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\setup_the_ad_police_v1.0.18.zip
[2009/05/14 10:16:18 | 00,064,931 | ---- | C] () -- C:\2257822111_b7a44baed1.jpg
[2009/05/07 15:35:44 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/07 12:44:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/04/26 11:03:33 | 00,002,929 | -HS- | C] () -- C:\WINDOWS\System32\watusero.dll
[2009/04/23 09:46:10 | 00,002,625 | -HS- | C] () -- C:\WINDOWS\System32\gehufidu.dll
[2009/04/22 11:21:28 | 00,002,625 | -HS- | C] () -- C:\WINDOWS\System32\nahibozo.dll
[2009/04/19 09:28:47 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IDMC1Reg.dll
[2009/04/09 16:31:18 | 00,010,433 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2009/03/31 12:34:41 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2007/06/27 17:13:51 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2006/02/22 15:45:40 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/22 15:23:34 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/02/22 15:19:05 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/02/22 15:18:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/02/22 15:16:23 | 00,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/22 15:13:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/22 15:02:45 | 00,004,560 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/22 15:01:23 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/22 14:45:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/22 14:42:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/02/22 14:39:38 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/22 14:19:34 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/02/22 14:19:34 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/02/22 14:19:15 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 14:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 21:02:00 | 00,000,644 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 13:52:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 22:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 21:00:00 | 00,182,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2004/07/26 07:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 23:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 23:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/04/14 16:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/06/12 20:00:48 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/12 17:40:19 | 37,078,780 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/12 17:40:19 | 00,075,358 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/12 13:38:12 | 00,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/12 13:38:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/12 06:18:06 | 06,216,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\windowsupdateagent30-x86.exe
[2009/06/12 06:18:01 | 01,266,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB927891.exe
[2009/06/12 06:17:36 | 00,003,038 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fix_svchost.bat
[2009/06/12 06:09:50 | 00,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/06/12 06:08:26 | 00,000,245 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/06/12 06:05:44 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/06/12 05:51:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/12 05:51:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 17:42:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/11 10:43:04 | 00,042,443 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\necrons-740174.jpg
[2009/06/10 18:14:19 | 55,873,7381 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\RC1218.exe
[2009/06/09 19:12:57 | 00,421,888 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db
[2009/06/09 18:47:05 | 00,002,787 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dawn of War - Winter Assault.lnk
[2009/06/09 18:12:17 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/09 18:11:58 | 00,004,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_akers_PSR7.rtf
[2009/06/09 18:10:56 | 00,025,300 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR7.odt
[2009/06/09 17:33:41 | 00,004,620 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PSR8.rtf
[2009/06/09 17:33:27 | 00,022,811 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR8.odt
[2009/06/09 15:26:53 | 00,014,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Akers_J_OHL.odt
[2009/06/09 15:24:56 | 00,013,346 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OralHistoryProject.rtf
[2009/06/09 13:14:10 | 00,131,972 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Rosieeee.jpg
[2009/06/09 06:50:12 | 00,049,473 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Civilization.IV.Beyond.The.Sword-RELOADED.3745388.TPB.torrent
[2009/06/09 06:42:52 | 00,002,529 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tube Increaser.lnk
[2009/06/08 12:33:19 | 00,006,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\LimeWire_Pro_5.1.2_MultiLingual_Retail_Final_(mAnaV).4764815.TPB.torrent
[2009/06/08 12:28:06 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tube_Increaser_2.1.4726741.TPB.torrent
[2009/06/08 12:18:00 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\I-Faker_Desktop_Pro__Fake_Hits_Generator__Cracked_By_Gino.3832082.TPB.torrent
[2009/06/08 11:57:30 | 01,122,063 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\One-million-clicks.exe
[2009/06/08 11:53:40 | 00,000,835 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\One_Million_Clicks_1.0_Beta.4145368.TPB.torrent
[2009/06/07 18:47:46 | 00,122,994 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsongfinal.jpg
[2009/06/07 18:44:47 | 00,128,703 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong57.jpg
[2009/06/07 18:41:44 | 00,145,431 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong6.jpg
[2009/06/07 18:38:23 | 00,127,841 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong5.jpg
[2009/06/07 18:35:11 | 00,129,754 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong4.jpg
[2009/06/07 14:30:23 | 00,104,269 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsongthree.jpg
[2009/06/07 14:20:43 | 00,500,977 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\portrait_of_george_washington.jpg
[2009/06/06 22:23:27 | 00,068,694 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelWTF.jpg
[2009/06/06 16:20:08 | 00,012,390 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Picture 007.jpg
[2009/06/06 16:18:42 | 00,012,987 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Picture 006.jpg
[2009/06/06 11:21:08 | 00,106,402 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Laefsnogone.jpg
[2009/06/06 11:17:33 | 00,088,021 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Laefsnogandduck.jpg
[2009/06/06 00:59:04 | 00,100,508 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\watch(2).htm
[2009/06/05 06:14:02 | 00,098,998 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\gtotem_bobcat.jpg
[2009/06/05 06:13:29 | 00,095,822 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\baby bobcat.jpg
[2009/06/05 05:42:29 | 00,176,128 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Waterhouse Sp 09.doc
[2009/06/04 18:29:05 | 00,000,829 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Document.rtf
[2009/06/04 16:36:35 | 00,024,358 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\_NPCScan-3.1.0.1.zip
[2009/06/04 12:24:24 | 00,186,880 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Manastash Sp09.doc
[2009/06/04 11:53:27 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/06/04 11:52:58 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09(3).doc
[2009/06/04 11:52:42 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09(2).doc
[2009/06/04 11:51:24 | 01,038,968 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GoogleUpdater.exe
[2009/06/04 11:42:16 | 01,086,608 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Updater.exe
[2009/06/04 11:07:06 | 00,115,200 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Prairie Creek Sp09.doc
[2009/06/04 00:17:04 | 81,603,687 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Olivia_OLovely_AP_4GIFs.com.wmv
[2009/06/03 20:00:41 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Fraps_2.9.4_Registered_-_TheOneX.4050438.TPB.torrent.lnk
[2009/06/03 18:40:45 | 00,055,406 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dawnofwarunsga_v10.zip
[2009/06/03 07:11:36 | 00,088,130 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\245sp09.rtf
[2009/06/02 18:00:56 | 00,031,361 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_Scripture.JPG
[2009/06/02 17:54:42 | 00,030,386 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\march(2).htm
[2009/06/02 17:50:23 | 00,030,378 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\march.htm
[2009/06/02 13:36:17 | 02,592,714 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\90.zip
[2009/06/02 13:05:21 | 05,168,812 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoW-2.4.0.8089-to-2.4.1.8125-enUS-patch.zip
[2009/06/01 21:53:15 | 00,045,741 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_09.JPG
[2009/06/01 21:46:32 | 00,040,154 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\March.JPG
[2009/06/01 19:08:18 | 00,209,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Usun_Gore.JPG
[2009/06/01 18:33:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/01 18:33:06 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/01 18:33:06 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/01 18:33:00 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/01 18:32:59 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/01 18:32:55 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/01 18:32:55 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/01 18:26:03 | 65,103,168 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\HP_Administrator\Desktop\avg_free_stf_en_85_339a1525.exe
[2009/06/01 18:16:46 | 00,000,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fix.zip
[2009/06/01 17:09:17 | 02,107,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/01 16:30:38 | 03,728,716 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoWModelViewer_0.6.0.3_Win32_Release(2).zip
[2009/06/01 13:58:33 | 00,245,533 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\MGLega.jpg
[2009/06/01 13:39:27 | 00,132,321 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\germanica_family.zip
[2009/06/01 13:39:01 | 01,398,948 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoW.psd
[2009/06/01 13:20:56 | 00,183,894 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\gpw-200702-65-UnitedStatesNavy-041027-N-9500T-001-Moon-reflects-sunrise-sunset-colors-total-lunar-eclipse-20041027-medium.jpg
[2009/06/01 13:00:56 | 21,744,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fansite_kit.zip
[2009/06/01 12:54:17 | 46,274,979 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WorldofWarcraft_Fansite_Kit_en-US.zip
[2009/06/01 12:37:10 | 00,024,987 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\y171495236141928.jpg
[2009/06/01 10:56:55 | 00,241,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Elune.JPG
[2009/06/01 10:52:50 | 00,262,848 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_Marches.JPG
[2009/05/31 23:38:11 | 00,010,996 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bookmarks 2009-05-31.json
[2009/05/31 22:53:55 | 00,008,506 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR_Ch5_Jeremiah_Akers.rtf
[2009/05/31 12:46:34 | 00,230,731 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Marcayus_Killing.JPG
[2009/05/31 11:52:05 | 00,566,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowmapview-0.6.zip
[2009/05/31 10:57:57 | 00,124,227 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evilbanner.jpg
[2009/05/31 10:54:15 | 00,208,612 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Moonfire.JPG
[2009/05/31 09:32:07 | 01,266,190 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - Legacies of a Nation Lost.mp3
[2009/05/31 09:21:24 | 03,671,882 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_13.tga
[2009/05/31 08:56:35 | 01,729,898 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Sinvarel_01.mp3
[2009/05/31 06:49:28 | 00,028,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\international-flags.jpg
[2009/05/31 05:11:45 | 00,305,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AonFIRE.aep
