Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help analyzing hijackthis log


  • This topic is locked This topic is locked
16 replies to this topic

#1 ant2009

ant2009

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 12 October 2008 - 03:39 PM

hi i had a few viruses on here...i cant remember the names of them...i think i removed them with one of the antivirus programs i have running. I was wonder if you would be able to tell from the hijack log or if anything is wrong with my computer thanks. When ever i load up windows i get a rundll error, some how my taskmanager got disabled at one point, and i was told someone was using that remote access program vncp i think its called on my comp. Also every anitvirus program i use finds tracking cookies that i delete but they come right back..is that normal?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:00 PM, on 10/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1140494536\EE\aolsoftware.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: plentyoftorrents.com Toolbar - {34e460f4-5d42-49ef-bfbc-9a55f34e9a45} - C:\Program Files\plentyoftorrents.com\tbple0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: plentyoftorrents.com Toolbar - {34e460f4-5d42-49ef-bfbc-9a55f34e9a45} - C:\Program Files\plentyoftorrents.com\tbple0.dll
O2 - BHO: {27f55fc0-5b43-feea-6144-2ff2aad73853} - {35837daa-2ff2-4416-aeef-34b50cf55f72} - C:\Windows\system32\uiybwe.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {F94CC5E7-E29D-4BF5-A982-A020BCC01F37} - C:\Windows\system32\qoMfDUkH.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: plentyoftorrents.com Toolbar - {34e460f4-5d42-49ef-bfbc-9a55f34e9a45} - C:\Program Files\plentyoftorrents.com\tbple0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcBRiJC.dll,#1
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140494536\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E301DD3-CC95-4C81-BD4F-163A3CE528BB}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F75E85E-E716-48A5-B83B-A3F3A3A06BF5}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC544D9-5862-4C33-899E-1D3BB87C3B05}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{C79133FF-CC6A-415F-AD60-F9A49661464A}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 9646 bytes

BC AdBot (Login to Remove)

 


#2 ant2009

ant2009
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 17 October 2008 - 11:54 AM

i did a scan with malbytes and got these viruses, how can i get rid of them. thanks

Malwarebytes' Anti-Malware 1.28
Database version: 1269
Windows 6.0.6000

10/16/2008 3:18:34 PM
mbam-log-2008-10-16 (15-18-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118463
Time elapsed: 1 hour(s), 34 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 AM

Posted 22 October 2008 - 03:46 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner. If for some reason you cannot complete this scan, skip it.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.



Post back with:
-the OTViewIt log
-the Kaspersky log

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#4 ant2009

ant2009
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 October 2008 - 10:59 AM

thanks, i just saw this reply right now.
these are the OTviewit scans. I haven't really done anything to my computer since my last post. I think i ran some kind of online vista scan from the microsoft page. I changed some user settings in control panel and deleted viewpoint program. Thats all i can think of. Doing that kaspersky scan right now.

