Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Is My Computer Infected?


  • Please log in to reply
13 replies to this topic

#1 anetrev

anetrev

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:01:23 AM

Posted 28 December 2007 - 05:28 PM

My computer freezes up all the time especailly when my AVG virus scanner is not scanning the computer files, A long time ago it stated something about the System 32 or system files???

Please help me!!!!!!! :thumbsup:

Edited by anetrev, 28 December 2007 - 05:30 PM.

Thank you so much for caring! "Small things determine major decisions"

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:23 AM

Posted 28 December 2007 - 10:19 PM

Hello ,try to run the scan from Safe Mode... How to start Windows in Safe Mode
If you still can't get to safe mode then at least run the SUper scan in normal mode

Now Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop .. DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode:
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.
Reboot PC to Normal.

Please ask any needed questions and Let us know how it went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:01:23 AM

Posted 10 March 2008 - 09:31 PM

BOOPME, I am so sorry that it took me so long to respond........ But here's the information you requested, if you can still help me????


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/30/2007 at 11:59 PM

Application Version : 3.9.1008

Core Rules Database Version : 3370
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 01:32:30

Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 6261
Registry threats detected : 0
File items scanned : 47852
File threats detected : 33

Adware.Tracking Cookie
C:\Documents and Settings\Daevid\Cookies\daevid@fastclick[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@advertising[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@serving-sys[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@hitbox[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@clickshift[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@adrevolver[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@bs.serving-sys[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@2o7[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@specificclick[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ads.pointroll[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@html[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@adrevolver[3].txt
C:\Documents and Settings\Daevid\Cookies\daevid@adlegend[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@atwola[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@cgi-bin[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@adserver[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@casalemedia[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@atdmt[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@overture[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@primedia.us.intellitxt[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@1070132734[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@media.adrevolver[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@1071914328[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@1071323668[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ad.yieldmanager[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@anad.tacoda[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@revsci[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@doubleclick[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@tacoda[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@tribalfusion[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@mediaplex[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@apmebf[2].txt



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/09/2008 at 10:04 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1391

Scan type : Complete Scan
Total Scan Time : 14184:32322:65535

Memory items scanned : 589
Memory threats detected : 0
Registry items scanned : 6936
Registry threats detected : 0
File items scanned : 24164
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\Daevid\Cookies\daevid@fastclick[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@advertising[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@hitbox[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@2o7[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@media6degrees[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ads.pointroll[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ads.stardoll[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ehg-nestleusainc.hitbox[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ar.atwola[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@trafficmp[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@cadburyschweppesamericas.112.2o7[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ehg-nestlepurinapetcare.hitbox[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@www.burstnet[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@atwola[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@rotator.adjuggler[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ads.revsci[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@casalemedia[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@atdmt[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@adjuggler[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@adinterax[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ad.yieldmanager[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@revsci[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@doubleclick[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@tacoda[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@tribalfusion[2].txt
C:\Documents and Settings\Daevid\Cookies\daevid@mediaplex[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@ad.us-ec.adtechus[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@apmebf[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@richmedia.yahoo[1].txt
C:\Documents and Settings\Daevid\Cookies\daevid@rotator.adjuggler[1].txt
Thank you so much for caring! "Small things determine major decisions"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:23 AM

Posted 10 March 2008 - 10:15 PM

Hi welcome back and sure we'll help. Seems that there were only fairly harmless cookies. Is the PC still shutting down or freezing.
What is the Operating System (XP,2000 etc...)?

especailly when my AVG virus scanner is not scanning

Was that correct? ( The NOT scanning part?)

Also please read this topic Slow Computer?, Use this troubleshooting checklist

What are your symtoms ,it may not be malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:01:23 AM

Posted 10 March 2008 - 11:39 PM

Yes it is, the OS is Platform: Windows XP SP2 (WinNT 5.01.2600)

It restarts by itself, the system freezes up and I have to restart it, my cd/dvd drives were MIA for a week, until I got them back now I'm getting the I/O device error, I used to have 1GB of Memory now it reads 723,000 or something I Know that nearly 300,000 bytes are missing, my AOL Icon disappears when I try to click on it, SUPERSpyware finds too many spyware cookies when I surf the web, . I can't even run the scan disk program because it freezes up in the middle of the scan!!!! I used to get the message NTDLR missing a while back. A couple of months ago AVG found two trojan horses on my computer: Dropper.Agent.GCI & PSW.Ldpinch.SDK ????????????? Please tell me what I need to do to get my old computer back before I lose my mind!
Thank you so much for caring! "Small things determine major decisions"

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 11 March 2008 - 01:30 PM

The symptoms you describe could be malware related or they could be due to hardware or overheating problems caused by a failed processor fan, bad memory (RAM), failing power supply, underpowered power supply, CPU overheating, motherboard, video card, faulty drivers, BIOS and firmware problems, dirty hardware, etc. If the computer is overheating, it usually begins to restart on a more regular basis.

However, some rootkits can also trigger BSODs, shutdowns and error messages so download and scan with AVG Anti-Rootkit, Sophos Anti-rootkit or Panda AntiRootkit.zip.

Then print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply.

If your not finding any malware then its sounds like the latter problem.

In Windows XP, the default setting is for the computer to reboot automatically when a fatal error or crash occurs. You should be able to see the error by looking in the Event Log. Read "How To Use the Event Viewer Applet". You can then gather more information doing a search of the Event ID number at:
"EventID.Net"
"MonitorWare EventID Database"
"Top 50 Viewed Events"
"Windows Security Log Events".
"Events and Errors Message Center".

An alternative is to turn off the automatic reboot feature so you can actually see the error code/STOP Message when it happens - this is also known as the Blue Screen Of Death (BSOD).

To change the recovery settings and Disable Automatic Rebooting, go to Start > Run and type: sysdm.cpl
Click Ok or just press WINKEY + Pause/Break keys to bring up System Properties.
  • Go to the Advanced tab and under "Startup and Recovery", click on the "Settings" button and go to "System failure".
  • Make sure "Write an event to the system log" is checked and that "Automatically restart" is UNchecked.
  • Click "OK" and reboot for the changes to take effect.
Doing this won't cure your problem but instead of crashing and restarting you will get a blue diagnostic screen with an error code and other information that will allow you to better trace your problem. You can use Google to search the error code, use the links below to investigate and troubleshoot or post the information back here if so we can assist you.

"Extract troubleshooting info from Windows XP BSOD error messages".
"How to Find BSOD Error Messages".
"Events and Errors Message Center".
"Windows XP Professional Error Messages".
"Troubleshooting Windows Stop Messages".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:01:23 AM

Posted 15 March 2008 - 01:32 PM

Here is the information that you requested... I hope that you can help me. Thanks for the previous reply.


System Report
*************

Run on Thu 03/13/2008 at 07:56 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [164]
\??\C:\WINDOWS\system32\csrss.exe [212]
\??\C:\WINDOWS\system32\winlogon.exe [236]
C:\WINDOWS\system32\services.exe [280]
C:\WINDOWS\system32\lsass.exe [292]
C:\WINDOWS\system32\svchost.exe [452]
C:\WINDOWS\system32\svchost.exe [496]
C:\WINDOWS\system32\svchost.exe [536]
C:\WINDOWS\Explorer.EXE [780]


Drivers - Running:

ACPI
atapi
AVG
AvgArCln
AvgClean
Beep
catchme
Cdfs
Cdrom
Disk
dmio
dmload
Fastfat
Fdc
Flpydisk
FltMgr
Ftdisk
i8042prt
Imapi
isapnp
itchfltr
Kbdclass
KSecDD
Mouclass
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
pxark
rdpdr
redbook
sr
swenum
TermDD
Update
usbehci
usbhub
usbohci
usbprint
usbuhci
VgaSave
viaagp
ViaIde
VolSnap


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
AFD
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
Aspi32
AsyncMac
Atdisk
ati2mtaa
atinrvxx
Atmarpc
ATMhelpr
audstub
Avg7Core
Avg7RsW
Avg7RsXP
AvgTdi
BANTExt
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmdIde
cmuda
Cpqarray
dac960nt
dmboot
DMusic
dpK0Bx01
dpti2o
drmkaud
Edspport
Eplpdx02
FETND5BV
FETNDIS
Fips
gameenum
Gpc
HidUsb
hpn
HTTP
i2omgmt
i2omp
ini910u
IntelIde
intelppm
ip6fw
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
kbdhid
kmixer
lbrtfdc
LCcfltr
mnmdd
Modem
MODEMCSA
mouhid
MQAC
mraid35x
MRxDAV
MRxSmb
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
MVDCODEC
NABTSFEC
NdisIP
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
Processor
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
RMCAST
SASDIFSV
SASENUM
SASKUTIL
Secdrv
serenum
Serial
Sfloppy
Simbad
SLIP
Sparrow
splitter
SQTECH905C
Srv
streamip
swmidi
symc810
symc8xx
SymEvent
sym_hi
sym_u3
sysaudio
Tcpip
Tcpip6
TDPIPE
TDTCP
TosIde
tunmp
TVICHW32
Udfs
ultra
usbccgp
UsbdpFP
USBSTOR
vmm
VPCNetS2
Wanarp
wanatw
WDICA
wdmaud
WSTCODEC


Services - Running:

CryptSvc
DcomLaunch
dmserver
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt


Services - Stopped:

6to4
Alerter
ALG
AOL
AppMgmt
aspnet_state
Ati
AudioSrv
Avg7Alrt
Avg7UpdSvc
AVGEMS
BITS
Browser
CiSvc
ClipSrv
COMSysApp
Dhcp
dmadmin
Dnscache
ERSvc
EventSystem
FastUserSwitchingCompatibility
gusvc
HidServ
HTTPFilter
IDriverT
IISADMIN
ImapiService
lanmanserver
lanmanworkstation
LmHosts
MDM
Messenger
mnmsrvc
MSDTC
MSIServer
MSMQ
MSMQTriggers
NetDDE
NetDDEdsdm
Netlogon
Netman
Nla
NtLmSsp
NtmsSvc
Pml
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SamSs
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
SMTPSVC
SNMP
SNMPTRAP
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TlntSvr
TrkWks
UMWdf
upnphost
UPS
usnjsvc
VSS
W32Time
W3SVC
WANMiniportService
WebClient
WLSetupSvc
WmdmPmSN
Wmi
WmiApSrv
wscsvc
wuauserv
WZCSVC
xmlprov


Files Created/Modified - 60 Days:


C:\

Jan 18 2008 3:18:04p 211 A..H. "C:\boot.ini"
Mar 13 2008 7:45:08p 805,306,368 A.SH. "C:\pagefile.sys"
Mar 11 2008 7:08:42p 244 A..H. "C:\sqmnoopt12.sqm"
Mar 12 2008 1:33:24p 244 A..H. "C:\sqmnoopt13.sqm"
Mar 10 2008 9:31:40p 244 A..H. "C:\sqmnoopt10.sqm"
Mar 11 2008 1:07:56a 244 A..H. "C:\sqmnoopt11.sqm"
Mar 12 2008 4:57:42p 244 A..H. "C:\sqmnoopt16.sqm"
Mar 12 2008 5:43:52p 244 A..H. "C:\sqmnoopt17.sqm"
Mar 12 2008 1:36:54p 244 A..H. "C:\sqmnoopt14.sqm"
Mar 12 2008 1:50:24p 244 A..H. "C:\sqmnoopt15.sqm"
Mar 7 2008 10:10:50p 244 A..H. "C:\sqmnoopt06.sqm"
Mar 8 2008 2:53:48a 244 A..H. "C:\sqmnoopt07.sqm"
Mar 13 2008 6:45:56p 244 A..H. "C:\sqmnoopt04.sqm"
Mar 13 2008 7:43:28p 244 A..H. "C:\sqmnoopt05.sqm"
Mar 13 2008 12:59:24a 244 A..H. "C:\sqmnoopt18.sqm"
Mar 13 2008 1:36:22p 244 A..H. "C:\sqmnoopt19.sqm"
Mar 9 2008 1:02:18a 244 A..H. "C:\sqmnoopt08.sqm"
Mar 9 2008 11:47:24p 244 A..H. "C:\sqmnoopt09.sqm"
Mar 10 2008 9:31:42p 268 A..H. "C:\sqmdata10.sqm"
Mar 12 2008 1:36:54p 268 A..H. "C:\sqmdata14.sqm"
Mar 13 2008 6:45:56p 268 A..H. "C:\sqmdata04.sqm"
Mar 13 2008 12:59:24a 268 A..H. "C:\sqmdata18.sqm"
Mar 9 2008 1:02:18a 268 A..H. "C:\sqmdata08.sqm"
Mar 11 2008 1:07:56a 268 A..H. "C:\sqmdata11.sqm"
Mar 12 2008 1:50:24p 232 A..H. "C:\sqmdata15.sqm"
Mar 13 2008 7:43:28p 268 A..H. "C:\sqmdata05.sqm"
Mar 13 2008 1:36:22p 268 A..H. "C:\sqmdata19.sqm"
Mar 9 2008 11:47:24p 268 A..H. "C:\sqmdata09.sqm"
Mar 11 2008 7:08:42p 268 A..H. "C:\sqmdata12.sqm"
Mar 12 2008 4:57:42p 268 A..H. "C:\sqmdata16.sqm"
Mar 7 2008 10:10:50p 268 A..H. "C:\sqmdata06.sqm"
Mar 12 2008 1:33:24p 268 A..H. "C:\sqmdata13.sqm"
Mar 12 2008 5:43:52p 268 A..H. "C:\sqmdata17.sqm"
Mar 8 2008 2:53:48a 268 A..H. "C:\sqmdata07.sqm"
May 3 2008 8:08:30p 268 A..H. "C:\sqmdata00.sqm"
Mar 13 2008 3:50:26p 268 A..H. "C:\sqmdata01.sqm"
Mar 13 2008 3:57:14p 232 A..H. "C:\sqmdata02.sqm"
Mar 13 2008 3:57:14p 172 A..H. "C:\sqmdata03.sqm"
May 3 2008 8:08:28p 244 A..H. "C:\sqmnoopt00.sqm"
Mar 13 2008 3:50:26p 244 A..H. "C:\sqmnoopt01.sqm"
Mar 13 2008 3:57:14p 244 A..H. "C:\sqmnoopt02.sqm"
Mar 13 2008 3:57:14p 172 A..H. "C:\sqmnoopt03.sqm"