[2009/05/30 12:16:45 | 00,029,149 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\abe.gif
[2009/05/30 06:24:54 | 00,014,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OHL.odt
[2009/05/30 06:05:50 | 46,929,762 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grimoire of Footsteps.zip
[2009/05/30 06:01:45 | 11,301,162 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CaruusWoWReplacementSoundPackage.zip
[2009/05/30 06:00:23 | 18,284,971 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sound Wizardry Grimoire of Whooshes.zip
[2009/05/30 05:44:57 | 00,566,182 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowmapview-0.6.1-wip(2).zip
[2009/05/30 05:20:29 | 00,073,466 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\crow2.wav
[2009/05/29 22:08:02 | 00,114,877 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\index(2).htm
[2009/05/29 22:08:01 | 00,114,867 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\index.htm
[2009/05/29 17:04:07 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/05/29 14:09:12 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\flare.zip
[2009/05/29 14:06:26 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\combine.zip
[2009/05/28 18:11:44 | 00,000,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/05/28 18:11:44 | 00,000,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/28 15:20:26 | 00,023,024 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2899d1220307072-super-easy-wire-download-wire_svn.zip
[2009/05/27 21:08:38 | 00,001,611 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Team Fortress 2 Dedicated Server.lnk
[2009/05/27 17:37:33 | 00,000,866 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowniverse.com Secure WebDisk.lnk
[2009/05/27 16:49:30 | 04,258,314 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_12.tga
[2009/05/27 16:08:58 | 03,405,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_11.tga
[2009/05/27 14:09:33 | 00,736,342 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Billy Mays - Breakin' Your Back.mp3
[2009/05/27 13:31:13 | 00,038,902 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\typical-desktop.jpg
[2009/05/27 13:26:02 | 00,108,644 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Tero_China.JPG
[2009/05/27 13:23:40 | 00,244,694 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Amish corner computer desk 82.jpg
[2009/05/27 13:04:05 | 00,040,122 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\china.jpg
[2009/05/27 12:25:28 | 04,858,131 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - The War of the Shifting Sands.mp3
[2009/05/27 10:49:14 | 00,006,468 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TRAPCODE_PLUG-INS_FOR_AFTER_EFFECTS.4453653.TPB.torrent
[2009/05/27 09:58:17 | 00,018,437 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts for mindblader (hotmail).ctt
[2009/05/27 06:31:10 | 00,000,499 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fraps.lnk
[2009/05/27 06:26:35 | 00,050,573 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\npc_control_v2.zip
[2009/05/26 23:19:58 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fraps_2.9.4_Registered_-_TheOneX.4050438.TPB.torrent
[2009/05/26 13:42:41 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/05/26 12:26:27 | 01,573,447 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\obse_0016.zip
[2009/05/26 12:26:11 | 05,340,989 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Oblivion_v1.2.0416English.exe
[2009/05/26 12:15:31 | 02,925,272 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\deadlyreflex.zip
[2009/05/24 18:56:21 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sit Spot Sp09(2).doc
[2009/05/24 18:49:15 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09.doc
[2009/05/24 10:27:09 | 02,363,812 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trial Account Creator Lite 1.1.zip
[2009/05/23 18:46:36 | 00,005,331 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowniverse.com Secure WebDisk.vbs
[2009/05/23 18:41:10 | 00,178,895 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\flash-mp3-player.10.0.5.zip
[2009/05/23 18:39:12 | 00,007,107 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wp-google-analytics.1.2.3.zip
[2009/05/23 16:32:30 | 00,013,461 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_akers_Exam_2.rtf
[2009/05/23 16:03:14 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/05/23 16:02:06 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/05/23 15:53:48 | 15,525,5392 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/05/23 12:02:14 | 03,350,534 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL - From Agony, To Ascension, To Zeal (Aphel's Theme).mp3
[2009/05/23 07:41:07 | 00,004,560 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 20:47:22 | 00,003,263 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PR5.rtf
[2009/05/22 19:24:16 | 00,011,628 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\viewCourses.htm
[2009/05/22 05:29:53 | 00,048,278 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OHL.rtf
[2009/05/21 22:45:38 | 01,622,796 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - Leafsong (Reprise).mp3
[2009/05/21 19:48:35 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shortcut to JL Jeremiah - The War of the Shifting Sands.mp3.lnk
[2009/05/21 17:29:34 | 00,611,334 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Duke_Nuken_WoW.mp3
[2009/05/21 17:21:47 | 00,331,302 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Announcer_bleeped.mp3
[2009/05/21 17:18:32 | 00,266,518 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WHATAREYOUUu.mp3
[2009/05/21 16:12:52 | 00,026,035 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\lifecraft.zip
[2009/05/21 16:07:50 | 01,351,840 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Intro.wav
[2009/05/21 13:50:33 | 00,240,937 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafieAphelTally.jpg
[2009/05/21 13:36:53 | 02,664,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafieAphelTally.psd
[2009/05/21 12:51:52 | 00,190,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Tally_nocum.jpg
[2009/05/21 12:51:35 | 00,191,337 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Tally_cum.jpg
[2009/05/21 11:56:39 | 00,009,052 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_PSR4.rtf
[2009/05/20 16:37:53 | 06,569,098 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Limewire_Turbo_v5.5.5.0.rar
[2009/05/20 14:15:38 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2009/05/20 14:13:47 | 00,321,288 | ---- | M] (Zango, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\eMuleSetup.exe
[2009/05/20 13:06:07 | 00,913,188 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Po-kay-man.png
[2009/05/20 12:54:36 | 05,131,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoWBeef_Radio_01.mp3
[2009/05/20 12:08:22 | 01,199,089 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_01.mp3
[2009/05/20 11:24:49 | 00,004,393 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Ero.rtf
[2009/05/20 06:31:36 | 02,835,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GuitarSetPasisHeavyAndClean.rar
[2009/05/20 06:31:34 | 01,247,804 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ovation_Acoustic_Guitars.sfArk
[2009/05/20 06:29:49 | 00,287,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\nathans_guitar.zip
[2009/05/20 06:28:54 | 00,857,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Acoustic_Guitar_Chords.zip
[2009/05/20 06:26:29 | 01,153,082 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AcGuit_Minor_Chords.SF2
[2009/05/20 06:25:55 | 00,871,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AcGuit_Minor_Chords.sfArk
[2009/05/20 06:23:44 | 02,285,022 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trb62.zip
[2009/05/20 06:19:04 | 28,000,690 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\27mg_Symphony_Hall_Bank.SF2
[2009/05/20 06:18:36 | 14,678,081 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\27mg_Symphony_Hall_Bank.sfArk
[2009/05/20 06:17:50 | 00,521,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sfark_setup.exe
[2009/05/20 06:14:42 | 15,591,016 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sinfonia36.rar
[2009/05/19 23:01:08 | 01,441,505 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL - This is Lolcrusader.mp3
[2009/05/19 21:03:46 | 00,001,668 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Collab.lnk
[2009/05/19 21:03:45 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FL Studio 8.lnk
[2009/05/19 20:45:07 | 10,234,7574 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA(2).zip
[2009/05/19 19:42:18 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA.zip
[2009/05/19 19:20:15 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shortcut to AphelHood.jpg.lnk
[2009/05/19 19:20:07 | 00,108,194 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelHood.jpg
[2009/05/19 16:05:04 | 48,495,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA.zip.part
[2009/05/19 14:35:05 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/05/19 14:25:35 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\Desktop\spybotsd162.exe
[2009/05/18 16:41:46 | 00,009,052 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PR4.rtf
[2009/05/17 09:08:26 | 00,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090522-190411.backup
[2009/05/16 18:40:09 | 08,113,585 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelRealRobe.psd
[2009/05/16 18:39:25 | 00,298,934 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Wiki.jpg
[2009/05/16 18:38:58 | 00,460,750 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafsongAphelFinal.jpg
[2009/05/16 18:19:10 | 00,359,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong_Aphel_Wiki.jpg
[2009/05/16 18:08:58 | 00,018,432 | -HS- | M] () -- C:\Thumbs.db
[2009/05/16 18:08:44 | 00,403,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong_Aphel.jpg
[2009/05/16 18:04:09 | 00,392,865 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelRealRobe.jpg
[2009/05/16 18:03:12 | 00,403,789 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafsongandAphel.jpg
[2009/05/16 17:27:02 | 00,921,654 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Land and Water.bmp
[2009/05/16 15:57:00 | 00,024,545 | ---- | M] () -- C:\url.htm
[2009/05/16 15:19:36 | 00,152,102 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_post_1.jpg
[2009/05/15 22:26:01 | 00,323,921 | ---- | M] () -- C:\Leafsongandaphel.jpg
[2009/05/14 18:50:04 | 00,034,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\File Evilbanner.jpg
[2009/05/14 13:48:56 | 00,076,964 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_intro.png
[2009/05/14 13:47:12 | 00,098,995 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evil_Notodo.png
[2009/05/14 13:46:09 | 00,093,879 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evil_Todo.png
[2009/05/14 13:45:10 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_10.tga
[2009/05/14 12:51:24 | 00,183,610 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Corrupter_Banner.jpg
[2009/05/14 12:43:44 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jad.tga
[2009/05/14 12:37:43 | 00,167,142 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\DominatorBanner.jpg
[2009/05/14 12:34:10 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_8.tga
[2009/05/14 12:33:46 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphelhandup.tga
[2009/05/14 12:30:58 | 00,181,332 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\NightElfEvil.jpg
[2009/05/14 12:27:57 | 03,405,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_6.tga
[2009/05/14 12:24:13 | 03,405,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_5.tga
[2009/05/14 12:20:44 | 01,798,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Powwow Sp09.doc
[2009/05/14 12:13:41 | 00,166,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Study Guide Q1 Sp09.doc
[2009/05/14 11:54:35 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelDictator.tga
[2009/05/14 11:31:23 | 03,405,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_4.tga
[2009/05/14 11:25:19 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_3.tga
[2009/05/14 10:26:52 | 00,463,641 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\setup_the_ad_police_v1.0.18.zip
[2009/05/14 10:16:19 | 00,064,931 | ---- | M] () -- C:\2257822111_b7a44baed1.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >


OTL

OTL logfile created on: 6/12/2009 8:01:11 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.43% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.99 Gb Total Space | 172.21 Gb Free Space | 63.55% Space Free | Partition Type: NTFS
Drive D: | 8.45 Gb Total Space | 0.46 Gb Free Space | 5.43% Space Free | Partition Type: FAT32
Drive E: | 348.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEFAULT
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/25 14:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/02/25 14:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005/08/03 00:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2009/06/01 18:32:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/10/11 16:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 21:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/06/04 11:52:43 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/06/01 18:32:47 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/01 18:32:47 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/05/13 13:40:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/12/19 02:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/20 07:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2005/08/05 21:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/30 11:14:00 | 00,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2009/05/09 14:09:24 | 00,606,720 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2005/08/05 21:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/03 00:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2005/08/05 21:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/05/12 07:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
PRC - [2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2006/01/13 17:13:02 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2001/07/03 09:11:52 | 00,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/07/03 09:17:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2009/06/01 18:32:45 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/10 06:10:39 | 01,934,336 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe
PRC - [2007/12/22 16:03:28 | 00,916,240 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\eraser.exe
PRC - [2009/04/23 06:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/05/12 07:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/07 16:49:12 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2009/04/23 06:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/23 06:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/03/18 18:50:30 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2004/09/07 13:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [1998/05/07 09:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2005/08/27 02:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2009/04/27 23:06:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/04 12:02:23 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2004/08/09 21:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2009/06/12 20:00:48 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/08/03 00:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/25 14:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/02/25 16:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - File not found -- -- (avast!antivirus [Auto | Stopped])
SRV - [2009/06/01 18:32:41 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])
SRV - File not found -- -- (ccSetMgr [Auto | Stopped])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/10/11 16:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 21:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/05/01 10:04:25 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/06/04 11:52:43 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e545aab730ea [Auto | Stopped])
SRV - [2009/06/04 11:42:22 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/09 21:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 11:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/05/13 13:40:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice [Auto | Running])
SRV - [2005/12/19 02:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005/08/05 21:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 07:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 03:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - File not found -- -- (NSCService [On_Demand | Stopped])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 20:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
SRV - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
SRV - [2005/08/04 02:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 00:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2005/10/20 16:01:56 | 01,095,009 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/08/29 15:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 13:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2009/02/25 15:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/02/03 19:31:17 | 00,170,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atinavt2.sys -- (ATIAVAIW [On_Demand | Running])
DRV - [2004/08/04 00:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2009/06/01 18:33:00 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (avgldx86 [System | Running])
DRV - [2009/06/01 18:32:59 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (avgmfx86 [System | Running])
DRV - [2009/06/01 18:33:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (avgtdix [System | Running])
DRV - [2003/11/05 07:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run [Boot | Running])
DRV - [2005/06/29 17:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2 [Boot | Running])
DRV - [2009/05/07 16:49:13 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2005/07/28 18:07:58 | 00,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2005/06/17 06:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2001/07/05 15:12:04 | 00,015,188 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud [On_Demand | Stopped])
DRV - [2001/07/05 15:12:10 | 00,014,628 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IDMC1Blk.sys -- (IDMC1Blk [On_Demand | Stopped])
DRV - [2001/07/05 15:12:26 | 00,416,564 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\idmc1vme.sys -- (IDMC1Vxp [On_Demand | Stopped])
DRV - [2008/03/03 17:43:42 | 00,193,032 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\mafw.sys -- (MAFW [On_Demand | Stopped])
DRV - [2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2009/05/01 12:16:25 | 00,182,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/09 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 10:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/09/30 11:11:42 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 14:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/05/07 15:35:44 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/09/16 23:20:06 | 00,108,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/10/06 11:53:24 | 00,015,656 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Stopped])
DRV - [2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2008/07/11 11:16:50 | 00,013,352 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV - [2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\S-1-5-21-3649049345-1135565679-4041754438-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\S-1-5-21-3649049345-1135565679-4041754438-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/01 18:32:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/20 19:26:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 19:26:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2006/02/22 15:01:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/04/19 09:29:12 | 00,000,000 | ---D | M]