OTViewIt logfile created on: 10/23/2008 11:37:41 AM - Run 3
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Users\ant\Desktop\New Folder
Windows Vista An unknown product (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 19.86% Memory free
2.73 Gb Paging File | 1.51 Gb Available in Paging File | 55.27% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 82.97 Gb Free Space | 54.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: ant
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/02 05:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 05:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/06/20 00:04:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/10/13 14:00:40 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 05:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/08/21 20:41:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
[2008/06/03 22:59:02 | 00,139,264 | ---- | M] () -- C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
[2008/10/12 13:27:02 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/06/03 22:59:02 | 00,139,264 | ---- | M] () -- C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
[2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2006/11/02 05:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 05:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/09/26 16:39:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/09/25 13:20:29 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
[2006/11/02 08:34:02 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
[2008/08/21 20:41:32 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2008/06/29 18:01:01 | 00,052,168 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/06/13 08:05:26 | 16,239,616 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RTHDCPL.exe
[2006/02/20 22:19:09 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
[2008/05/27 10:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2007/05/25 13:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1140494536\EE\aolsoftware.exe
[2008/09/25 13:20:28 | 01,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
[2008/10/09 23:56:42 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/09/26 16:39:56 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2004/10/18 18:42:18 | 00,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
[2006/11/02 05:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/06/02 11:13:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/09 04:01:32 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2008/06/21 08:26:36 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/09/26 16:39:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/11/02 05:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 05:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2006/11/02 05:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/05/30 07:37:30 | 00,808,208 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
[2006/11/02 05:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 08:35:02 | 01,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2008/09/26 16:39:54 | 00,551,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
[2008/09/13 02:08:49 | 07,667,312 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/11/02 08:33:59 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2006/11/02 08:34:00 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/10/23 11:29:50 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Users\ant\Desktop\New Folder\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/12 13:27:02 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
[2008/09/26 16:39:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/09/26 16:39:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006/11/02 02:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/09/25 13:20:29 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/10/13 14:35:00 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 08:34:56 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/11/02 05:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008/06/21 08:26:30 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/11/02 09:01:50 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 08:34:58 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/06/20 00:04:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/11/02 05:46:12 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
[2006/11/02 05:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/10/13 14:00:40 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 05:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/12/14 18:06:14 | 00,184,320 | ---- | M] (SoundMovieServer) -- C:\Windows\System32\snmvtsvc.exe -- (SoundMovieServer [On_Demand | Stopped])
[2006/11/02 05:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 05:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/08/21 20:41:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/02 08:34:59 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/02 08:34:02 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 05:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 05:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/01 14:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
[2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/02/20 22:19:13 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/09/26 16:40:16 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/26 16:40:14 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/09/26 16:40:20 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys -- (AvgWfpX [On_Demand | Running])
[2006/11/02 04:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 04:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/02/22 21:15:49 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\Windows\System32\drivers\CdaD10BA.SYS -- (CdaD10BA [Auto | Running])
[2006/11/02 04:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/02/14 04:03:37 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2008/09/25 13:20:29 | 00,085,008 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/09/25 13:20:29 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 05:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 04:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/10/13 14:35:00 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 08:33:51 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/07/21 08:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