C:\WINDOWS\

Mar 13 2008 7:18:42p 0 A.... "C:\WINDOWS\0.log"
Mar 13 2008 7:45:30p 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Mar 7 2008 4:39:10p 1,148 A.... "C:\WINDOWS\cdplayer.ini"
Feb 21 2008 11:16:50p 90,112 A.... "C:\WINDOWS\DUMPb239.tmp"
Feb 24 2008 1:42:08p 1,898 A.... "C:\WINDOWS\ModemLog_Broadxent DSI V.92 PCI DI3631.txt"
Mar 12 2008 5:10:38p 233 A.... "C:\WINDOWS\MPLAYER.INI"
Mar 1 2008 7:43:06p 116 A.... "C:\WINDOWS\NeroDigital.ini"
Mar 13 2008 7:45:58p 267,386 A.... "C:\WINDOWS\ntbtlog.txt"
Mar 13 2008 7:43:46p 32,656 A.... "C:\WINDOWS\SchedLgU.Txt"
Mar 9 2008 10:03:28p 60 A.... "C:\WINDOWS\setupact.log"
Mar 7 2008 6:11:44p 40,982 A.... "C:\WINDOWS\setupapi.log"
Mar 9 2008 10:03:28p 0 A.... "C:\WINDOWS\setuperr.log"
Jan 18 2008 3:18:04p 227 A.... "C:\WINDOWS\system.ini"
Mar 13 2008 7:43:44p 216 A.... "C:\WINDOWS\wiadebug.log"
Mar 13 2008 7:43:44p 49 A.... "C:\WINDOWS\wiaservc.log"
Mar 13 2008 7:25:12p 507 A.... "C:\WINDOWS\win.ini"
Mar 13 2008 7:43:30p 1,867,691 A.... "C:\WINDOWS\WindowsUpdate.log"
Mar 13 2008 2:52:14p 24,040 A.... "C:\WINDOWS\wmsetup.log"
Feb 25 2008 6:11:42p 73,728 A.... "C:\WINDOWS\3A4FFB84D0704DA5AB7BD41D87FD8D19.TMP\WiseCustomCalla.dll"
Feb 25 2008 6:11:42p 81,920 A.... "C:\WINDOWS\3A4FFB84D0704DA5AB7BD41D87FD8D19.TMP\WiseCustomCalla1.dll"
Mar 13 2008 7:43:42p 64 A.S.. "C:\WINDOWS\CSC\00000001"
Mar 13 2008 4:15:46p 64 A.S.. "C:\WINDOWS\CSC\00000002"
Mar 13 2008 1:49:00p 64 A.S.. "C:\WINDOWS\CSC\csc1.tmp"
Mar 13 2008 7:45:32p 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
Jan 15 2008 11:04:54p 241 A.... "C:\WINDOWS\Downloaded Program Files\CabSA.inf"
Feb 28 2008 1:19:52p 239 A.... "C:\WINDOWS\Downloaded Program Files\driveragent.inf"
Feb 28 2008 1:19:52p 509,400 A.... "C:\WINDOWS\Downloaded Program Files\driveragent.ocx"
Jan 15 2008 11:12:48p 296,336 A.... "C:\WINDOWS\Downloaded Program Files\rufsi.dll"
Feb 21 2008 1:13:04a 4,100 A.... "C:\WINDOWS\inf\branches.PNF"
Feb 14 2008 7:42:04p 4,860 A.... "C:\WINDOWS\inf\d3dx9_32_x86.PNF"
Feb 21 2008 1:13:06a 1,522,880 A.... "C:\WINDOWS\inf\INFCACHE.1"
Jan 25 2008 11:45:40p 6,944 A.... "C:\WINDOWS\inf\LameACM.PNF"
Jan 25 2008 11:45:40p 6,664 A.... "C:\WINDOWS\inf\swflash.PNF"
Jan 25 2008 11:45:40p 6,244 A.... "C:\WINDOWS\inf\wmad.PNF"
Jan 25 2008 11:45:40p 3,988 A.... "C:\WINDOWS\inf\wmsetsdk.PNF"
Jan 25 2008 11:45:40p 10,428 A.... "C:\WINDOWS\inf\wpdmtp.PNF"
Mar 2 2008 11:27:58p 90,112 A.... "C:\WINDOWS\Minidump\Mini030208-01.dmp"
Mar 7 2008 8:28:22p 90,112 A.... "C:\WINDOWS\Minidump\Mini030708-01.dmp"
Mar 9 2008 7:33:38p 90,112 A.... "C:\WINDOWS\Minidump\Mini030908-01.dmp"
Mar 9 2008 10:14:18p 90,112 A.... "C:\WINDOWS\Minidump\Mini030908-02.dmp"
Feb 28 2008 6:05:00p 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1279C88A-A64D-4EB2-BD01-968363BB1D56}.crmlog"
Mar 11 2008 12:54:12a 8,192 A.... "C:\WINDOWS\security\edb.chk"
Mar 11 2008 12:54:12a 1,048,576 A.... "C:\WINDOWS\security\edb.log"
Jan 28 2008 6:45:06p 1,048,576 A.... "C:\WINDOWS\security\res1.log"
Jan 28 2008 6:45:06p 1,048,576 A.... "C:\WINDOWS\security\res2.log"
Mar 2 2008 10:05:16p 340 A.... "C:\WINDOWS\system\cmicnfg.ini"
Mar 6 2008 12:35:54a 114,429 A.... "C:\WINDOWS\system32\AdobeFnt.lst"
Feb 20 2008 1:26:56p 203,776 A.... "C:\WINDOWS\system32\clrviddc.dll"
Feb 14 2008 4:13:02p 259,744 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Feb 14 2008 7:43:04p 28,544 A.... "C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT"
Jan 21 2008 1:54:12a 1,406 A.... "C:\WINDOWS\system32\Help.ico"
Jan 30 2008 10:10:42p 45 A.... "C:\WINDOWS\system32\mapisvc.inf"
Feb 4 2008 7:09:46p 18,214,008 A.... "C:\WINDOWS\system32\MRT.exe"
Mar 9 2008 7:17:30p 74,140 A.... "C:\WINDOWS\system32\perfc009.dat"
Mar 9 2008 7:17:30p 443,134 A.... "C:\WINDOWS\system32\perfh009.dat"
Mar 9 2008 7:17:28p 523,236 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
Jan 14 2008 6:01:16p 1,629 A.... "C:\WINDOWS\system32\qtplugin.log"
Feb 12 2008 6:42:42p 1,409 A.... "C:\WINDOWS\system32\tmp16572.FOT"
Feb 12 2008 6:42:44p 1,409 A.... "C:\WINDOWS\system32\tmp28872.FOT"
Feb 12 2008 6:42:40p 1,409 A.... "C:\WINDOWS\system32\tmp4DD62.FOT"
Feb 12 2008 6:42:44p 1,409 A.... "C:\WINDOWS\system32\tmpD5B72.FOT"
Feb 12 2008 6:42:44p 1,409 A.... "C:\WINDOWS\system32\tmpD7972.FOT"
Jan 21 2008 1:54:12a 2,550 A.... "C:\WINDOWS\system32\Uninstall.ico"
Mar 4 2008 4:46:16p 2,206 A.... "C:\WINDOWS\system32\wpa.dbl"
Mar 13 2008 6:48:04p 256 A.... "C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
Mar 9 2008 10:28:34p 404 A.... "C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
Mar 7 2008 7:29:38p 410 A.... "C:\WINDOWS\Tasks\Norton Security Scan.job"
Mar 13 2008 7:43:46p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Mar 13 2008 7:18:48p 414 A.... "C:\WINDOWS\Tasks\Symantec NetDetect.job"
May 3 2008 10:25:18p 424 A..H. "C:\WINDOWS\Tasks\User_Feed_Synchronization-{D86FBA6C-0A74-46A1-83BC-A6E0E29398EA}.job"
Mar 13 2008 7:46:38p 15,593 A.... "C:\WINDOWS\Temp\scs3.tmp"
Mar 13 2008 7:45:50p 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
Mar 13 2008 7:23:44p 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
Mar 13 2008 7:29:16p 16,384 A.... "C:\WINDOWS\Temp\~DF578B.tmp"
Mar 6 2008 12:36:02a 45 A.... "C:\WINDOWS\twain_32\pathinfo.ini"
Feb 15 2008 9:02:26p 10,840 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.inf"
Feb 15 2008 9:02:22p 370 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.txt"
Feb 16 2008 9:02:38p 10,922 A.... "C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.inf"
Feb 16 2008 9:02:28p 359 A.... "C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.txt"
Feb 15 2008 9:02:16p 10,809 A.... "C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.inf"
Feb 15 2008 9:02:08p 378 A.... "C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.txt"
Feb 14 2008 7:36:16p 42,018 A.... "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.inf"
Feb 14 2008 7:35:10p 300 A.... "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.txt"
Feb 15 2008 9:02:36p 10,913 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.inf"
Feb 15 2008 9:02:34p 368 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.txt"
Mar 13 2008 7:45:28p 256,978 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
Feb 18 2008 9:08:24p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00002"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00003"
Feb 18 2008 9:08:26p 94,208 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00004"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00005"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00006"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00007"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00008"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00009"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00010"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00011"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00012"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00013"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00014"
Feb 18 2008 9:08:26p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00015"
Feb 18 2008 9:08:26p 16,384 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00016"
Jan 18 2008 3:25:54p 3,153,920 A.... "C:\WINDOWS\security\Database\secedit.sdb"
Mar 13 2008 12:16:30a 10,752 A.... "C:\WINDOWS\system32\drivers\pxark.sys"
Mar 13 2008 7:43:46p 219,268 A.... "C:\WINDOWS\system32\inetsrv\MetaBase.bin"
Feb 14 2008 1:50:20p 52,227 A.... "C:\WINDOWS\twain_32\MyDSC2\ipf.ini"
Mar 13 2008 7:28:52p 1,451 A.... "C:\WINDOWS\wt\updater\wt.ini"
Mar 13 2008 4:38:42p 6,411 A.... "C:\WINDOWS\wt\updater\wtlog.txt"
Mar 13 2008 7:30:08p 35 A.... "C:\WINDOWS\wt\webdriver\export.dat"
Feb 18 2008 9:09:18p 22,842 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.inf"
Feb 18 2008 9:08:26p 7,811 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.txt"
Feb 21 2008 1:13:58a 838 A.... "C:\WINDOWS\PCHealth\HelpCtr\Logs\helpctr.log"
Feb 14 2008 8:29:24p 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"
Feb 18 2008 9:09:18p 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
Mar 13 2008 7:11:00p 686 A.... "C:\WINDOWS\system32\drivers\etc\HOSTS"
Mar 6 2008 3:38:48a 4,800,264 A.... "C:\WINDOWS\system32\ElectricSheep\mpeg\00202=13238=13238=13238.mpg"
Mar 9 2008 11:11:46p 1,310,720 A.... "C:\WINDOWS\system32\ElectricSheep\mpeg\00202=13750=13691=13702.mpg.tmp"