[2009/06/08 13:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2009/06/08 13:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/08 13:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\hbext0h1.default\extensions
[2009/06/11 16:14:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 23:06:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/13 13:40:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/27 23:06:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 23:06:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 11:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 11:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 11:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 11:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 11:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 11:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (51 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files\P2P_Energy\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" (SoftThinks)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent ()
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (The Eraser Project)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (Valve Corporation)
O4 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3649049345-1135565679-4041754438-1008\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {cafeefac-0016-0000-0013-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BB872FF5-7D9A-42EA-958A-8F64A341566A}\\NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{FEC1B3DC-694B-45BE-A1C9-212D18913A1D}\\NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\yufizifa.dll) - C:\WINDOWS\system32\yufizifa.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - c:\windows\system32 [2009/06/12 06:11:00 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (c:\windows\system32\busogeto.dll) - c:\windows\system32\busogeto.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/22 15:15:54 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8459b5a9-1e2a-11de-b6a0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8459b5a9-1e2a-11de-b6a0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/11 20:58:31 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/12 20:00:46 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/12 06:17:42 | 01,266,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB927891.exe
[2009/06/12 06:17:34 | 00,003,038 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fix_svchost.bat
[2009/06/12 06:17:26 | 06,216,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\windowsupdateagent30-x86.exe
[2009/06/11 10:43:03 | 00,042,443 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\necrons-740174.jpg
[2009/06/10 17:20:55 | 55,873,7381 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\RC1218.exe
[2009/06/09 18:11:58 | 00,004,670 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_akers_PSR7.rtf
[2009/06/09 17:33:35 | 00,004,620 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PSR8.rtf
[2009/06/09 17:33:27 | 00,022,811 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR8.odt
[2009/06/09 16:27:35 | 00,025,300 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR7.odt
[2009/06/09 15:26:52 | 00,014,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Akers_J_OHL.odt
[2009/06/09 15:24:51 | 00,013,346 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OralHistoryProject.rtf
[2009/06/09 13:14:08 | 00,131,972 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Rosieeee.jpg
[2009/06/09 06:50:12 | 00,049,473 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Civilization.IV.Beyond.The.Sword-RELOADED.3745388.TPB.torrent
[2009/06/08 13:26:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
[2009/06/08 12:37:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
[2009/06/08 12:33:19 | 00,006,383 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\LimeWire_Pro_5.1.2_MultiLingual_Retail_Final_(mAnaV).4764815.TPB.torrent
[2009/06/08 12:32:58 | 00,002,529 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tube Increaser.lnk
[2009/06/08 12:32:58 | 00,000,000 | ---D | C] -- C:\Program Files\Turbo Tube
[2009/06/08 12:28:05 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tube_Increaser_2.1.4726741.TPB.torrent
[2009/06/08 12:18:00 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\I-Faker_Desktop_Pro__Fake_Hits_Generator__Cracked_By_Gino.3832082.TPB.torrent
[2009/06/08 11:57:21 | 01,122,063 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\One-million-clicks.exe
[2009/06/08 11:53:40 | 00,000,835 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\One_Million_Clicks_1.0_Beta.4145368.TPB.torrent
[2009/06/07 18:47:45 | 00,122,994 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsongfinal.jpg
[2009/06/07 18:44:45 | 00,128,703 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong57.jpg
[2009/06/07 18:41:42 | 00,145,431 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong6.jpg
[2009/06/07 18:38:21 | 00,127,841 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong5.jpg
[2009/06/07 18:35:08 | 00,129,754 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong4.jpg
[2009/06/07 14:30:22 | 00,104,269 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsongthree.jpg
[2009/06/07 14:26:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\New Folder (3)
[2009/06/07 14:19:29 | 00,500,977 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\portrait_of_george_washington.jpg
[2009/06/06 22:23:20 | 00,068,694 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelWTF.jpg
[2009/06/06 16:20:08 | 00,012,390 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Picture 007.jpg
[2009/06/06 16:18:42 | 00,012,987 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Picture 006.jpg
[2009/06/06 11:21:07 | 00,106,402 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Laefsnogone.jpg
[2009/06/06 11:17:31 | 00,088,021 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Laefsnogandduck.jpg
[2009/06/06 00:59:01 | 00,100,508 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\watch(2).htm
[2009/06/05 06:14:02 | 00,098,998 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\gtotem_bobcat.jpg
[2009/06/05 06:13:28 | 00,095,822 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\baby bobcat.jpg
[2009/06/05 05:42:28 | 00,176,128 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Waterhouse Sp 09.doc
[2009/06/04 18:25:14 | 00,000,829 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Document.rtf
[2009/06/04 16:36:34 | 00,024,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\_NPCScan-3.1.0.1.zip
[2009/06/04 12:24:24 | 00,186,880 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Manastash Sp09.doc
[2009/06/04 11:56:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Google
[2009/06/04 11:53:27 | 00,001,847 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/06/04 11:52:58 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09(3).doc
[2009/06/04 11:52:53 | 00,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/04 11:52:41 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09(2).doc
[2009/06/04 11:51:18 | 01,038,968 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GoogleUpdater.exe
[2009/06/04 11:43:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/06/04 11:42:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/06/04 11:42:25 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/04 11:42:11 | 01,086,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Updater.exe
[2009/06/04 11:07:05 | 00,115,200 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Prairie Creek Sp09.doc
[2009/06/04 00:02:31 | 81,603,687 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Olivia_OLovely_AP_4GIFs.com.wmv
[2009/06/03 20:00:41 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Fraps_2.9.4_Registered_-_TheOneX.4050438.TPB.torrent.lnk
[2009/06/03 18:40:45 | 00,055,406 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dawnofwarunsga_v10.zip
[2009/06/03 07:11:35 | 00,088,130 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\245sp09.rtf
[2009/06/02 18:00:56 | 00,031,361 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_Scripture.JPG
[2009/06/02 17:54:41 | 00,030,386 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\march(2).htm
[2009/06/02 17:50:21 | 00,030,378 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\march.htm
[2009/06/02 13:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\OldTit
[2009/06/02 13:36:00 | 02,592,714 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\90.zip
[2009/06/02 13:04:53 | 05,168,812 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoW-2.4.0.8089-to-2.4.1.8125-enUS-patch.zip
[2009/06/01 21:53:15 | 00,045,741 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_09.JPG
[2009/06/01 21:46:32 | 00,040,154 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\March.JPG
[2009/06/01 21:43:26 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/01 19:08:18 | 00,209,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Usun_Gore.JPG
[2009/06/01 18:33:06 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/01 18:33:06 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/01 18:33:06 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/01 18:33:00 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/01 18:32:59 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/01 18:32:55 | 37,078,780 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/01 18:32:55 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/01 18:32:55 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/01 18:32:55 | 00,075,358 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/01 18:32:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/01 18:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/01 18:32:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/01 18:20:17 | 65,103,168 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\HP_Administrator\Desktop\avg_free_stf_en_85_339a1525.exe
[2009/06/01 18:16:46 | 00,000,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fix.zip
[2009/06/01 16:30:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\WMVE
[2009/06/01 16:30:11 | 03,728,716 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoWModelViewer_0.6.0.3_Win32_Release(2).zip
[2009/06/01 13:58:32 | 00,245,533 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\MGLega.jpg
[2009/06/01 13:50:06 | 00,173,339 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Night-Elves-and-Mount.jpg
[2009/06/01 13:39:26 | 00,132,321 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\germanica_family.zip
[2009/06/01 13:38:59 | 01,398,948 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoW.psd
[2009/06/01 13:20:56 | 00,183,894 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\gpw-200702-65-UnitedStatesNavy-041027-N-9500T-001-Moon-reflects-sunrise-sunset-colors-total-lunar-eclipse-20041027-medium.jpg
[2009/06/01 12:58:57 | 21,744,502 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\fansite_kit.zip
[2009/06/01 12:49:57 | 46,274,979 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WorldofWarcraft_Fansite_Kit_en-US.zip
[2009/06/01 12:37:10 | 00,024,987 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\y171495236141928.jpg
[2009/06/01 10:56:55 | 00,241,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Elune.JPG
[2009/06/01 10:52:50 | 00,262,848 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_Marches.JPG
[2009/05/31 23:38:11 | 00,010,996 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bookmarks 2009-05-31.json
[2009/05/31 22:23:48 | 00,008,506 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR_Ch5_Jeremiah_Akers.rtf
[2009/05/31 12:46:34 | 00,230,731 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Marcayus_Killing.JPG
[2009/05/31 11:52:04 | 00,566,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowmapview-0.6.zip
[2009/05/31 10:57:57 | 00,124,227 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evilbanner.jpg
[2009/05/31 10:54:15 | 00,208,612 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Moonfire.JPG
[2009/05/31 09:21:24 | 03,671,882 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_13.tga
[2009/05/31 08:48:46 | 01,729,898 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Sinvarel_01.mp3
[2009/05/31 08:04:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Wooshes
[2009/05/31 06:49:28 | 00,028,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\international-flags.jpg
[2009/05/31 05:11:45 | 00,305,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AonFIRE.aep
[2009/05/30 12:16:44 | 00,029,149 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\abe.gif
[2009/05/30 11:14:35 | 00,036,868 | ---- | C] () -- C:\Program Files\uninst-Lux.exe
[2009/05/30 06:29:38 | 00,048,278 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OHL.rtf
[2009/05/30 06:14:24 | 00,014,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OHL.odt