[2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 05:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 04:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 05:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 03:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/10/13 13:57:37 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 04:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 04:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/09/25 13:20:29 | 00,073,232 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys -- (Inspect [On_Demand | Running])
[2006/06/13 23:04:12 | 04,299,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 04:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 05:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 04:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/06/03 23:01:58 | 00,147,984 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys -- (KLIF [System | Running])
[2006/11/02 04:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 04:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2008/10/10 22:16:45 | 00,002,560 | ---- | M] () -- C:\Windows\System32\drivers\mchInjDrv.sys -- (mchInjDrv [System | Running])
[2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/10/13 14:26:06 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2007/12/14 18:06:18 | 00,003,768 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\MovRVDrv32.sys -- (MovRVDrv32 [On_Demand | Running])
[2006/11/02 05:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2007/07/12 03:02:04 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006/11/02 04:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2007/12/12 04:02:12 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 05:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 05:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 05:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 05:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/10/13 14:21:17 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 04:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 03:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD [On_Demand | Running])
[2008/06/20 00:04:00 | 07,468,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Boot | Running])
[2006/11/02 05:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 05:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/10/13 14:35:01 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 08:33:47 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 05:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 04:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 05:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/02/14 04:03:35 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/07/05 08:39:29 | 00,059,256 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2006/11/02 04:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/06/14 10:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2007/02/08 13:44:43 | 00,083,320 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2006/11/02 05:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 04:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007/12/14 18:06:18 | 00,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Running])
[2006/11/02 05:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/12/12 04:02:12 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2007/12/12 04:02:12 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 04:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 04:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 05:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2007/07/12 03:02:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2007/07/12 03:02:03 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Stopped])
[2006/11/02 05:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 05:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 04:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 04:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/07/16 20:12:47 | 00,028,672 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\drivers\VClone.sys -- (VClone [On_Demand | Running])
[2006/11/02 04:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 04:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 05:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 05:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/08/21 20:42:58 | 00,294,288 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant [System | Running])
[2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 04:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/29 18:24:57 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2006/11/02 05:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/02/14 04:03:35 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 04:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 04:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"First Home Page"=C:\Program Files\AOL Toolbar\welcome.html
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{35837daa-2ff2-4416-aeef-34b50cf55f72} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
{F94CC5E7-E29D-4BF5-A982-A020BCC01F37} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" ()
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
"HostManager"=C:\Program Files\Common Files\AOL\1140494536\ee\AOLSoftware.exe (AOL LLC)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s (Elaborate Bytes AG)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{38E51477-DDB4-4aed-9D61-D0C193E10749}: Button: Rip YouTube File -- %ProgramFiles%\SoundTaxi\YouTubeRipper.dll [2007/12/14 18:18:54 | 00,319,488 | ---- | M] ()
{38E51477-DDB4-4aed-9D61-D0C193E10749}: Menu: Rip YouTube file embedded in this page -- %ProgramFiles%\SoundTaxi\YouTubeRipper.dll [2007/12/14 18:18:54 | 00,319,488 | ---- | M] ()
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
46 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3860DD98-0549-4D50-AA72-5D17D200EE10}: http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab -- Windows Live OneCare safety scanner control
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{C86B00FE-0E8F-40CE-89D2-DB26C395100A} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/09/26 16:40:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll, digest.dll
>[2006/11/02 05:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\Windows\system32\qoMfDUkH,
>File not found --