Mar 13 2008 7:23:48p 11 A.... "C:\WINDOWS\system32\ElectricSheep\mpeg\id"
Mar 6 2008 4:00:14a 9,844 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3302.torrent"
Mar 6 2008 3:59:54a 9,761 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3303.torrent"
Mar 6 2008 3:58:40a 9,824 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3304.torrent"
Mar 6 2008 3:57:54a 9,784 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3305.torrent"
Mar 6 2008 3:56:58a 9,824 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3306.torrent"
Mar 6 2008 3:56:14a 9,427 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3307.torrent"
Mar 6 2008 3:54:48a 9,844 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3308.torrent"
Mar 6 2008 3:53:28a 9,824 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3309.torrent"
Mar 6 2008 3:52:30a 9,824 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3310.torrent"
Mar 6 2008 3:51:22a 9,644 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3311.torrent"
Mar 6 2008 3:44:32a 9,744 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3312.torrent"
Mar 6 2008 3:44:00a 9,584 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3313.torrent"
Mar 6 2008 3:42:56a 9,724 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3314.torrent"
Feb 28 2008 7:12:16p 9,844 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3315.torrent"
Feb 28 2008 7:11:08p 9,564 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3316.torrent"
Feb 28 2008 7:10:46p 9,584 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3317.torrent"
Feb 28 2008 7:10:38p 9,704 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3318.torrent"
Feb 28 2008 7:10:24p 9,564 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3319.torrent"
Feb 28 2008 7:10:16p 9,784 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3320.torrent"
Feb 28 2008 7:10:08p 9,447 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3321.torrent"
Feb 28 2008 7:09:58p 9,804 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3322.torrent"
Feb 28 2008 7:09:50p 9,644 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3323.torrent"
Feb 28 2008 7:09:42p 9,824 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3324.torrent"
Feb 28 2008 7:09:34p 9,784 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3325.torrent"
Feb 28 2008 7:09:24p 9,427 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3326.torrent"
Feb 28 2008 7:09:18p 9,427 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3327.torrent"
Feb 28 2008 7:09:06p 9,804 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3328.torrent"
Feb 28 2008 7:09:00p 9,484 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3329.torrent"
Feb 27 2008 12:58:00a 9,504 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3330.torrent"
Feb 27 2008 12:57:52a 9,684 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3331.torrent"
Feb 27 2008 12:57:40a 9,784 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3332.torrent"
Feb 27 2008 12:57:32a 9,704 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3333.torrent"
Feb 27 2008 12:57:22a 9,524 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3334.torrent"
Feb 27 2008 12:57:12a 9,447 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3335.torrent"
Feb 28 2008 7:08:48p 9,740 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3336.torrent"
Mar 9 2008 11:11:38p 4,555 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337.res"
Feb 28 2008 7:08:16p 9,764 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337.torrent"
Mar 6 2008 3:40:30a 9,484 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3338.torrent"
Mar 6 2008 3:39:24a 9,704 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3339.torrent"
Mar 6 2008 3:38:38a 9,524 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3340.torrent"
Mar 6 2008 3:36:46a 9,824 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3341.torrent"
Mar 3 2008 12:46:58a 9,624 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3342.torrent"
Mar 6 2008 3:35:18a 9,684 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3343.torrent"
Mar 6 2008 3:28:06a 9,801 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3344.torrent"
Mar 6 2008 3:26:40a 9,804 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3345.torrent"
Mar 6 2008 2:54:54a 9,484 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3346.torrent"
Mar 7 2008 10:48:12p 9,604 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3347.torrent"
Mar 7 2008 10:48:04p 9,740 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3348.torrent"
Mar 9 2008 11:07:20p 9,781 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3350.torrent"
Mar 9 2008 11:07:12p 9,841 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3351.torrent"
Mar 13 2008 3:38:14p 0 A.... "C:\WINDOWS\system32\ElectricSheep\xml\cp_0.xml"
Mar 13 2008 3:40:50p 0 A.... "C:\WINDOWS\system32\ElectricSheep\xml\cp_0.gzip"
Mar 9 2008 11:07:06p 100,188 A.... "C:\WINDOWS\system32\ElectricSheep\xml\list.xml"
Mar 13 2008 7:23:48p 0 A.... "C:\WINDOWS\system32\ElectricSheep\xml\list.gzip"
Jan 15 2008 8:00:02p 197 A.... "C:\WINDOWS\system32\Logfiles\W3SVC1\ex080115.log"
Feb 16 2008 1:37:14p 65,536 A.... "C:\WINDOWS\system32\Logfiles\W3SVC1\ex080216.log"
Feb 28 2008 6:05:04p 65,536 A.... "C:\WINDOWS\system32\Logfiles\W3SVC1\ex080228.log"
Mar 13 2008 7:44:04p 24,576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"
Mar 13 2008 7:43:44p 12 A.... "C:\WINDOWS\system32\msmq\storage\MQInSeqs.lg1"
Mar 13 2008 7:18:34p 12 A.... "C:\WINDOWS\system32\msmq\storage\MQInSeqs.lg2"
Mar 13 2008 7:43:44p 36 A.... "C:\WINDOWS\system32\msmq\storage\MQTrans.lg1"
Mar 13 2008 7:18:34p 36 A.... "C:\WINDOWS\system32\msmq\storage\MQTrans.lg2"
Mar 13 2008 7:39:00p 4,019 A.... "C:\WINDOWS\wt\wtupdates\wtupdater\appinfo.dat"
Feb 28 2008 7:13:46p 4,784,248 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13459=13112=13453.mpg"
Feb 28 2008 7:13:46p 4,804,152 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13445=13069=13439.mpg"
Feb 28 2008 7:13:46p 4,768,921 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13465=13465=13465.mpg"
Feb 28 2008 7:13:46p 4,794,615 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13446=13439=13236.mpg"
Mar 6 2008 3:38:48a 4,800,264 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13238=13238=13238.mpg"
Mar 9 2008 11:11:38p 4,793,183 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13240=13240=13240.mpg"
Mar 6 2008 6:12:14a 4,794,905 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13241=13241=13241.mpg"
Feb 28 2008 7:13:46p 4,785,843 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13242=13242=13242.mpg"
Feb 28 2008 7:13:46p 4,738,463 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13457=13286=13452.mpg"
Feb 28 2008 7:13:46p 4,561,738 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13437=13238=13175.mpg"
Feb 28 2008 7:13:46p 4,778,909 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13451=13241=13230.mpg"
Feb 28 2008 7:13:46p 4,794,431 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13439=13439=13439.mpg"
Feb 28 2008 7:13:46p 4,718,959 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13436=13167=13239.mpg"
Feb 28 2008 7:13:46p 3,830,654 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13469=13242=13175.mpg"
Feb 28 2008 7:13:46p 4,786,813 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13452=13452=13452.mpg"
Feb 28 2008 7:13:46p 4,752,955 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13435=13271=13238.mpg"
Feb 28 2008 7:13:46p 4,713,915 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13449=13199=13241.mpg"
Feb 28 2008 7:13:46p 4,789,917 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13450=13240=13112.mpg"
Feb 28 2008 7:13:46p 4,798,918 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13448=13213=13240.mpg"
Feb 28 2008 7:13:46p 4,772,957 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13438=13239=13335.mpg"
Feb 28 2008 7:13:46p 4,789,915 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13427=13424=13061.mpg"
Feb 28 2008 7:13:46p 4,791,055 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13433=13232=13425.mpg"
Feb 28 2008 7:13:46p 4,796,943 A.... "C:\WINDOWS\system32\ElectricSheep\torrent\3337\00202=13453=13453=13453.mpg"
Mar 1 2008 7:16:54p 75,066 A.... "C:\WINDOWS\system32\spool\drivers\w32x86\3\HPbc8f8n.cfg"