[2009/05/30 05:59:29 | 46,929,762 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grimoire of Footsteps.zip
[2009/05/30 05:59:14 | 11,301,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CaruusWoWReplacementSoundPackage.zip
[2009/05/30 05:58:00 | 18,284,971 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sound Wizardry Grimoire of Whooshes.zip
[2009/05/30 05:44:55 | 00,566,182 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowmapview-0.6.1-wip(2).zip
[2009/05/30 05:20:29 | 00,073,466 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\crow2.wav
[2009/05/29 22:40:59 | 00,000,000 | ---D | C] -- C:\Logs
[2009/05/29 22:08:02 | 00,114,877 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\index(2).htm
[2009/05/29 22:08:00 | 00,114,867 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\index.htm
[2009/05/29 14:09:11 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\flare.zip
[2009/05/29 14:06:24 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\combine.zip
[2009/05/29 13:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft (BC)
[2009/05/29 07:57:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\WoWInstall
[2009/05/28 15:20:20 | 00,023,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2899d1220307072-super-easy-wire-download-wire_svn.zip
[2009/05/27 21:08:38 | 00,001,611 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Team Fortress 2 Dedicated Server.lnk
[2009/05/27 16:49:30 | 04,258,314 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_12.tga
[2009/05/27 16:08:58 | 03,405,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_11.tga
[2009/05/27 14:09:31 | 00,736,342 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Billy Mays - Breakin' Your Back.mp3
[2009/05/27 13:31:13 | 00,038,902 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\typical-desktop.jpg
[2009/05/27 13:26:02 | 00,108,644 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Tero_China.JPG
[2009/05/27 13:23:39 | 00,244,694 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Amish corner computer desk 82.jpg
[2009/05/27 13:04:04 | 00,040,122 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\china.jpg
[2009/05/27 12:33:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Movie Projects
[2009/05/27 11:28:00 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2009/05/27 11:11:08 | 00,036,868 | ---- | C] () -- C:\Program Files\uninst-Particular.exe
[2009/05/27 11:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trapcode
[2009/05/27 11:11:08 | 00,000,000 | ---D | C] -- C:\Presets
[2009/05/27 10:49:13 | 00,006,468 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TRAPCODE_PLUG-INS_FOR_AFTER_EFFECTS.4453653.TPB.torrent
[2009/05/27 09:58:17 | 00,018,437 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts for mindblader (hotmail).ctt
[2009/05/27 06:31:10 | 00,000,499 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fraps.lnk
[2009/05/27 06:26:34 | 00,050,573 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\npc_control_v2.zip
[2009/05/26 23:21:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/26 23:21:32 | 00,000,000 | ---D | C] -- C:\Fraps
[2009/05/26 23:19:58 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fraps_2.9.4_Registered_-_TheOneX.4050438.TPB.torrent
[2009/05/26 22:40:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Adobe
[2009/05/26 12:26:20 | 01,573,447 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\obse_0016.zip
[2009/05/26 12:25:44 | 05,340,989 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Oblivion_v1.2.0416English.exe
[2009/05/26 12:15:16 | 02,925,272 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\deadlyreflex.zip
[2009/05/24 18:56:21 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sit Spot Sp09(2).doc
[2009/05/24 18:49:15 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09.doc
[2009/05/24 10:27:00 | 02,363,812 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trial Account Creator Lite 1.1.zip
[2009/05/23 18:46:59 | 00,000,866 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowniverse.com Secure WebDisk.lnk
[2009/05/23 18:46:36 | 00,005,331 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowniverse.com Secure WebDisk.vbs
[2009/05/23 18:44:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\flash-mp3-player
[2009/05/23 18:41:10 | 00,178,895 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\flash-mp3-player.10.0.5.zip
[2009/05/23 18:39:12 | 00,007,107 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wp-google-analytics.1.2.3.zip
[2009/05/23 16:33:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\New Folder (2)
[2009/05/23 16:03:14 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/05/23 16:02:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org
[2009/05/23 16:02:06 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/05/23 16:01:28 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/05/23 16:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/05/23 15:57:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/05/23 15:39:36 | 15,525,5392 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/05/23 12:21:47 | 00,013,461 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_akers_Exam_2.rtf
[2009/05/23 11:34:36 | 03,350,534 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL - From Agony, To Ascension, To Zeal (Aphel's Theme).mp3
[2009/05/22 20:10:06 | 00,003,263 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PR5.rtf
[2009/05/22 19:24:15 | 00,011,628 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\viewCourses.htm
[2009/05/21 22:45:16 | 01,622,796 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - Leafsong (Reprise).mp3
[2009/05/21 19:48:35 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shortcut to JL Jeremiah - The War of the Shifting Sands.mp3.lnk
[2009/05/21 17:29:27 | 00,611,334 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Duke_Nuken_WoW.mp3
[2009/05/21 17:21:43 | 00,331,302 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Announcer_bleeped.mp3
[2009/05/21 17:18:29 | 00,266,518 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WHATAREYOUUu.mp3
[2009/05/21 16:12:51 | 00,026,035 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\lifecraft.zip
[2009/05/21 16:07:49 | 01,351,840 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Intro.wav
[2009/05/21 15:41:43 | 04,858,131 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - The War of the Shifting Sands.mp3
[2009/05/21 13:50:30 | 00,240,937 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafieAphelTally.jpg
[2009/05/21 13:30:20 | 02,664,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafieAphelTally.psd
[2009/05/21 12:51:50 | 00,190,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Tally_nocum.jpg
[2009/05/21 12:51:32 | 00,191,337 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Tally_cum.jpg
[2009/05/21 11:56:39 | 00,009,052 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_PSR4.rtf
[2009/05/21 11:55:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/20 16:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/05/20 16:38:13 | 00,000,000 | ---D | C] -- C:\Program Files\P2P_Energy
[2009/05/20 16:35:14 | 06,569,098 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Limewire_Turbo_v5.5.5.0.rar
[2009/05/20 14:15:38 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2009/05/20 14:15:31 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2009/05/20 14:13:46 | 00,321,288 | ---- | C] (Zango, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\eMuleSetup.exe
[2009/05/20 13:07:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2009/05/20 13:06:00 | 00,913,188 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Po-kay-man.png
[2009/05/20 12:50:41 | 05,131,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoWBeef_Radio_01.mp3
[2009/05/20 12:08:12 | 01,199,089 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_01.mp3
[2009/05/20 10:54:51 | 00,004,393 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Ero.rtf
[2009/05/20 06:31:20 | 01,247,804 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ovation_Acoustic_Guitars.sfArk
[2009/05/20 06:31:11 | 02,835,383 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GuitarSetPasisHeavyAndClean.rar
[2009/05/20 06:29:48 | 00,287,502 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\nathans_guitar.zip
[2009/05/20 06:28:49 | 00,857,502 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Acoustic_Guitar_Chords.zip
[2009/05/20 06:26:12 | 01,153,082 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AcGuit_Minor_Chords.SF2
[2009/05/20 06:25:51 | 00,871,383 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AcGuit_Minor_Chords.sfArk
[2009/05/20 06:24:16 | 02,842,870 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\TRB62.SF2
[2009/05/20 06:23:44 | 02,285,022 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trb62.zip
[2009/05/20 06:19:01 | 28,000,690 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\27mg_Symphony_Hall_Bank.SF2
[2009/05/20 06:18:48 | 00,000,000 | ---D | C] -- C:\Program Files\sfArk
[2009/05/20 06:17:44 | 00,521,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sfark_setup.exe
[2009/05/20 06:17:10 | 14,678,081 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\27mg_Symphony_Hall_Bank.sfArk
[2009/05/20 06:13:20 | 15,591,016 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sinfonia36.rar
[2009/05/19 23:01:00 | 01,441,505 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL - This is Lolcrusader.mp3
[2009/05/19 21:03:46 | 00,001,668 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Collab.lnk
[2009/05/19 21:03:45 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2009/05/19 21:03:45 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FL Studio 8.lnk
[2009/05/19 21:03:45 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/05/19 21:03:24 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/05/19 21:02:02 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/05/19 20:32:08 | 10,234,7574 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA(2).zip
[2009/05/19 19:20:15 | 00,000,565 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shortcut to AphelHood.jpg.lnk
[2009/05/19 19:20:05 | 00,108,194 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelHood.jpg
[2009/05/19 15:58:53 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA.zip
[2009/05/19 15:58:52 | 48,495,344 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA.zip.part
[2009/05/19 14:35:05 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/05/19 14:35:00 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/19 14:35:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/19 14:24:06 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\Desktop\spybotsd162.exe
[2009/05/18 15:34:57 | 00,009,052 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PR4.rtf
[2009/05/16 18:38:56 | 00,460,750 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafsongAphelFinal.jpg
[2009/05/16 18:21:47 | 00,298,934 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Wiki.jpg
[2009/05/16 18:19:08 | 00,359,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong_Aphel_Wiki.jpg
[2009/05/16 18:08:56 | 00,018,432 | -HS- | C] () -- C:\Thumbs.db
[2009/05/16 18:08:43 | 00,403,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong_Aphel.jpg
[2009/05/16 18:04:28 | 00,000,000 | ---D | C] -- C:\New Folder
[2009/05/16 18:03:24 | 00,392,865 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelRealRobe.jpg
[2009/05/16 18:03:11 | 00,403,789 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafsongandAphel.jpg
[2009/05/16 17:27:02 | 00,921,654 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Land and Water.bmp
[2009/05/16 15:56:59 | 00,024,545 | ---- | C] () -- C:\url.htm
[2009/05/16 15:46:33 | 08,113,585 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelRealRobe.psd
[2009/05/16 15:19:33 | 00,152,102 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_post_1.jpg
[2009/05/15 22:26:00 | 00,323,921 | ---- | C] () -- C:\Leafsongandaphel.jpg
[2009/05/14 18:50:04 | 00,034,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\File Evilbanner.jpg
[2009/05/14 13:48:54 | 00,076,964 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_intro.png
[2009/05/14 13:47:11 | 00,098,995 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evil_Notodo.png
[2009/05/14 13:46:07 | 00,093,879 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evil_Todo.png
[2009/05/14 13:45:10 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_10.tga
[2009/05/14 12:50:22 | 00,183,610 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Corrupter_Banner.jpg
[2009/05/14 12:43:44 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jad.tga
[2009/05/14 12:37:42 | 00,167,142 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\DominatorBanner.jpg
[2009/05/14 12:34:10 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_8.tga
[2009/05/14 12:33:46 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphelhandup.tga