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 05:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 17:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2008/10/22 03:10:16 | 00,000,000 | ---D | C] -- C:\Windows\CheckSur
[2008/10/18 12:29:09 | 07,478,208 | ---- | C] (Microsoft Corporation) -- C:\Users\ant\Desktop\windows-kb890830-v2.3.exe
[2008/10/16 15:49:07 | 01,795,959 | -H-- | C] () -- C:\Users\ant\AppData\Local\IconCache.db
[2008/10/16 13:24:03 | 13,405,96224 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/16 12:24:43 | 52,423,056 | ---- | C] () -- C:\Users\ant\Desktop\zaSuiteSetup_80_059_000_en(2).exe
[2008/10/15 19:55:23 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2008/10/15 19:55:01 | 02,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/10/15 19:54:26 | 03,505,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/10/15 19:54:25 | 03,470,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/10/15 19:28:39 | 52,423,056 | ---- | C] () -- C:\Users\ant\Desktop\zaSuiteSetup_80_059_000_en.exe
[2008/10/15 11:22:20 | 00,266,128 | ---- | C] () -- C:\Users\ant\Desktop\zapSetup_en.exe
[2008/10/14 15:11:13 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\Malwarebytes
[2008/10/14 15:10:59 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 15:10:58 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/10/14 15:10:57 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/10/14 15:10:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/10/14 15:10:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/14 15:09:28 | 02,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ant\Desktop\mbam-setup.exe
[2008/10/13 23:17:56 | 00,087,040 | ---- | C] () -- C:\Users\ant\Desktop\BCH_3023_Exam2_Oct_2006_Answer_Key.doc
[2008/10/13 23:17:51 | 00,029,184 | ---- | C] () -- C:\Users\ant\Desktop\Enzyme Kinetic_Derivation of M&M_Equation.doc
[2008/10/13 23:17:39 | 00,025,088 | ---- | C] () -- C:\Users\ant\Desktop\First_Order_Kinetics_Handout.doc
[2008/10/13 17:29:03 | 00,000,911 | ---- | C] () -- C:\Users\ant\Desktop\EverQuest - Shortcut (2).lnk
[2008/10/13 14:35:48 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2008/10/13 14:35:48 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2008/10/13 14:35:48 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2008/10/13 14:35:47 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2008/10/13 14:35:12 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2008/10/13 14:35:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2008/10/13 14:35:08 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/10/13 14:35:08 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2008/10/13 14:35:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2008/10/13 14:35:08 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/10/13 14:35:07 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2008/10/13 14:35:07 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2008/10/13 14:35:07 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2008/10/13 14:35:07 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2008/10/13 14:35:07 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2008/10/13 14:35:07 | 00,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2008/10/13 14:35:06 | 00,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2008/10/13 14:35:06 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2008/10/13 14:35:05 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2008/10/13 14:35:04 | 00,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2008/10/13 14:35:01 | 00,694,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2008/10/13 14:35:01 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2008/10/13 14:35:01 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2008/10/13 14:35:01 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/10/13 14:35:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2008/10/13 14:35:00 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/10/13 14:35:00 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2008/10/13 14:35:00 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008/10/13 14:32:31 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/10/13 14:32:26 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/10/13 14:32:26 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/10/13 14:30:48 | 00,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2008/10/13 14:30:30 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2008/10/13 14:30:26 | 00,258,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2008/10/13 14:30:22 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/10/13 14:30:21 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2008/10/13 14:30:20 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2008/10/13 14:30:19 | 01,655,289 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2008/10/13 14:30:18 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2008/10/13 14:30:18 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2008/10/13 14:30:18 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2008/10/13 14:30:17 | 00,502,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2008/10/13 14:30:16 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2008/10/13 14:27:35 | 11,315,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/10/13 14:26:25 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/10/13 14:26:06 | 01,060,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2008/10/13 14:26:06 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/10/13 14:25:23 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/10/13 14:23:57 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2008/10/13 14:23:14 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/10/13 14:22:40 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2008/10/13 14:22:38 | 10,617,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2008/10/13 14:22:37 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2008/10/13 14:22:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2008/10/13 14:22:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2008/10/13 14:22:35 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2008/10/13 14:21:39 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2008/10/13 14:21:23 | 00,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2008/10/13 14:21:19 | 00,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2008/10/13 14:21:19 | 00,015,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2008/10/13 14:21:17 | 00,211,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2008/10/13 14:21:17 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/10/13 14:19:10 | 01,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2008/10/13 14:19:09 | 01,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2008/10/13 14:19:09 | 01,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2008/10/13 14:19:08 | 01,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2008/10/13 14:19:07 | 01,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2008/10/13 14:18:54 | 01,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2008/10/13 14:18:50 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2008/10/13 14:18:05 | 05,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2008/10/13 14:17:52 | 07,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2008/10/13 14:17:42 | 05,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2008/10/13 14:17:40 | 06,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2008/10/13 14:17:38 | 04,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2008/10/13 14:17:37 | 02,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2008/10/13 14:17:36 | 04,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2008/10/13 14:17:36 | 