C:\Program Files\

Feb 20 2008 12:53:06p 100,203 A.... "C:\Program Files\PLAY_MP3.exe"
Jan 18 2008 2:03:18a 74,901,890 A.... "C:\Program Files\Free Windows Registry Cleaner\HKCR.reg"
Mar 6 2008 9:28:38p 40,792 A.... "C:\Program Files\PlayMP3z\uninstall.exe"
Mar 8 2008 1:27:54a 288,256 A.... "C:\Program Files\PrevxCSI\csicore.dll"
Mar 8 2008 1:27:54a 360,448 A.... "C:\Program Files\PrevxCSI\csiLang.dll"
Mar 8 2008 1:27:54a 44,032 A.... "C:\Program Files\PrevxCSI\csiPart.dll"
Mar 8 2008 1:27:54a 100,352 A.... "C:\Program Files\PrevxCSI\PrevxCSI.exe"
Feb 27 2008 2:52:14a 70,924 A.... "C:\Program Files\Registry Mechanic\unins000.dat"
Feb 27 2008 2:51:52a 706,393 A.... "C:\Program Files\Registry Mechanic\unins000.exe"
Feb 24 2008 11:28:30p 125,624 A.... "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
Feb 24 2008 11:28:48p 68,856 A.... "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Mar 13 2008 4:36:24p 1,015,808 A.... "C:\Program Files\Grisoft\AVG7\avgresf.dll"
Feb 24 2008 11:42:12p 74,580 A.... "C:\Program Files\Grisoft\AVG Anti-Rootkit Free\Uninstall.exe"
Feb 3 2008 3:58:16p 77,872 A.... "C:\Program Files\IncrediMail\bin\Im3dU.dll"
Feb 3 2008 3:58:16p 65,586 A.... "C:\Program Files\IncrediMail\bin\ImAnimU.dll"
Feb 3 2008 4:04:14p 148,912 A.... "C:\Program Files\IncrediMail\bin\ImApp.exe"
Feb 3 2008 3:59:50p 65,594 A.... "C:\Program Files\IncrediMail\bin\ImAppRU.dll"
Feb 3 2008 3:59:28p 53,307 A.... "C:\Program Files\IncrediMail\bin\ImBookRU.dll"
Feb 3 2008 3:58:16p 344,114 A.... "C:\Program Files\IncrediMail\bin\ImBookU.dll"
Feb 3 2008 3:58:16p 73,780 A.... "C:\Program Files\IncrediMail\bin\ImComUtlU.dll"
Feb 3 2008 3:59:30p 397,371 A.... "C:\Program Files\IncrediMail\bin\ImFeatRU.dll"
Feb 3 2008 3:58:16p 847,922 A.... "C:\Program Files\IncrediMail\bin\ImFeatU.dll"
Feb 3 2008 3:58:16p 294,964 A.... "C:\Program Files\IncrediMail\bin\ImFoldrsU.dll"
Feb 3 2008 3:58:16p 401,459 A.... "C:\Program Files\IncrediMail\bin\ImImprtU.dll"
Feb 3 2008 3:59:32p 41,020 A.... "C:\Program Files\IncrediMail\bin\ImImprtRU.dll"
Feb 3 2008 3:58:16p 163,890 A.... "C:\Program Files\IncrediMail\bin\ImJunkU.dll"
Feb 3 2008 3:58:16p 77,874 A.... "C:\Program Files\IncrediMail\bin\ImKeysU.dll"
Feb 3 2008 4:04:14p 275,888 A.... "C:\Program Files\IncrediMail\bin\ImLc.exe"
Feb 3 2008 3:59:44p 245,760 A.... "C:\Program Files\IncrediMail\bin\ImLcRU.dll"
Feb 3 2008 3:58:16p 286,770 A.... "C:\Program Files\IncrediMail\bin\ImLookU.dll"
Feb 3 2008 3:58:16p 139,316 A.... "C:\Program Files\IncrediMail\bin\ImLookExU.dll"
Feb 3 2008 4:04:14p 54,656 A.... "C:\Program Files\IncrediMail\bin\ImLpp.exe"
Feb 3 2008 3:58:16p 561,203 A.... "C:\Program Files\IncrediMail\bin\ImMangrU.dll"
Feb 3 2008 3:59:36p 90,172 A.... "C:\Program Files\IncrediMail\bin\ImMangrRU.dll"
Feb 3 2008 3:58:16p 41,010 A.... "C:\Program Files\IncrediMail\bin\ImMapiU.dll"
Feb 3 2008 4:04:14p 206,256 A.... "C:\Program Files\IncrediMail\bin\ImNotfy.exe"
Feb 3 2008 3:58:16p 102,446 A.... "C:\Program Files\IncrediMail\bin\ImNotfyU.dll"
Feb 3 2008 3:59:38p 69,692 A.... "C:\Program Files\IncrediMail\bin\ImNotfyRU.dll"
Feb 3 2008 3:58:16p 53,300 A.... "C:\Program Files\IncrediMail\bin\ImNtUtilU.dll"
Feb 3 2008 4:04:14p 91,576 A.... "C:\Program Files\IncrediMail\bin\ImPackr.exe"
Feb 3 2008 3:59:46p 61,500 A.... "C:\Program Files\IncrediMail\bin\ImPackrRU.dll"
Feb 3 2008 3:58:16p 303,156 A.... "C:\Program Files\IncrediMail\bin\ImParserU.dll"
Feb 3 2008 4:04:14p 95,672 A.... "C:\Program Files\IncrediMail\bin\ImpCnt.exe"
Feb 3 2008 3:59:48p 36,923 A.... "C:\Program Files\IncrediMail\bin\ImpCntRU.dll"
Feb 3 2008 3:58:16p 225,330 A.... "C:\Program Files\IncrediMail\bin\ImServU.dll"
Feb 3 2008 4:04:14p 374,200 A.... "C:\Program Files\IncrediMail\bin\IMSetup.exe"
Feb 3 2008 3:58:58p 69,632 A.... "C:\Program Files\IncrediMail\bin\ImShExtU.dll"
Feb 3 2008 3:58:16p 413,747 A.... "C:\Program Files\IncrediMail\bin\ImSpoolU.dll"
Feb 3 2008 3:59:40p 270,395 A.... "C:\Program Files\IncrediMail\bin\ImSuppRU.dll"
Feb 3 2008 3:58:16p 675,890 A.... "C:\Program Files\IncrediMail\bin\ImSuppU.dll"
Feb 3 2008 3:58:16p 131,123 A.... "C:\Program Files\IncrediMail\bin\ImToolsU.dll"
Feb 3 2008 3:58:16p 622,643 A.... "C:\Program Files\IncrediMail\bin\ImUtilsU.dll"
Feb 3 2008 3:59:42p 127,035 A.... "C:\Program Files\IncrediMail\bin\ImViewRU.dll"
Feb 3 2008 3:58:16p 901,170 A.... "C:\Program Files\IncrediMail\bin\ImViewU.dll"
Feb 3 2008 3:58:16p 118,835 A.... "C:\Program Files\IncrediMail\bin\ImWrappU.dll"
Feb 3 2008 4:04:14p 214,456 A.... "C:\Program Files\IncrediMail\bin\IncMail.exe"
Feb 3 2008 3:59:34p 36,924 A.... "C:\Program Files\IncrediMail\bin\IncMailRU.dll"
Feb 14 2008 3:30:04p 705,920 ..... "C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe"
Jan 14 2008 6:01:16p 106,496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll"
Jan 14 2008 6:01:16p 106,496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll"
Jan 14 2008 6:01:16p 106,496 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll"
Jan 14 2008 6:01:16p 106,496 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll"
Jan 23 2008 6:29:18p 1,571 A.... "C:\Program Files\Private Eye Greatest Unsolved Mysteries\Resource\GameSave.dat"
Jan 19 2008 12:17:26p 60,793 A.... "C:\Program Files\Shareaza Applications\Shareaza MediaBar\Uninstall.exe"
Mar 13 2008 4:36:36p 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
Mar 7 2008 8:06:12p 167,657 A.... "C:\Program Files\TGTSoft\StyleXP\IconTranslate-uninstall.exe"
Mar 7 2008 9:45:34p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Feb 10 2008 7:02:06p 14,730 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_2_10 18_2.reg"
Feb 14 2008 2:38:46p 16,835 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_2_14 13_38.reg"
Jan 18 2008 3:28:46p 561 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_1_18 14_28.reg"
Jan 25 2008 12:57:32a 1,825 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_1_24 23_57.reg"
Jan 23 2008 2:37:40p 3,871 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_1_23 13_37.reg"
Jan 19 2008 11:56:44p 5,071 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_1_19 22_56.reg"
Jan 18 2008 2:07:28a 120,383 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_1_18 1_6.reg"
Jan 18 2008 2:19:32a 18,612 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_1_18 1_19.reg"
Jan 18 2008 2:30:48a 65,120 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_1_18 1_30.reg"
Jan 18 2008 2:09:34p 5,327 A.... "C:\Program Files\3B Software\Windows Registry Repair Pro\backup\Windows Registry Repair Pro_2008_1_18 13_9.reg"
Feb 20 2008 1:26:58p 98,343 A.... "C:\Program Files\Common Files\Real\Codecs\14_43260.dll"
Feb 20 2008 1:26:58p 57,383 A.... "C:\Program Files\Common Files\Real\Codecs\28_83260.dll"
Feb 20 2008 1:26:56p 72,192 A.... "C:\Program Files\Common Files\Real\Codecs\ra32clv1.dll"
Feb 20 2008 1:27:02p 155,648 A.... "C:\Program Files\Common Files\Real\Codecs\ralf.dll"
Feb 20 2008 1:26:58p 352,256 A.... "C:\Program Files\Common Files\Real\Plugins\h261rend.dll"
Feb 24 2008 11:28:34p 138,680 A.... "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Feb 24 2008 11:28:30p 877,056 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\ci.dll"
Feb 24 2008 11:28:30p 125,952 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\cires_en.dll"
Feb 24 2008 11:28:30p 125,624 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\GoogleUpdaterRestartManager.exe"
Feb 24 2008 11:28:30p 125,624 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\GoogleUpdaterSetup.exe"
Feb 24 2008 11:28:30p 666,296 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\GoogleUpdaterInstallMgr.exe"
Feb 24 2008 11:28:30p 187,064 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\GoogleUpdaterAdminPrefs.exe"
Feb 24 2008 11:28:30p 83,968 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll"
Feb 24 2008 11:28:48p 127,472 A.... "C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\gtn.dll"
Feb 24 2008 11:28:46p 654,320 A.... "C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll"
Jan 17 2008 6:16:24p 20,077 A.... "C:\Program Files\ReflexiveArcade\Channels\22870\Channel.dat"
Mar 13 2008 7:24:54p 64 A.... "C:\Program Files\WildTangent\wtupdates\DDCManager\appinfo.dat"
Feb 8 2008 7:00:42p 22,016 A.... "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\pdf2img.dll"
Mar 6 2008 9:48:04p 524,288 A.... "C:\Program Files\Belarc\Advisor\System\Security\HotfixDefs.cax.tmp"
Mar 11 2008 12:48:14a 134,330 A.... "C:\Program Files\Belarc\Advisor\System\tmp\(Dbf).html"
Mar 11 2008 12:48:14a 84,998 A.... "C:\Program Files\Belarc\Advisor\System\tmp\BenchmarkSummary((Dbf)).html"
Feb 24 2008 11:28:30p 5,021 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\eula.htm"
Feb 24 2008 11:28:30p 2,857 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\history.htm"
Feb 24 2008 11:28:30p 7,895 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\installer.htm"
Feb 24 2008 11:28:30p 1,365 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\lm.htm"
Feb 24 2008 11:28:30p 30,555 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\localized_eula.htm"
Feb 24 2008 11:28:30p 5,088 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\maintainer.htm"
Feb 24 2008 11:28:30p 6,735 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\preferences.htm"
Feb 24 2008 11:28:30p 2,470 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\proxy.htm"
Feb 24 2008 11:28:30p 5,084 A.... "C:\Program Files\Google\Google Updater\2.2.1111.1511\HTML\updates.htm"
Feb 20 2008 1:27:02p 155,648 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\ralf.dll"
Feb 20 2008 1:27:00p 65,634 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audiolosslesscodec.dll"
Feb 20 2008 1:27:00p 57,443 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\mpeg4audiopacketizer.dll"
Mar 13 2008 7:43:28p 5,438 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\chandir.dat"
Mar 13 2008 7:43:28p 28,864 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\chn.dat"
Mar 13 2008 4:16:54p 4,032 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\prs.dat"
Mar 13 2008 4:16:54p 2,816 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\prs_die.dat"
Mar 13 2008 4:16:54p 3,232 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\prs_dnd.dat"
Mar 13 2008 4:16:54p 3,008 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\prs_ext.dat"
Mar 13 2008 4:16:54p 3,008 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\prs_rcv.dat"
Jan 27 2008 10:14:20p 60 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\shopping.dat"
Mar 13 2008 4:16:54p 6,050 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\storydb.dat"
Feb 11 2008 11:33:44p 951 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\2474\ChnReg.dat"
Feb 11 2008 11:33:44p 609 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\2474\segrules.dat"
Feb 11 2008 11:33:46p 159 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\2474\Stats.tmp"
Jan 18 2008 1:46:44p 963 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\2474\UserProf.dat"
Feb 11 2008 11:33:04p 983 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\482e\ChnReg.dat"
Feb 25 2008 5:49:24p 5,974 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\482e\segrules.dat"
Feb 25 2008 6:59:46p 159 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\482e\Stats.tmp"
Mar 4 2008 12:50:26a 890 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\482e\UserProf.dat"
Feb 11 2008 11:32:14p 952 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\66\ChnReg.dat"
Feb 11 2008 11:32:16p 6,488 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\66\segrules.dat"
Feb 11 2008 11:32:24p 159 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\66\Stats.tmp"
Mar 13 2008 7:25:00p 1,013 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\66\UserProf.dat"
Feb 11 2008 11:32:14p 957 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\6e51\ChnReg.dat"
Feb 11 2008 11:32:20p 16,438 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\6e51\segrules.dat"
Feb 18 2008 7:39:44p 159 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\6e51\Stats.tmp"
Mar 4 2008 12:50:30a 961 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\6e51\UserProf.dat"
Mar 9 2008 10:15:44p 5,438 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Misc\Backup\chandir.dat"
Jan 20 2008 9:32:16p 26 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\66\14a6fc77\_bw_info.tmp"
Jan 21 2008 12:26:12a 26 A.... "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Daevid\Data\66\a9a3e30\_bw_info.tmp"