[2009/05/14 12:30:56 | 00,181,332 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\NightElfEvil.jpg
[2009/05/14 12:24:12 | 03,405,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_5.tga
[2009/05/14 12:20:35 | 01,798,656 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Powwow Sp09.doc
[2009/05/14 12:13:41 | 00,166,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Study Guide Q1 Sp09.doc
[2009/05/14 11:56:21 | 03,405,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_6.tga
[2009/05/14 11:54:35 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelDictator.tga
[2009/05/14 11:31:23 | 03,405,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_4.tga
[2009/05/14 11:25:19 | 02,818,890 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_3.tga
[2009/05/14 10:26:32 | 00,463,641 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\setup_the_ad_police_v1.0.18.zip
[2009/05/14 10:16:18 | 00,064,931 | ---- | C] () -- C:\2257822111_b7a44baed1.jpg
[2009/05/07 15:35:44 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/07 12:44:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/04/26 11:03:33 | 00,002,929 | -HS- | C] () -- C:\WINDOWS\System32\watusero.dll
[2009/04/23 09:46:10 | 00,002,625 | -HS- | C] () -- C:\WINDOWS\System32\gehufidu.dll
[2009/04/22 11:21:28 | 00,002,625 | -HS- | C] () -- C:\WINDOWS\System32\nahibozo.dll
[2009/04/19 09:28:47 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IDMC1Reg.dll
[2009/04/09 16:31:18 | 00,010,433 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2009/03/31 12:34:41 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2007/06/27 17:13:51 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2006/02/22 15:45:40 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/22 15:23:34 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/02/22 15:19:05 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/02/22 15:18:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/02/22 15:16:23 | 00,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/22 15:13:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/22 15:02:45 | 00,004,560 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/22 15:01:23 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/22 14:45:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/22 14:42:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/02/22 14:39:38 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/22 14:19:34 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/02/22 14:19:34 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/02/22 14:19:15 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 14:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 21:02:00 | 00,000,644 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 13:52:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 22:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 21:00:00 | 00,182,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2004/07/26 07:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 23:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 23:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/04/14 16:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/06/12 20:00:48 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/12 17:40:19 | 37,078,780 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/12 17:40:19 | 00,075,358 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/12 13:38:12 | 00,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/12 13:38:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/12 06:18:06 | 06,216,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\windowsupdateagent30-x86.exe
[2009/06/12 06:18:01 | 01,266,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB927891.exe
[2009/06/12 06:17:36 | 00,003,038 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fix_svchost.bat
[2009/06/12 06:09:50 | 00,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/06/12 06:08:26 | 00,000,245 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/06/12 06:05:44 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/06/12 05:51:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/12 05:51:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 17:42:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/11 10:43:04 | 00,042,443 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\necrons-740174.jpg
[2009/06/10 18:14:19 | 55,873,7381 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\RC1218.exe
[2009/06/09 19:12:57 | 00,421,888 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db
[2009/06/09 18:47:05 | 00,002,787 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dawn of War - Winter Assault.lnk
[2009/06/09 18:12:17 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/09 18:11:58 | 00,004,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_akers_PSR7.rtf
[2009/06/09 18:10:56 | 00,025,300 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR7.odt
[2009/06/09 17:33:41 | 00,004,620 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PSR8.rtf
[2009/06/09 17:33:27 | 00,022,811 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR8.odt
[2009/06/09 15:26:53 | 00,014,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Akers_J_OHL.odt
[2009/06/09 15:24:56 | 00,013,346 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OralHistoryProject.rtf
[2009/06/09 13:14:10 | 00,131,972 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Rosieeee.jpg
[2009/06/09 06:50:12 | 00,049,473 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Civilization.IV.Beyond.The.Sword-RELOADED.3745388.TPB.torrent
[2009/06/09 06:42:52 | 00,002,529 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tube Increaser.lnk
[2009/06/08 12:33:19 | 00,006,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\LimeWire_Pro_5.1.2_MultiLingual_Retail_Final_(mAnaV).4764815.TPB.torrent
[2009/06/08 12:28:06 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tube_Increaser_2.1.4726741.TPB.torrent
[2009/06/08 12:18:00 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\I-Faker_Desktop_Pro__Fake_Hits_Generator__Cracked_By_Gino.3832082.TPB.torrent
[2009/06/08 11:57:30 | 01,122,063 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\One-million-clicks.exe
[2009/06/08 11:53:40 | 00,000,835 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\One_Million_Clicks_1.0_Beta.4145368.TPB.torrent
[2009/06/07 18:47:46 | 00,122,994 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsongfinal.jpg
[2009/06/07 18:44:47 | 00,128,703 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong57.jpg
[2009/06/07 18:41:44 | 00,145,431 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong6.jpg
[2009/06/07 18:38:23 | 00,127,841 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong5.jpg
[2009/06/07 18:35:11 | 00,129,754 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong4.jpg
[2009/06/07 14:30:23 | 00,104,269 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsongthree.jpg
[2009/06/07 14:20:43 | 00,500,977 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\portrait_of_george_washington.jpg
[2009/06/06 22:23:27 | 00,068,694 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelWTF.jpg
[2009/06/06 16:20:08 | 00,012,390 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Picture 007.jpg
[2009/06/06 16:18:42 | 00,012,987 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Picture 006.jpg
[2009/06/06 11:21:08 | 00,106,402 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Laefsnogone.jpg
[2009/06/06 11:17:33 | 00,088,021 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Laefsnogandduck.jpg
[2009/06/06 00:59:04 | 00,100,508 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\watch(2).htm
[2009/06/05 06:14:02 | 00,098,998 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\gtotem_bobcat.jpg
[2009/06/05 06:13:29 | 00,095,822 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\baby bobcat.jpg
[2009/06/05 05:42:29 | 00,176,128 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Waterhouse Sp 09.doc
[2009/06/04 18:29:05 | 00,000,829 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Document.rtf
[2009/06/04 16:36:35 | 00,024,358 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\_NPCScan-3.1.0.1.zip
[2009/06/04 12:24:24 | 00,186,880 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Manastash Sp09.doc
[2009/06/04 11:53:27 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/06/04 11:52:58 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09(3).doc
[2009/06/04 11:52:42 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09(2).doc
[2009/06/04 11:51:24 | 01,038,968 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GoogleUpdater.exe
[2009/06/04 11:42:16 | 01,086,608 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Updater.exe
[2009/06/04 11:07:06 | 00,115,200 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Prairie Creek Sp09.doc
[2009/06/04 00:17:04 | 81,603,687 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Olivia_OLovely_AP_4GIFs.com.wmv
[2009/06/03 20:00:41 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Fraps_2.9.4_Registered_-_TheOneX.4050438.TPB.torrent.lnk
[2009/06/03 18:40:45 | 00,055,406 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dawnofwarunsga_v10.zip
[2009/06/03 07:11:36 | 00,088,130 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\245sp09.rtf
[2009/06/02 18:00:56 | 00,031,361 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_Scripture.JPG
[2009/06/02 17:54:42 | 00,030,386 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\march(2).htm
[2009/06/02 17:50:23 | 00,030,378 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\march.htm
[2009/06/02 13:36:17 | 02,592,714 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\90.zip
[2009/06/02 13:05:21 | 05,168,812 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoW-2.4.0.8089-to-2.4.1.8125-enUS-patch.zip
[2009/06/01 21:53:15 | 00,045,741 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_09.JPG
[2009/06/01 21:46:32 | 00,040,154 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\March.JPG
[2009/06/01 19:08:18 | 00,209,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Usun_Gore.JPG
[2009/06/01 18:33:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/01 18:33:06 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/01 18:33:06 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/01 18:33:00 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/01 18:32:59 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/01 18:32:55 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/01 18:32:55 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/01 18:26:03 | 65,103,168 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\HP_Administrator\Desktop\avg_free_stf_en_85_339a1525.exe
[2009/06/01 18:16:46 | 00,000,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fix.zip
[2009/06/01 17:09:17 | 02,107,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/01 16:30:38 | 03,728,716 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WoWModelViewer_0.6.0.3_Win32_Release(2).zip
[2009/06/01 13:58:33 | 00,245,533 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\MGLega.jpg
[2009/06/01 13:39:27 | 00,132,321 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\germanica_family.zip
[2009/06/01 13:39:01 | 01,398,948 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoW.psd
[2009/06/01 13:20:56 | 00,183,894 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\gpw-200702-65-UnitedStatesNavy-041027-N-9500T-001-Moon-reflects-sunrise-sunset-colors-total-lunar-eclipse-20041027-medium.jpg
[2009/06/01 13:00:56 | 21,744,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\fansite_kit.zip
[2009/06/01 12:54:17 | 46,274,979 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WorldofWarcraft_Fansite_Kit_en-US.zip
[2009/06/01 12:37:10 | 00,024,987 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\y171495236141928.jpg
[2009/06/01 10:56:55 | 00,241,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Elune.JPG
[2009/06/01 10:52:50 | 00,262,848 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\March_Marches.JPG
[2009/05/31 23:38:11 | 00,010,996 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bookmarks 2009-05-31.json
[2009/05/31 22:53:55 | 00,008,506 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PSR_Ch5_Jeremiah_Akers.rtf
[2009/05/31 12:46:34 | 00,230,731 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Marcayus_Killing.JPG
[2009/05/31 11:52:05 | 00,566,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowmapview-0.6.zip
[2009/05/31 10:57:57 | 00,124,227 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evilbanner.jpg
[2009/05/31 10:54:15 | 00,208,612 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Moonfire.JPG
[2009/05/31 09:32:07 | 01,266,190 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - Legacies of a Nation Lost.mp3
[2009/05/31 09:21:24 | 03,671,882 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_13.tga