03,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2008/10/13 14:17:26 | 06,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2008/10/13 14:17:23 | 11,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2008/10/13 14:17:14 | 04,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2008/10/13 14:16:05 | 01,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2008/10/13 14:15:56 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/10/13 14:15:54 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/10/13 14:15:53 | 03,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2008/10/13 14:15:52 | 01,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2008/10/13 14:15:51 | 04,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2008/10/13 14:15:50 | 01,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2008/10/13 14:15:48 | 04,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2008/10/13 14:15:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2008/10/13 14:15:45 | 06,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2008/10/13 14:15:42 | 06,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2008/10/13 14:15:39 | 06,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2008/10/13 14:15:35 | 09,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2008/10/13 14:15:33 | 06,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2008/10/13 14:15:32 | 01,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2008/10/13 14:15:29 | 05,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2008/10/13 14:15:26 | 04,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2008/10/13 14:15:23 | 05,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2008/10/13 14:15:19 | 05,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2008/10/13 14:15:16 | 07,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2008/10/13 14:15:14 | 05,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2008/10/13 14:15:12 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2008/10/13 14:15:11 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2008/10/13 14:15:10 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2008/10/13 14:15:10 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2008/10/13 14:15:09 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2008/10/13 14:15:08 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2008/10/13 14:15:08 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2008/10/13 14:15:08 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2008/10/13 14:15:08 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2008/10/13 14:15:07 | 01,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2008/10/13 14:15:07 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2008/10/13 14:15:06 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2008/10/13 14:15:06 | 03,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2008/10/13 14:15:06 | 02,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2008/10/13 14:15:05 | 04,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2008/10/13 14:15:05 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2008/10/13 14:15:05 | 01,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2008/10/13 14:15:04 | 02,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2008/10/13 14:15:04 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2008/10/13 14:15:04 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2008/10/13 14:15:02 | 02,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2008/10/13 14:15:01 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2008/10/13 14:15:00 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2008/10/13 14:15:00 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2008/10/13 14:14:59 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2008/10/13 14:14:59 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2008/10/13 14:14:58 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2008/10/13 14:14:56 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2008/10/13 14:14:55 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2008/10/13 14:14:53 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2008/10/13 14:14:51 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2008/10/13 14:14:47 | 09,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2008/10/13 14:14:46 | 02,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2008/10/13 14:14:45 | 02,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2008/10/13 14:14:44 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2008/10/13 14:14:43 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2008/10/13 14:14:42 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2008/10/13 14:14:42 | 00,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/10/13 14:14:40 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2008/10/13 14:14:39 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2008/10/13 14:14:37 | 06,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2008/10/13 14:14:35 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2008/10/13 14:00:45 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2008/10/13 14:00:44 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2008/10/13 14:00:44 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2008/10/13 14:00:42 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2008/10/13 14:00:42 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2008/10/13 14:00:42 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2008/10/13 14:00:42 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2008/10/13 14:00:40 | 02,605,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/10/13 14:00:40 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2008/10/13 13:59:15 | 00,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2008/10/13 13:59:14 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2008/10/13 13:59:14 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2008/10/13 13:59:04 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2008/10/13 13:59:04 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2008/10/13 13:59:04 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2008/10/13 13:59:02 | 01,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2008/10/13 13:59:00 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/10/13 13:58:57 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2008/10/13 13:58:57 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2008/10/13 13:58:56 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/10/13 13:58:56 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2008/10/13 13:58:56 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2008/10/13 13:58:56 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2008/10/13 13:58:55 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2008/10/13 13:58:53 | 08,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2008/10/13 13:58:02 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2008/10/13 13:58:02 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/10/13 13:57:37 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2008/10/13 13:54:15 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2008/10/13 13:54:14 | 00,737,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/10/13 13:53:56 | 01,327,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/10/13 13:45:44 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/12 21:38:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2008/10/12 17:30:19 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/10/12 16:16:04 | 00,001,874 | ---- | C] () -- C:\Users\ant\Desktop\HijackThis.lnk
[2008/10/12 16:16:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/12 15:51:43 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2008/10/12 14:57:44 | 00,001,055 | ---- | C] () -- C:\Users\ant\Desktop\Spybot - Search & Destroy.lnk