Files with hidden attributes:

Fri 9 Nov 2007 4,320 A..H. --- "C:\Temp\t4.bak"
Fri 9 Nov 2007 3,757 A..H. --- "C:\Temp\t4.bak1"
Fri 10 Nov 2006 46,640 A..H. --- "C:\Program Files\AOL 9.0\AOLphx.exe"
Fri 10 Nov 2006 54,832 A..H. --- "C:\Program Files\AOL 9.0\AOLphxex.exe"
Fri 10 Nov 2006 33,328 A..H. --- "C:\Program Files\AOL 9.0\rbm.exe"
Wed 22 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 8 Jan 2008 89,088 ...H. --- "C:\Documents and Settings\Daevid\Desktop\~WRL0002.tmp"
Thu 24 Jan 2008 108,544 ...H. --- "C:\Documents and Settings\Daevid\Desktop\~WRL1812.tmp"
Thu 24 Jan 2008 105,984 ...H. --- "C:\Documents and Settings\Daevid\Desktop\~WRL3202.tmp"
Thu 29 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0001.tmp"
Thu 29 Nov 2007 27,648 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0002.tmp"
Mon 12 Nov 2007 39,424 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0003.tmp"
Thu 29 Nov 2007 27,648 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0004.tmp"
Mon 12 Nov 2007 35,840 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0005.tmp"
Thu 29 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0006.tmp"
Thu 29 Nov 2007 25,088 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0007.tmp"
Thu 29 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0008.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0009.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0010.tmp"
Sun 17 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0083.tmp"
Sun 17 Feb 2008 38,400 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0170.tmp"
Sun 17 Feb 2008 26,112 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0370.tmp"
Thu 29 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0586.tmp"
Sun 17 Feb 2008 30,208 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0700.tmp"
Sun 17 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL0810.tmp"
Sun 17 Feb 2008 35,328 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1222.tmp"
Sun 17 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1248.tmp"
Sun 17 Feb 2008 30,720 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1384.tmp"
Mon 12 Nov 2007 1,134,080 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1393.tmp"
Sun 17 Feb 2008 24,576 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1539.tmp"
Sun 17 Feb 2008 31,232 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1558.tmp"
Sun 17 Feb 2008 29,696 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1723.tmp"
Thu 29 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1779.tmp"
Tue 8 Jan 2008 43,008 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1814.tmp"
Sun 17 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1905.tmp"
Sun 17 Feb 2008 29,696 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1913.tmp"
Sun 17 Feb 2008 36,352 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL1977.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL2200.tmp"
Sun 17 Feb 2008 30,720 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL2241.tmp"
Thu 29 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL2245.tmp"
Thu 29 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL2252.tmp"
Thu 29 Nov 2007 25,088 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL2347.tmp"
Sun 17 Feb 2008 28,160 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL2880.tmp"
Sun 17 Feb 2008 29,184 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL2891.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL2946.tmp"
Sun 17 Feb 2008 32,768 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3047.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3083.tmp"
Mon 12 Nov 2007 66,048 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3195.tmp"
Sun 17 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3229.tmp"
Sun 17 Feb 2008 27,648 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3281.tmp"
Fri 21 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3302.tmp"
Thu 29 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3387.tmp"
Sun 17 Feb 2008 32,768 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3405.tmp"
Fri 21 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3675.tmp"
Sun 17 Feb 2008 26,112 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3859.tmp"
Thu 29 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3935.tmp"
Sun 17 Feb 2008 30,208 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL3967.tmp"
Thu 29 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL4036.tmp"
Sun 17 Feb 2008 36,864 ...H. --- "C:\Documents and Settings\Daevid\My Documents\~WRL4089.tmp"
Wed 22 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\All Users\My Music\License Backup\drmv1key.bak"
Sat 22 Dec 2007 20 A..H. --- "C:\Documents and Settings\All Users\My Music\License Backup\drmv1lic.bak"
Wed 13 Jul 2005 312 A.SH. --- "C:\Documents and Settings\All Users\My Music\License Backup\drmv2key.bak"
Mon 11 Feb 2008 115,712 ...H. --- "C:\Documents and Settings\Daevid\My Documents\SCHOOL STUFF\~WRL0057.tmp"
Mon 11 Feb 2008 113,152 ...H. --- "C:\Documents and Settings\Daevid\My Documents\SCHOOL STUFF\~WRL0165.tmp"
Mon 11 Feb 2008 111,104 ...H. --- "C:\Documents and Settings\Daevid\My Documents\SCHOOL STUFF\~WRL0238.tmp"
Mon 11 Feb 2008 116,224 ...H. --- "C:\Documents and Settings\Daevid\My Documents\SCHOOL STUFF\~WRL0685.tmp"
Mon 11 Feb 2008 113,664 ...H. --- "C:\Documents and Settings\Daevid\My Documents\SCHOOL STUFF\~WRL0704.tmp"
Mon 11 Feb 2008 112,640 ...H. --- "C:\Documents and Settings\Daevid\My Documents\SCHOOL STUFF\~WRL2302.tmp"
Mon 11 Feb 2008 112,640 ...H. --- "C:\Documents and Settings\Daevid\My Documents\SCHOOL STUFF\~WRL3872.tmp"
Mon 11 Feb 2008 109,056 ...H. --- "C:\Documents and Settings\Daevid\My Documents\SCHOOL STUFF\~WRL4031.tmp"
Thu 6 Sep 2007 2,391,944 A..H. --- "C:\WINDOWS\Sdold\Download\40c2135ce9cffcf3bdfeed14e0704266\BIT26.tmp"
Thu 6 Sep 2007 2,562,464 A..H. --- "C:\WINDOWS\Sdold\Download\cb6d6db73a919cea4356201489a54a71\BIT1D.tmp"
Sat 8 Sep 2007 54,807,786 A..H. --- "C:\WINDOWS\Sdold\Download\ff1abc45bb4b51f55d5dd49be852a17a\BIT2C.tmp"
Tue 11 Mar 2008 12,046,821 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5307dd2c105b525b855331f4a4e982f5\BIT2A1.tmp"
Sat 9 Feb 2008 25,755,448 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5de8a2d2234f0d548a5c0d05d076e6d9\BIT208.tmp"
Wed 20 Feb 2008 25,755,448 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5de8a2d2234f0d548a5c0d05d076e6d9\BIT258.tmp"
Thu 13 Dec 2007 2,166,832 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61e8df80e280c83110d78864c8db1a90\BIT868.tmp"
Thu 13 Dec 2007 25,755,448 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf0471ca1f3f12affe6c8fea1ffc6ddb\BIT15C.tmp"
Mon 8 Oct 2007 4,078,592 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT246.tmp"
Wed 5 Mar 2008 23,454,528 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT24B.tmp"
Mon 8 Oct 2007 4,078,592 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT26F.tmp"
Fri 21 Dec 2007 165,232 A..H. --- "C:\Documents and Settings\Daevid\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\0f66ac0b7ccd71faf6da904f29228240\download\BIT7B.tmp"
Thu 6 Sep 2007 69,802 A..H. --- "C:\WINDOWS\Sdold\Download\10f6872bbc91a277e1a9f6fed17525ba\download\BIT67.tmp"
Thu 6 Sep 2007 371,494 A..H. --- "C:\WINDOWS\Sdold\Download\218766960d1465c026412385b0d1d978\download\BIT3.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\286d3f4fe26a9c6ab877183f2e37aa91\download\BIT78.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\299962a31e45d27ead63e99f90e24465\download\BIT69.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\2dde58e204c4be402ccbbcd0b600650e\download\BIT6A.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\5253da9aa0f5d8d6386ba525e94a3d8b\download\BIT6E.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\70a4fbe7217488f673cf5d20367dabc9\download\BIT7D.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\711d4ccc77d9a786c03f7dc2d759053c\download\BIT68.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\71c884b3a348fe876677e718ab666a66\download\BIT76.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\785bc23a82784977fa64552e9bb4a6ab\download\BIT6F.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\8e4e6757368f676a94d0a147edb31832\download\BITC.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\97a9b4183ee83502797f62c2c0b429cf\download\BIT7A.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\a0d45ac61d8a7a5b7faa78852c46bf15\download\BIT4.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\ac3f490121f580bfb62d9d495aa2b215\download\BIT77.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\ad2c2d9dcaaf3288c7042746e49c8114\download\BIT8.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\b5330da089196b346d1ee0676e21afcc\download\BIT79.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\c810b29b22044bd72df654fd63ee0af2\download\BIT3.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\e2306f0216dfc9822a8553f09db95f71\download\BIT7C.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\e995acae9f2591ac009a4ad305efa874\download\BIT6D.tmp"
Thu 6 Sep 2007 0 A..H. --- "C:\WINDOWS\Sdold\Download\fae81cc29bef49249f2d64f8fb9c8b1d\download\BIT6B.tmp"
Thu 13 Dec 2007 1,088,332 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\download\BIT870.tmp"