[2009/05/31 08:56:35 | 01,729,898 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Sinvarel_01.mp3
[2009/05/31 06:49:28 | 00,028,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\international-flags.jpg
[2009/05/31 05:11:45 | 00,305,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AonFIRE.aep
[2009/05/30 12:16:45 | 00,029,149 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\abe.gif
[2009/05/30 06:24:54 | 00,014,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OHL.odt
[2009/05/30 06:05:50 | 46,929,762 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grimoire of Footsteps.zip
[2009/05/30 06:01:45 | 11,301,162 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CaruusWoWReplacementSoundPackage.zip
[2009/05/30 06:00:23 | 18,284,971 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sound Wizardry Grimoire of Whooshes.zip
[2009/05/30 05:44:57 | 00,566,182 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowmapview-0.6.1-wip(2).zip
[2009/05/30 05:20:29 | 00,073,466 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\crow2.wav
[2009/05/29 22:08:02 | 00,114,877 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\index(2).htm
[2009/05/29 22:08:01 | 00,114,867 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\index.htm
[2009/05/29 17:04:07 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/05/29 14:09:12 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\flare.zip
[2009/05/29 14:06:26 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\combine.zip
[2009/05/28 18:11:44 | 00,000,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/05/28 18:11:44 | 00,000,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/28 15:20:26 | 00,023,024 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2899d1220307072-super-easy-wire-download-wire_svn.zip
[2009/05/27 21:08:38 | 00,001,611 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Team Fortress 2 Dedicated Server.lnk
[2009/05/27 17:37:33 | 00,000,866 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowniverse.com Secure WebDisk.lnk
[2009/05/27 16:49:30 | 04,258,314 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_12.tga
[2009/05/27 16:08:58 | 03,405,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_11.tga
[2009/05/27 14:09:33 | 00,736,342 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Billy Mays - Breakin' Your Back.mp3
[2009/05/27 13:31:13 | 00,038,902 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\typical-desktop.jpg
[2009/05/27 13:26:02 | 00,108,644 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Tero_China.JPG
[2009/05/27 13:23:40 | 00,244,694 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Amish corner computer desk 82.jpg
[2009/05/27 13:04:05 | 00,040,122 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\china.jpg
[2009/05/27 12:25:28 | 04,858,131 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - The War of the Shifting Sands.mp3
[2009/05/27 10:49:14 | 00,006,468 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TRAPCODE_PLUG-INS_FOR_AFTER_EFFECTS.4453653.TPB.torrent
[2009/05/27 09:58:17 | 00,018,437 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts for mindblader (hotmail).ctt
[2009/05/27 06:31:10 | 00,000,499 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fraps.lnk
[2009/05/27 06:26:35 | 00,050,573 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\npc_control_v2.zip
[2009/05/26 23:19:58 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fraps_2.9.4_Registered_-_TheOneX.4050438.TPB.torrent
[2009/05/26 13:42:41 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/05/26 12:26:27 | 01,573,447 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\obse_0016.zip
[2009/05/26 12:26:11 | 05,340,989 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Oblivion_v1.2.0416English.exe
[2009/05/26 12:15:31 | 02,925,272 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\deadlyreflex.zip
[2009/05/24 18:56:21 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sit Spot Sp09(2).doc
[2009/05/24 18:49:15 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Government Report Sp09.doc
[2009/05/24 10:27:09 | 02,363,812 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trial Account Creator Lite 1.1.zip
[2009/05/23 18:46:36 | 00,005,331 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wowniverse.com Secure WebDisk.vbs
[2009/05/23 18:41:10 | 00,178,895 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\flash-mp3-player.10.0.5.zip
[2009/05/23 18:39:12 | 00,007,107 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wp-google-analytics.1.2.3.zip
[2009/05/23 16:32:30 | 00,013,461 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_akers_Exam_2.rtf
[2009/05/23 16:03:14 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/05/23 16:02:06 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/05/23 15:53:48 | 15,525,5392 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/05/23 12:02:14 | 03,350,534 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL - From Agony, To Ascension, To Zeal (Aphel's Theme).mp3
[2009/05/23 07:41:07 | 00,004,560 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 20:47:22 | 00,003,263 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PR5.rtf
[2009/05/22 19:24:16 | 00,011,628 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\viewCourses.htm
[2009/05/22 05:29:53 | 00,048,278 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Akers_J_OHL.rtf
[2009/05/21 22:45:38 | 01,622,796 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL Jeremiah - Leafsong (Reprise).mp3
[2009/05/21 19:48:35 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shortcut to JL Jeremiah - The War of the Shifting Sands.mp3.lnk
[2009/05/21 17:29:34 | 00,611,334 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Duke_Nuken_WoW.mp3
[2009/05/21 17:21:47 | 00,331,302 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Announcer_bleeped.mp3
[2009/05/21 17:18:32 | 00,266,518 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WHATAREYOUUu.mp3
[2009/05/21 16:12:52 | 00,026,035 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\lifecraft.zip
[2009/05/21 16:07:50 | 01,351,840 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Intro.wav
[2009/05/21 13:50:33 | 00,240,937 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafieAphelTally.jpg
[2009/05/21 13:36:53 | 02,664,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafieAphelTally.psd
[2009/05/21 12:51:52 | 00,190,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Tally_nocum.jpg
[2009/05/21 12:51:35 | 00,191,337 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Tally_cum.jpg
[2009/05/21 11:56:39 | 00,009,052 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_PSR4.rtf
[2009/05/20 16:37:53 | 06,569,098 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Limewire_Turbo_v5.5.5.0.rar
[2009/05/20 14:15:38 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2009/05/20 14:13:47 | 00,321,288 | ---- | M] (Zango, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\eMuleSetup.exe
[2009/05/20 13:06:07 | 00,913,188 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Po-kay-man.png
[2009/05/20 12:54:36 | 05,131,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoWBeef_Radio_01.mp3
[2009/05/20 12:08:22 | 01,199,089 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_01.mp3
[2009/05/20 11:24:49 | 00,004,393 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Ero.rtf
[2009/05/20 06:31:36 | 02,835,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GuitarSetPasisHeavyAndClean.rar
[2009/05/20 06:31:34 | 01,247,804 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ovation_Acoustic_Guitars.sfArk
[2009/05/20 06:29:49 | 00,287,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\nathans_guitar.zip
[2009/05/20 06:28:54 | 00,857,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Acoustic_Guitar_Chords.zip
[2009/05/20 06:26:29 | 01,153,082 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AcGuit_Minor_Chords.SF2
[2009/05/20 06:25:55 | 00,871,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AcGuit_Minor_Chords.sfArk
[2009/05/20 06:23:44 | 02,285,022 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trb62.zip
[2009/05/20 06:19:04 | 28,000,690 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\27mg_Symphony_Hall_Bank.SF2
[2009/05/20 06:18:36 | 14,678,081 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\27mg_Symphony_Hall_Bank.sfArk
[2009/05/20 06:17:50 | 00,521,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sfark_setup.exe
[2009/05/20 06:14:42 | 15,591,016 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sinfonia36.rar
[2009/05/19 23:01:08 | 01,441,505 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\JL - This is Lolcrusader.mp3
[2009/05/19 21:03:46 | 00,001,668 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Collab.lnk
[2009/05/19 21:03:45 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FL Studio 8.lnk
[2009/05/19 20:45:07 | 10,234,7574 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA(2).zip
[2009/05/19 19:42:18 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA.zip
[2009/05/19 19:20:15 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Shortcut to AphelHood.jpg.lnk
[2009/05/19 19:20:07 | 00,108,194 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelHood.jpg
[2009/05/19 16:05:04 | 48,495,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Download-blog.Com%20-%20FL.Studio.XXL.v8.0.2-DOA.zip.part
[2009/05/19 14:35:05 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/05/19 14:25:35 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\Desktop\spybotsd162.exe
[2009/05/18 16:41:46 | 00,009,052 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jeremiah_Akers_PR4.rtf
[2009/05/17 09:08:26 | 00,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090522-190411.backup
[2009/05/16 18:40:09 | 08,113,585 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelRealRobe.psd
[2009/05/16 18:39:25 | 00,298,934 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_Wiki.jpg
[2009/05/16 18:38:58 | 00,460,750 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafsongAphelFinal.jpg
[2009/05/16 18:19:10 | 00,359,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong_Aphel_Wiki.jpg
[2009/05/16 18:08:58 | 00,018,432 | -HS- | M] () -- C:\Thumbs.db
[2009/05/16 18:08:44 | 00,403,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Leafsong_Aphel.jpg
[2009/05/16 18:04:09 | 00,392,865 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelRealRobe.jpg
[2009/05/16 18:03:12 | 00,403,789 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\LeafsongandAphel.jpg
[2009/05/16 17:27:02 | 00,921,654 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Land and Water.bmp
[2009/05/16 15:57:00 | 00,024,545 | ---- | M] () -- C:\url.htm
[2009/05/16 15:19:36 | 00,152,102 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_post_1.jpg
[2009/05/15 22:26:01 | 00,323,921 | ---- | M] () -- C:\Leafsongandaphel.jpg
[2009/05/14 18:50:04 | 00,034,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\File Evilbanner.jpg
[2009/05/14 13:48:56 | 00,076,964 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphel_intro.png
[2009/05/14 13:47:12 | 00,098,995 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evil_Notodo.png
[2009/05/14 13:46:09 | 00,093,879 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Evil_Todo.png
[2009/05/14 13:45:10 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_10.tga
[2009/05/14 12:51:24 | 00,183,610 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Corrupter_Banner.jpg
[2009/05/14 12:43:44 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jad.tga
[2009/05/14 12:37:43 | 00,167,142 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\DominatorBanner.jpg
[2009/05/14 12:34:10 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_8.tga
[2009/05/14 12:33:46 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Aphelhandup.tga
[2009/05/14 12:30:58 | 00,181,332 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\NightElfEvil.jpg
[2009/05/14 12:27:57 | 03,405,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_6.tga
[2009/05/14 12:24:13 | 03,405,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_5.tga
[2009/05/14 12:20:44 | 01,798,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Powwow Sp09.doc
[2009/05/14 12:13:41 | 00,166,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Study Guide Q1 Sp09.doc
[2009/05/14 11:54:35 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AphelDictator.tga
[2009/05/14 11:31:23 | 03,405,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_4.tga
[2009/05/14 11:25:19 | 02,818,890 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\screenshot_3.tga
[2009/05/14 10:26:52 | 00,463,641 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\setup_the_ad_police_v1.0.18.zip
[2009/05/14 10:16:19 | 00,064,931 | ---- | M] () -- C:\2257822111_b7a44baed1.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:23 PM