[2008/10/12 14:57:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2008/10/12 14:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/12 13:11:38 | 00,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Watch.lnk
[2008/10/12 13:11:38 | 00,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2008/10/12 13:11:27 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/12 13:11:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2008/10/12 13:05:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/10 21:32:28 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2008/10/10 20:57:01 | 00,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2008/10/09 22:02:38 | 00,307,238 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2008/10/08 17:17:38 | 00,000,839 | ---- | C] () -- C:\Users\ant\Desktop\EverQuest - Shortcut.lnk
[2008/10/07 13:57:49 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\Ubisoft
[2008/10/07 13:57:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2008/10/07 13:57:19 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2008/10/07 13:57:19 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2008/10/07 13:57:16 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2008/10/07 13:57:11 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2008/10/07 13:57:11 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2008/10/07 13:57:08 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2008/10/07 13:57:03 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2008/10/07 13:57:03 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2008/10/07 13:57:00 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2008/10/07 13:56:58 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2008/10/07 13:56:53 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2008/10/07 13:56:53 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2008/10/07 13:56:49 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2008/10/07 13:56:48 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2008/10/07 13:56:47 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2008/10/07 13:56:45 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2008/10/07 13:56:43 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2008/10/07 13:56:43 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2008/10/07 13:56:40 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2008/10/07 13:56:38 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2008/10/07 13:56:37 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2008/10/07 13:56:35 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2008/10/07 13:56:35 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2008/10/07 13:56:33 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2008/10/07 12:21:30 | 00,000,000 | ---D | C] -- C:\Users\ant\Desktop\New Folder (7)
[2008/10/07 12:20:36 | 00,000,000 | ---D | C] -- C:\Users\ant\Desktop\New Folder (6)
[2008/10/06 13:55:36 | 00,000,000 | -HSD | C] -- C:\found.007
[2008/10/05 13:59:41 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\Gearbox Software
[2008/10/05 13:20:15 | 00,000,843 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2008/10/05 13:19:58 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\WinRAR
[2008/10/05 13:15:33 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2008/10/05 13:15:06 | 00,000,000 | ---D | C] -- C:\Program Files\Winrar 3.80
[2008/10/05 12:50:42 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2008/10/05 12:00:39 | 00,000,000 | ---D | C] -- C:\Users\ant\Desktop\New Folder (5)
[2008/10/05 01:21:47 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\MailFrontier
[2008/10/05 00:35:37 | 42,332,9568 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2008/10/05 00:35:37 | 03,346,748 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2008/10/05 00:31:08 | 00,147,984 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2008/10/05 00:30:24 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/10/05 00:29:46 | 00,349,222 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2008/10/04 14:46:53 | 00,149,747 | ---- | C] () -- C:\AnalysisLog.sr0
[2008/10/04 13:58:52 | 00,001,169 | ---- | C] () -- C:\Windows\mozver.dat
[2008/10/04 13:52:03 | 00,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/04 12:54:50 | 00,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2008/10/04 12:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2008/10/02 12:43:02 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\uTorrent
[2008/09/28 22:10:58 | 00,000,805 | ---- | C] () -- C:\rollback.ini
[2008/09/28 19:45:44 | 00,000,000 | ---D | C] -- C:\ProgramData\MailFrontier
[2008/09/28 18:04:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2008/09/28 17:57:25 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2008/09/28 17:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2008/09/28 17:52:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2008/09/28 17:51:53 | 00,000,000 | ---D | C] -- C:\Users\ant\Desktop\New Folder (4)
[2008/09/28 17:51:46 | 00,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2008/09/28 17:50:46 | 00,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2008/09/28 17:46:25 | 00,000,760 | ---- | C] () -- C:\Users\Public\Desktop\WinAce Archiver.lnk
[2008/09/28 17:45:42 | 00,000,000 | ---D | C] -- C:\Program Files\WinAce
[2008/09/28 15:52:37 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\AVGTOOLBAR
[2008/09/26 16:41:29 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/09/26 16:40:21 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.0.lnk
[2008/09/26 16:40:20 | 00,069,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys
[2008/09/26 16:40:20 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2008/09/26 16:40:16 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2008/09/26 16:40:14 | 28,869,184 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2008/09/26 16:40:14 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2008/09/26 16:40:14 | 00,043,628 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2008/09/26 16:40:14 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2008/09/26 16:40:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2008/09/26 16:39:53 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/09/26 16:39:52 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2008/09/26 15:57:27 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Local\Comodo
[2008/09/26 15:33:59 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2008/09/26 15:30:59 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2008/09/26 13:10:58 | 00,982,965 | -HS- | C] () -- C:\Windows\System32\pwcmlgyo.ini
[2008/09/26 13:07:55 | 00,837,488 | -HS- | C] () -- C:\Windows\System32\oUvCKRqr.ini2
[2008/09/26 13:07:55 | 00,837,488 | -HS- | C] () -- C:\Windows\System32\oUvCKRqr.ini
[2008/09/25 15:27:21 | 00,000,858 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall Pro.lnk
[2008/09/25 13:20:34 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\Comodo
[2008/09/25 13:20:33 | 00,143,104 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008/09/25 13:20:33 | 00,085,008 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2008/09/25 13:20:33 | 00,073,232 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2008/09/25 13:20:33 | 00,025,104 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2008/09/25 13:20:33 | 00,000,000 | ---D | C] -- C:\ProgramData\comodo
[2008/09/25 13:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2008/09/24 12:39:12 | 00,026,340 | ---- | C] () -- C:\Users\ant\AppData\Roaming\UserTile.png
[2008/09/24 12:39:12 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\PeerNetworking
[2008/09/24 12:37:29 | 01,129,539 | -HS- | C] () -- C:\Windows\System32\ltlewurq.ini