Catchme:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 19:47:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Program Folders:

C:\Program Files\

3B Software
Adobe
Adobe Type Manager
Ahead
AOL
AOL 9.0
Belarc
Business Card Workshop
CCleaner
C-Media
Common Files
Complete Business Basics
Cosmi
DivX
DVDMagic
Encore Software
Error Repair Professional
EZFace
Form Workshop 500
Free Windows Registry Cleaner
FunWebProducts
Google
Grisoft
Hewlett-Packard
HP
ImageServer
IncrediMail
InstallShield Installation Information
Internet Explorer
ISP50
ISPBAK
Java
Learn2.com
Logitech
Maxis
Messenger
Microsoft ActiveSync
microsoft frontpage
Microsoft Office
Microsoft Reference
Microsoft SQL Server Compact Edition
Microsoft Virtual PC
Microsoft Visual Studio
Microsoft Windows OneCare Live
Movie Maker
Mozilla Firefox
Mp3 My Mp3 2.0
MSN
MSN Gaming Zone
MSXML 6.0
MUSICMATCH
MySpace
MyWebSearch
NetMeeting
Norton Security Scan
Online Services
Outlook Express
PCFriendly
PhotoDeluxe HE 3.0
PlayMP3z
PrevxCSI
Print Workshop 2004 LE
Private Eye Greatest Unsolved Mysteries
ProInvoices
Pure Networks
QuickTime
Real
ReflexiveArcade
Registry Mechanic
Shareaza Applications
Softwin
Stellarium
SUPERAntiSpyware
Symantec
TGTSoft
Trend Micro
Ubisoft
Uninstall Information
Viewpoint
WB01d1se
WildTangent
Windows Live
Windows Live Favorites
Windows Live Toolbar
Windows Media Player
Windows NT
xerox
Yahoo!

C:\Program Files\Common Files\

Adobe
Ahead
AOL
aolback
aolshare
Cosmi
Designer
HP
InstallShield
Java
L&H
Logitech
Microsoft Shared
MSSoap
Nullsoft
ODBC
Real
Scanner
Services
Softwin
SpeechEngines
SWF Studio
Symantec Shared
System
WindowsLiveInstaller
Wise Installation Wizard
xing shared


Add/Remove Programs:

Adobe Flash Player ActiveX
Adobe Shockwave Player
Adobe Type Manager 4.0
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
ATI Display Driver
AVG 7.5
AVG Anti-Rootkit Free
Belarc Advisor 7.2
C-Media WDM Audio Driver
CCleaner (remove only)
Complete Business Basics
DivX Codec
DVDMagic
ElectricSheep 2.6.7b3
Uninstall Broadxent DSI Modem
Family Tree Maker
GAMES Interactive 2
Google Updater
HijackThis 2.0.2
HP Imaging Device Functions 7.0
HP Solution Center 7.0
HP Customer Participation Program 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
IncrediMail Xe
Business Card Workshop
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Lame ACM MP3 Codec
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Logitech Resource Center
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
MSN
MySpaceIM
My Web Search (Zwinky)
Nero Suite
Microsoft National Language Support Downlevel APIs
PCFriendly
Prevx CSI
PlayMP3z
ProInvoices Ver 1.0.0
QuickTime
RealPlayer
Registry Mechanic 7.0
Smart Games Word Puzzles 1 v1.0
Shareaza MediaBar
Shareaza 2.3.1.0
Stellarium 0.9.0
Learn2 Player (Uninstall Only)
Viewpoint Media Player
VIA Rhine-Family Fast Ethernet Adapter
WildTangent Updater
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
WildTangent Channel Manager
Windows Live Toolbar
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
World Book 2001
WildTangent Web Driver
Yahoo! Toolbar
Yahoo! Search Protection
Yahoo! Toolbar
Yahoo! Install Manager
Logitech iTouch Software
MSXML 6.0 Parser (KB933579)
The Sims Deluxe Edition
Windows Live Mail
hph_readme
HPPhotoSmartExpress
Windows Live Photo Gallery
Rhapsody Player Engine
Java™ 6 Update 3
Windows Live Toolbar Extension (Windows Live Toolbar)
hph_software
BufferChm
Norton Security Scan
Adobe® Photoshop® Album Starter Edition 3.0
HPProductAssistant
Windows Live Messenger
Virtual Warfare
Pig Pen
Business Card Workshop
Windows Genuine Advantage v1.3.0254.0
WebReg
eSupportQFolder
Toolbox
EZface ActiveX 210
HP Photosmart Essential
Cosmi File Shredder
CustomerResearchQFolder
Map Button (Windows Live Toolbar)
Windows Live Favorites for Windows Live Toolbar
Form Workshop 500
Status
MyDSC2
Microsoft Virtual PC 2007
Unload
Logitech Desktop Messenger
Microsoft Office XP Professional with FrontPage
Windows Live Writer
Blasterball 2
Print Workshop 2004 LE
Gem Master 2
Highlight Viewer (Windows Live Toolbar)
Windows Live installer
DeviceManagementQFolder
Adobe Reader 7.0.9
Adobe Reader 7.0.5 Language Support
hph_ProductContext
Windows Live Sign-in Assistant
hph_software_req
HP Software Update
D1300_Help
D1300
SolutionCenter
Blasterball Wild
Microsoft .NET Framework 1.1
SUPERAntiSpyware Free Edition
HP Photosmart and Deskjet 7.0 Software
Windows Live Toolbar
TrayApp
PC Attorney
MarketResearch
GEAR 32bit Driver Installer
GTOneCare
Smart Menus (Windows Live Toolbar)
Microsoft SQL Server 2005 Compact Edition [ENU]


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"EssSpkPhone"="essspk.exe"
"AtiPTA"="atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Bart Station"="C:\\Program Files\\ISP50\\BIN\\PPCOLink -STATION"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1199395493\\ee\\AOLSoftware.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DDCActiveMenu"="\"C:\\Program Files\\WildTangent\\DDC\\ActiveMenu\\DDCActiveMenu.exe\" -boot"
"RegistryMechanic"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"AOL Fast Start"="\"C:\\Program Files\\AOL 9.0\\AOL.EXE\" -b"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SAFEBOOT_OPTION REG_SZ MINIMAL

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!
Thank you so much for caring! "Small things determine major decisions"

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 15 March 2008 - 10:41 PM

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • Copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable your anti-virus and other security programs before connecting to the Internet.
Instructions with screenshots if needed.

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:01:23 AM

Posted 18 March 2008 - 09:43 PM

Here's the right information>>>

SDFix: Version 1.156

Run by Daevid on Fri 03/20/2009 at 09:37 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\WGAPLU~1.EXE - Deleted
C:\Documents and Settings\Daevid\Local Settings\Temp\tem2B4.tmp.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net
Rootkit scan 2009-03-20 21:46:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\

firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@

xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz

.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America

Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program

Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program

Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled

:Message Queuing"
"C:\\Program Files\\Common

Files\\Cosmi\\AutoUpdate\\AutoUpdate.exe"="C:\\Program Files\\Common

Files\\Cosmi\\AutoUpdate\\AutoUpdate.exe:*:Enabled:Cosmi AutoUpdate"
"C:\\Program Files\\Network Associates\\VirusScan\\mcconsol.exe"="C:\\Program

Files\\Network Associates\\VirusScan\\mcconsol.exe:*:Enabled:VirusScan

Console"
"C:\\Program Files\\AOL\\RC\\regclient.exe"="C:\\Program

Files\\AOL\\RC\\regclient.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program

Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL

9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common

Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common

Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program

Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System

Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System

Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP

Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware

Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware

Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware

Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America

Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\system32\\ElectricSheep.scr"="C:\\WINDOWS\\system32\\ElectricShe

ep.scr:*:Enabled:ElectricSheep"
"C:\\Program Files\\Common

Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common

Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common

Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common

Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common

Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common

Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Logitech\\Desktop

Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program

Files\\Logitech\\Desktop

Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech

Desktop Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program

Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program

Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program

Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program

Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program

Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program

Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger

(Phone)"
"C:\\Program Files\\Shareaza

Applications\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza

Applications\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America

Online 9.0b\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Ahead\\Nero\\nero.exe"="C:\\Program

Files\\Ahead\\Nero\\nero.exe:*:Enabled:Nero Burning ROM"
"C:\\Documents and Settings\\Daevid\\Local Settings\\Temporary Internet

Files\\Content.IE5\\WBD7P2BD\\incredimail_install[1].exe"="C:\\Documents and

Settings\\Daevid\\Local Settings\\Temporary Internet

Files\\Content.IE5\\WBD7P2BD\\incredimail_install[1].exe:*:Enabled:IncrediMail

Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program

Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program

Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program

Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\CreativesFiles\\Shareaza.exe"="C:\\CreativesFiles\\Shareaza.exe:*:Enabled

:Shareaza Ultimate File Sharing"
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program

Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"="C:\\Program

Files\\IncrediMail\\bin\\ImPackr.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program

Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\

firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@

xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America

Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America

Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program

Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program

Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America

Online 9.0b\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled

:Message Queuing"
"C:\\Program Files\\Logitech\\Desktop

Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program

Files\\Logitech\\Desktop

Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech

Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program

Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program

Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger

(Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 9 Nov 2007 4,320 A..H. --- "C:\Temp\t4.bak"
Fri 9 Nov 2007 3,757 A..H. --- "C:\Temp\t4.bak1"
Fri 10 Nov 2006 46,640 A..H. --- "C:\Program Files\AOL 9.0\AOLphx.exe"
Fri 10 Nov 2006 54,832 A..H. --- "C:\Program Files\AOL

9.0\AOLphxex.exe"
Fri 10 Nov 2006 33,328 A..H. --- "C:\Program Files\AOL 9.0\rbm.exe"
Wed 22 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All

Users\DRM\DRMv1.bak"
Tue 8 Jan 2008 89,088 ...H. --- "C:\Documents and

Settings\Daevid\Desktop\~WRL0002.tmp"
Thu 24 Jan 2008 108,544 ...H. --- "C:\Documents and

Settings\Daevid\Desktop\~WRL1812.tmp"
Thu 24 Jan 2008 105,984 ...H. --- "C:\Documents and

Settings\Daevid\Desktop\~WRL3202.tmp"
Thu 29 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0001.tmp"
Thu 29 Nov 2007 27,648 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0002.tmp"
Mon 12 Nov 2007 39,424 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0003.tmp"
Thu 29 Nov 2007 27,648 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0004.tmp"
Mon 12 Nov 2007 35,840 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0005.tmp"
Thu 29 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0006.tmp"
Thu 29 Nov 2007 25,088 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0007.tmp"
Thu 29 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0008.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0009.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0010.tmp"
Sun 17 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0083.tmp"
Sun 17 Feb 2008 38,400 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0170.tmp"
Sun 17 Feb 2008 26,112 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0370.tmp"
Thu 29 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0586.tmp"
Sun 17 Feb 2008 30,208 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0700.tmp"
Sun 17 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL0810.tmp"
Sun 17 Feb 2008 35,328 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1222.tmp"
Sun 17 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1248.tmp"
Sun 17 Feb 2008 30,720 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1384.tmp"
Mon 12 Nov 2007 1,134,080 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1393.tmp"
Sun 17 Feb 2008 24,576 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1539.tmp"
Sun 17 Feb 2008 31,232 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1558.tmp"
Sun 17 Feb 2008 29,696 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1723.tmp"
Thu 29 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1779.tmp"
Tue 8 Jan 2008 43,008 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1814.tmp"
Sun 17 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1905.tmp"
Sun 17 Feb 2008 29,696 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1913.tmp"
Sun 17 Feb 2008 36,352 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL1977.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL2200.tmp"
Sun 17 Feb 2008 30,720 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL2241.tmp"
Thu 29 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL2245.tmp"
Thu 29 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL2252.tmp"
Thu 29 Nov 2007 25,088 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL2347.tmp"
Sun 17 Feb 2008 28,160 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL2880.tmp"
Sun 17 Feb 2008 29,184 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL2891.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL2946.tmp"
Sun 17 Feb 2008 32,768 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3047.tmp"
Thu 29 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3083.tmp"
Mon 12 Nov 2007 66,048 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3195.tmp"
Sun 17 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3229.tmp"
Sun 17 Feb 2008 27,648 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3281.tmp"
Fri 21 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3302.tmp"
Thu 29 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3387.tmp"
Sun 17 Feb 2008 32,768 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3405.tmp"
Fri 21 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3675.tmp"
Sun 17 Feb 2008 26,112 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3859.tmp"
Thu 29 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3935.tmp"
Sun 17 Feb 2008 30,208 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL3967.tmp"
Thu 29 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL4036.tmp"
Sun 17 Feb 2008 36,864 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\~WRL4089.tmp"
Wed 22 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\All

Users\My Music\License Backup\drmv1key.bak"
Sat 22 Dec 2007 20 A..H. --- "C:\Documents and Settings\All

Users\My Music\License Backup\drmv1lic.bak"
Wed 13 Jul 2005 312 A.SH. --- "C:\Documents and Settings\All

Users\My Music\License Backup\drmv2key.bak"
Mon 11 Feb 2008 115,712 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\SCHOOL STUFF\~WRL0057.tmp"
Mon 11 Feb 2008 113,152 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\SCHOOL STUFF\~WRL0165.tmp"
Mon 11 Feb 2008 111,104 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\SCHOOL STUFF\~WRL0238.tmp"
Mon 11 Feb 2008 116,224 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\SCHOOL STUFF\~WRL0685.tmp"
Mon 11 Feb 2008 113,664 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\SCHOOL STUFF\~WRL0704.tmp"
Mon 11 Feb 2008 112,640 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\SCHOOL STUFF\~WRL2302.tmp"
Mon 11 Feb 2008 112,640 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\SCHOOL STUFF\~WRL3872.tmp"
Mon 11 Feb 2008 109,056 ...H. --- "C:\Documents and Settings\Daevid\My

Documents\SCHOOL STUFF\~WRL4031.tmp"
Thu 6 Sep 2007 2,391,944 A..H. ---

"C:\WINDOWS\Sdold\Download\40c2135ce9cffcf3bdfeed14e0704266\BIT26.tmp"
Thu 6 Sep 2007 2,562,464 A..H. ---

"C:\WINDOWS\Sdold\Download\cb6d6db73a919cea4356201489a54a71\BIT1D.tmp"
Sat 8 Sep 2007 54,807,786 A..H. ---

"C:\WINDOWS\Sdold\Download\ff1abc45bb4b51f55d5dd49be852a17a\BIT2C.tmp"
Fri 20 Mar 2009 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\65f23cd1cfbe0be04b8d1ce16c415b57\BIT

5.tmp"
Fri 20 Mar 2009 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\78473a8c97917f3508141245b98df2da\BIT

7.tmp"
Fri 20 Mar 2009 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\dd397392d6233ca1de156f9f99b59a8a\BIT

3.tmp"
Fri 20 Mar 2009 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\e59e9e2195ce9faa956998934cda28d1\BIT

4.tmp"
Fri 20 Mar 2009 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\fca406e0b2861ed74a38243064e8ed37\BIT

6.tmp"
Fri 21 Dec 2007 165,232 A..H. --- "C:\Documents and

Settings\Daevid\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\0f66ac0b7ccd71faf6da904f29228240\download\BIT7B.tmp

"
Thu 6 Sep 2007 69,802 A..H. ---

"C:\WINDOWS\Sdold\Download\10f6872bbc91a277e1a9f6fed17525ba\download\BIT67.tmp

"
Thu 6 Sep 2007 371,494 A..H. ---

"C:\WINDOWS\Sdold\Download\218766960d1465c026412385b0d1d978\download\BIT3.tmp"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\286d3f4fe26a9c6ab877183f2e37aa91\download\BIT78.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\299962a31e45d27ead63e99f90e24465\download\BIT69.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\2dde58e204c4be402ccbbcd0b600650e\download\BIT6A.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\5253da9aa0f5d8d6386ba525e94a3d8b\download\BIT6E.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\70a4fbe7217488f673cf5d20367dabc9\download\BIT7D.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\711d4ccc77d9a786c03f7dc2d759053c\download\BIT68.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\71c884b3a348fe876677e718ab666a66\download\BIT76.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\785bc23a82784977fa64552e9bb4a6ab\download\BIT6F.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\8e4e6757368f676a94d0a147edb31832\download\BITC.tmp"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\97a9b4183ee83502797f62c2c0b429cf\download\BIT7A.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\a0d45ac61d8a7a5b7faa78852c46bf15\download\BIT4.tmp"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\ac3f490121f580bfb62d9d495aa2b215\download\BIT77.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\ad2c2d9dcaaf3288c7042746e49c8114\download\BIT8.tmp"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\b5330da089196b346d1ee0676e21afcc\download\BIT79.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\c810b29b22044bd72df654fd63ee0af2\download\BIT3.tmp"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\e2306f0216dfc9822a8553f09db95f71\download\BIT7C.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\e995acae9f2591ac009a4ad305efa874\download\BIT6D.tmp

"
Thu 6 Sep 2007 0 A..H. ---

"C:\WINDOWS\Sdold\Download\fae81cc29bef49249f2d64f8fb9c8b1d\download\BIT6B.tmp

"

Finished!
Thank you so much for caring! "Small things determine major decisions"

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 19 March 2008 - 08:45 AM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:01:23 AM

Posted 19 March 2008 - 04:01 PM

Quietman 7
My computer is running so much better!!!! Thank you!!
There's only one thing though my DVD/CD drive is not reading my discs, I can not burn or listen to CDs.
Thank you so much for your help!!
AnetreV
Thank you so much for caring! "Small things determine major decisions"

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 20 March 2008 - 07:20 AM

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
As for the issue with your DVD/CD drive not working properly, I suggest you start a new topic in the hardware forum to get assistance from those who have more knowledge in that area than I do.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 anetrev

anetrev
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CAROLINA
  • Local time:01:23 AM

Posted 21 March 2008 - 10:32 PM

Quietman7
Thank you so much for helping me!!
I created a new restore point like you said, and oh yeah I got my CD/DVD drive playing again I had to go into the device manager and change the file format.
THank U for all you have done.
ANetreV
Thank you so much for caring! "Small things determine major decisions"

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 22 March 2008 - 05:11 AM

Your welcome.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Best Practices - Internet Safety for 2008".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users