Posted 13 June 2009 - 11:03 AM

You posted the OTL log twice, but I still need to see the Gmer log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 J.L. Jeremiah

J.L. Jeremiah
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 13 June 2009 - 01:25 PM

Doing the scan right now.

#6 J.L. Jeremiah

J.L. Jeremiah
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 13 June 2009 - 02:01 PM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-13 11:59:57
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT spmo.sys ZwCreateKey [0xB9EA70E0]
SSDT spmo.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spmo.sys ZwEnumerateValueKey [0xB9EC6032]
SSDT spmo.sys ZwOpenKey [0xB9EA70C0]
SSDT spmo.sys ZwQueryKey [0xB9EC610A]
SSDT spmo.sys ZwQueryValueKey [0xB9EC5F8A]
SSDT spmo.sys ZwSetValueKey [0xB9EC619C]

INT 0x73 ? 8A0DFBF8
INT 0x82 ? 8A0DFBF8
INT 0xA4 ? 89BB6BF8
INT 0xA4 ? 89BB6BF8
INT 0xA4 ? 89BB6BF8
INT 0xA4 ? 89BB6BF8

Code 89D06500 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? spmo.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B942162C 5 Bytes JMP 89BB61D8
.text aue6h5g6.SYS A7646386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aue6h5g6.SYS A76463AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aue6h5g6.SYS A76463C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aue6h5g6.SYS A76463C9 1 Byte [30]
.text aue6h5g6.SYS A76463C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[3148] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[3156] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[3164] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spmo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spmo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spmo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spmo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spmo.sys
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\aue6h5g6.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 3CE90043
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D02EE8
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3ADE856
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8A9E8
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021EF5E8
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] FDE8F075
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CE
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] A7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 90E95ECE
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D2F9E856
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] CCE85607
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A7DB8
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E4CE800
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CEC7
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021EF9E8
IAT C:\WINDOWS\System32\svchost.exe[3148] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 3CE90043
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D02EE8
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3ADE856
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8A9E8
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021EF5E8
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] FDE8F075
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CE
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] A7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 90E95ECE
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D2F9E856
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] CCE85607
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A7DB8
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E4CE800
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CEC7
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021EF9E8
IAT C:\WINDOWS\System32\svchost.exe[3156] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 3CE90043
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D02EE8
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3ADE856
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8A9E8
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021EF5E8
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] FDE8F075
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CE
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] A7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 90E95ECE
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D2F9E856
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] CCE85607
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A7DB8
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E4CE800
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CEC7
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021EF9E8
IAT C:\WINDOWS\System32\svchost.exe[3164] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A06D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device \FileSystem\Fastfat \FatCdrom 89ABC1F8
Device \FileSystem\Udfs \UdfsCdRom 899CC500
Device \FileSystem\Udfs \UdfsDisk 899CC500
Device \Driver\NDIS \Device\Ndis [89CE0982] NDIS.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\usbohci \Device\USBPDO-0 89BB51F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A0E01F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A0E01F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A0E01F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A0E01F8
Device \Driver\usbohci \Device\USBPDO-1 89BB51F8
Device \Driver\usbehci \Device\USBPDO-2 89B971F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A0701F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A0701F8
Device \Driver\Cdrom \Device\CdRom0 89B7C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 8A0DF1F8
Device \Driver\atapi \Device\Ide\IdePort0 8A0DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A0DF1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A0DF1F8
Device \Driver\atapi \Device\Ide\IdePort2 8A0DF1F8
Device \Driver\atapi \Device\Ide\IdePort3 8A0DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 8A0DF1F8
Device \Driver\Cdrom \Device\CdRom1 89B7C1F8
Device \Driver\Cdrom \Device\CdRom2 89B7C1F8
Device \Driver\usbstor \Device\00000083 89ABE1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8995A500
Device \Driver\usbstor \Device\00000084 89ABE1F8
Device \Driver\NetBT \Device\NetbiosSmb 8995A500
Device \Driver\usbstor \Device\00000085 89ABE1F8
Device \Driver\sptd \Device\3449503892 spmo.sys
Device \Driver\PCI_PNP3688 \Device\00000093 spmo.sys
Device \Driver\usbstor \Device\00000086 89ABE1F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{BB872FF5-7D9A-42EA-958A-8F64A341566A} 8995A500

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 89BB51F8
Device \Driver\usbohci \Device\USBFDO-1 89BB51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AAC480
Device \Driver\usbehci \Device\USBFDO-2 89B971F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AAC480
Device \Driver\Ftdisk \Device\FtControl 8A0701F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E4898436-7DF6-4914-A21B-938CB4AD171E} 8995A500
Device \Driver\usbstor \Device\0000007f 89ABE1F8
Device \Driver\aue6h5g6 \Device\Scsi\aue6h5g61Port4Path0Target0Lun0 88DDC1F8
Device \Driver\aue6h5g6 \Device\Scsi\aue6h5g61 88DDC1F8
Device \FileSystem\Fastfat \Fat 89ABC1F8

AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 88B6C1F8
Device \FileSystem\Cdfs \Cdfs A739ABCE

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec@hdf12 0xD8 0x30 0xBC 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001@hdf12 0xC8 0x11 0xCD 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001\gdq0@hdf12 0x02 0x5C 0xFE 0x31 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec@hdf12 0xD8 0x30 0xBC 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001@hdf12 0xC8 0x11 0xCD 0x29 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\cfg\14919ea49a8f3b4aa3cf1058d9a64cec\00000001\gdq0@hdf12 0x02 0x5C 0xFE 0x31 ...

#7 J.L. Jeremiah

J.L. Jeremiah
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 13 June 2009 - 02:04 PM

I also forgot to note that windows updater ceases to work, and I've tried to fix it after reading multiple guides, but it tells me that "access is denied" whenever i try to change its startup to automatic, or its mode to 'on'.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:23 PM

Posted 13 June 2009 - 07:47 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\yufizifa.dll) - C:\WINDOWS\system32\yufizifa.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\) - c:\windows\system32 [2009/06/12 06:11:00 | 00,000,000 | ---D | M]
    O20 - AppInit_DLLs: (c:\windows\system32\busogeto.dll) - c:\windows\system32\busogeto.dll File not found
    
    :Files
    C:\WINDOWS\System32\watusero.dll
    C:\WINDOWS\System32\gehufidu.dll
    C:\WINDOWS\System32\nahibozo.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

==================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 J.L. Jeremiah

J.L. Jeremiah
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 15 June 2009 - 09:05 PM

Error: Unable to interpret <CODE> in the current context!
========== OTL ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\yufizifa.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\ deleted successfully.
File c:\windows\system32 [2009/06/12 06:11:00 | 00,000,000 | ---D | M] not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\busogeto.dll deleted successfully.
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\System32\watusero.dll
C:\WINDOWS\System32\watusero.dll NOT unregistered.
C:\WINDOWS\System32\watusero.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\gehufidu.dll
C:\WINDOWS\System32\gehufidu.dll NOT unregistered.
C:\WINDOWS\System32\gehufidu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\nahibozo.dll
C:\WINDOWS\System32\nahibozo.dll NOT unregistered.
C:\WINDOWS\System32\nahibozo.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svjob.tmp\svjpl.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svjob.tmp\svk2h.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\etilqs_s1UUxFqSp2WEIB9h91Kb scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fla179.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1BC9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFAEF5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFD7BE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\unp122882084.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\unp199266400.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_168.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_438.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTL by OldTimer - Version 2.1.1.0 log created on 06152009_185230

Files moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svjob.tmp\svjpl.tmp moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\svjob.tmp\svk2h.tmp moved successfully.
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\etilqs_s1UUxFqSp2WEIB9h91Kb not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fla179.tmp not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hpodvd09.log moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_hphtra07.log moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1BC9.tmp moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFAEF5.tmp moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFD7BE.tmp moved successfully.
File C:\WINDOWS\temp\_avast4_\unp122882084.tmp not found!
File C:\WINDOWS\temp\_avast4_\unp199266400.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_168.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_438.dat not found!

Registry entries deleted on Reboot...


I'll do the Malware Bytes in an hour.

#10 J.L. Jeremiah

J.L. Jeremiah
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 16 June 2009 - 08:29 AM

Malwarebytes' Anti-Malware 1.37
Database version: 2286
Windows 5.1.2600 Service Pack 2

6/16/2009 6:21:41 AM
mbam-log-2009-06-16 (06-21-37).txt

Scan type: Quick Scan
Objects scanned: 95564
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appilnt_dlls (Spyware.Agent.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\796525 (Trojan.BHO) -> No action taken.

Files Infected:
C:\WINDOWS\system32\fairy.an (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\dolman.zt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ashl.nq (Malware.Trace) -> No action taken.
C:\WINDOWS\mqcd.dbt (Malware.Trace) -> No action taken.


Windows Update appears to be working again

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:23 PM

Posted 16 June 2009 - 09:43 AM

Your malwarebytes log shows "no action taken" for all the infected items. I just want to be certain that you did have malwarebytes remove all of those.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 J.L. Jeremiah

J.L. Jeremiah
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 16 June 2009 - 09:57 AM

I did check all, and click 'remove'.

And since the windows security center is showing up, I believe there is some improvement.

Not sure if the updates work yet or not, I'll keep you updated.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:23 PM

Posted 17 June 2009 - 08:45 AM

Ok, I'll wait to hear back from you then post some final steps.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 J.L. Jeremiah

J.L. Jeremiah
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 17 June 2009 - 12:20 PM

Alright, Windows Updates still don't work.

I followed a short online guide on how to re-enable them, and I ran the services.mse process, double clicked on 'Automatic Update', and attempted to set it to begin automatically, but it said "Access Denied".

Hmm

On another note, my internet applications have stopped disconnecting.

So that's some progress :thumbup2:

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:23 PM

Posted 18 June 2009 - 09:18 AM

Download Dial-a-Fix from here.
http://wiki.lunarsoft.net/wiki/Dial-a-fix#...2C_and_articles

Run the tool and check "Fix Windows Update"
This will also check some other boxes, that's ok.
Click Go.

Reboot and check it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users