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2008/10/23 11:40:11 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3FB71C29-888D-4BD3-999E-6FC875969E60}.job
[2008/10/23 11:14:50 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/10/23 11:14:50 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/10/23 00:16:09 | 00,349,222 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2008/10/23 00:15:17 | 00,000,458 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2008/10/23 00:15:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/10/23 00:14:42 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/10/23 00:14:36 | 13,405,96224 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/22 22:30:59 | 01,795,959 | -H-- | M] () -- C:\Users\ant\AppData\Local\IconCache.db
[2008/10/21 23:37:27 | 00,000,805 | ---- | M] () -- C:\rollback.ini
[2008/10/21 16:00:13 | 42,332,9568 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2008/10/21 16:00:13 | 03,346,748 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2008/10/18 12:29:08 | 07,478,208 | ---- | M] (Microsoft Corporation) -- C:\Users\ant\Desktop\windows-kb890830-v2.3.exe
[2008/10/18 12:13:10 | 00,000,249 | ---- | M] () -- C:\Windows\win.ini
[2008/10/18 11:54:24 | 00,000,404 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2008/10/16 12:25:15 | 52,423,056 | ---- | M] () -- C:\Users\ant\Desktop\zaSuiteSetup_80_059_000_en(2).exe
[2008/10/16 03:19:00 | 00,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/10/15 22:24:37 | 00,043,628 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2008/10/15 22:24:34 | 28,869,184 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2008/10/15 19:29:04 | 52,423,056 | ---- | M] () -- C:\Users\ant\Desktop\zaSuiteSetup_80_059_000_en.exe
[2008/10/15 11:22:16 | 00,266,128 | ---- | M] () -- C:\Users\ant\Desktop\zapSetup_en.exe
[2008/10/14 18:01:43 | 00,001,356 | ---- | M] () -- C:\Users\ant\AppData\Local\d3d9caps.dat
[2008/10/14 15:10:59 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 15:09:28 | 02,189,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ant\Desktop\mbam-setup.exe
[2008/10/13 23:18:05 | 00,087,040 | ---- | M] () -- C:\Users\ant\Desktop\BCH_3023_Exam2_Oct_2006_Answer_Key.doc
[2008/10/13 23:17:52 | 00,029,184 | ---- | M] () -- C:\Users\ant\Desktop\Enzyme Kinetic_Derivation of M&M_Equation.doc
[2008/10/13 23:17:40 | 00,025,088 | ---- | M] () -- C:\Users\ant\Desktop\First_Order_Kinetics_Handout.doc
[2008/10/13 17:29:03 | 00,000,911 | ---- | M] () -- C:\Users\ant\Desktop\EverQuest - Shortcut (2).lnk
[2008/10/13 14:48:53 | 00,955,422 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/10/13 14:48:53 | 00,218,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/10/13 14:48:52 | 00,226,862 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/10/13 14:44:55 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2008/10/13 14:44:55 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2008/10/13 14:44:54 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/10/13 14:35:48 | 00,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2008/10/13 14:35:48 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2008/10/13 14:35:48 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2008/10/13 14:35:47 | 00,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2008/10/13 14:35:12 | 00,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2008/10/13 14:35:12 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2008/10/13 14:35:08 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/10/13 14:35:08 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2008/10/13 14:35:08 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2008/10/13 14:35:08 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/10/13 14:35:07 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2008/10/13 14:35:07 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2008/10/13 14:35:07 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2008/10/13 14:35:07 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2008/10/13 14:35:07 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2008/10/13 14:35:07 | 00,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2008/10/13 14:35:06 | 00,564,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2008/10/13 14:35:06 | 00,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2008/10/13 14:35:05 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2008/10/13 14:35:04 | 00,286,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2008/10/13 14:35:01 | 00,694,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2008/10/13 14:35:01 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2008/10/13 14:35:01 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2008/10/13 14:35:01 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/10/13 14:35:01 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2008/10/13 14:35:00 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/10/13 14:35:00 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2008/10/13 14:35:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008/10/13 14:32:31 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/10/13 14:32:27 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/10/13 14:32:26 | 01,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/10/13 14:30:48 | 00,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2008/10/13 14:30:30 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2008/10/13 14:30:26 | 00,258,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2008/10/13 14:30:23 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/10/13 14:30:21 | 00,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2008/10/13 14:30:20 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2008/10/13 14:30:19 | 01,655,289 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2008/10/13 14:30:18 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2008/10/13 14:30:18 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2008/10/13 14:30:18 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2008/10/13 14:30:17 | 00,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2008/10/13 14:30:16 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2008/10/13 14:27:35 | 11,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/10/13 14:26:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/10/13 14:26:06 | 01,060,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2008/10/13 14:26:06 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/10/13 14:25:23 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/10/13 14:23:57 | 00,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2008/10/13 14:23:14 | 00,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/10/13 14:22:41 | 08,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2008/10/13 14:22:39 | 10,617,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2008/10/13 14:22:37 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2008/10/13 14:22:36 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2008/10/13 14:22:36 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2008/10/13 14:22:35 | 00,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2008/10/13 14:21:39 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2008/10/13 14:21:23 | 00,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2008/10/13 14:21:19 | 00,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2008/10/13 14:21:19 | 00,015,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2008/10/13 14:21:18 | 00,211,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2008/10/13 14:21:17 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/10/13 14:19:11 | 01,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2008/10/13 14:19:10 | 01,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2008/10/13 14:19:09 | 01,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2008/10/13 14:19:08 | 01,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2008/10/13 14:19:07 | 01,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2008/10/13 14:18:55 | 01,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2008/10/13 14:18:51 | 02,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2008/10/13 14:18:06 | 05,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2008/10/13 14:17:54 | 07,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2008/10/13 14:17:44 | 05,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2008/10/13 14:17:42 | 06,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2008/10/13 14:17:40 | 04,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2008/10/13 14:17:38 | 02,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2008/10/13 14:17:37 | 04,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2008/10/13 14:17:36 | 03,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2008/10/13 14:17:33 | 06,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2008/10/13 14:17:23 | 11,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2008/10/13 14:17:14 | 04,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2008/10/13 14:16:05 | 01,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2008/10/13 14:16:01 | 12,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/10/13 14:15:55 | 02,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/10/13 14:15:54 | 03,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2008/10/13 14:15:53 | 01,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2008/10/13 14:15:52 | 04,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2008/10/13 14:15:50 | 01,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2008/10/13 14:15:49 | 04,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2008/10/13 14:15:48 | 06,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2008/10/13 14:15:48 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2008/10/13 14:15:44 | 06,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2008/10/13 14:15:41 | 06,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2008/10/13 14:15:38 | 09,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2008/10/13 14:15:35 | 06,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2008/10/13 14:15:32 | 01,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2008/10/13 14:15:31 | 05,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2008/10/13 14:15:28 | 04,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2008/10/13 14:15:26 | 05,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2008/10/13 14:15:23 | 05,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2008/10/13 14:15:19 | 07,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2008/10/13 14:15:16 | 05,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2008/10/13 14:15:14 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2008/10/13 14:15:12 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2008/10/13 14:15:11 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2008/10/13 14:15:10 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2008/10/13 14:15:09 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2008/10/13 14:15:09 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2008/10/13 14:15:08 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2008/10/13 14:15:08 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2008/10/13 14:15:08 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2008/10/13 14:15:07 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2008/10/13 14:15:07 | 01,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2008/10/13 14:15:07 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2008/10/13 14:15:06 | 03,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2008/10/13 14:15:06 | 02,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2008/10/13 14:15:05 | 04,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2008/10/13 14:15:05 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2008/10/13 14:15:05 | 01,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2008/10/13 14:15:04 | 02,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2008/10/13 14:15:04 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2008/10/13 14:15:04 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2008/10/13 14:15:03 | 02,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2008/10/13 14:15:01 | 04,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2008/10/13 14:15:00 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2008/10/13 14:15:00 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2008/10/13 14:14:59 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2008/10/13 14:14:59 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2008/10/13 14:14:58 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2008/10/13 14:14:57 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2008/10/13 14:14:56 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2008/10/13 14:14:54 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2008/10/13 14:14:53 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2008/10/13 14:14:51 | 09,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2008/10/13 14:14:46 | 02,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2008/10/13 14:14:46 | 02,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2008/10/13 14:14:45 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2008/10/13 14:14:44 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2008/10/13 14:14:43 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2008/10/13 14:14:42 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/10/13 14:14:41 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2008/10/13 14:14:39 | 06,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2008/10/13 14:14:39 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2008/10/13 14:14:36 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2008/10/13 14:00:45 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2008/10/13 14:00:44 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2008/10/13 14:00:44 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2008/10/13 14:00:42 | 00,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2008/10/13 14:00:42 | 00,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2008/10/13 14:00:42 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2008/10/13 14:00:42 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2008/10/13 14:00:40 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/10/13 14:00:40 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2008/10/13 13:59:15 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2008/10/13 13:59:14 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2008/10/13 13:59:14 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2008/10/13 13:59:04 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2008/10/13 13:59:04 | 00,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2008/10/13 13:59:04 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2008/10/13 13:59:03 | 01,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2008/10/13 13:59:00 | 00,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/10/13 13:58:57 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2008/10/13 13:58:57 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2008/10/13 13:58:56 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/10/13 13:58:56 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2008/10/13 13:58:56 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2008/10/13 13:58:56 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2008/10/13 13:58:55 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2008/10/13 13:58:53 | 08,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2008/10/13 13:58:02 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2008/10/13 13:58:02 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/10/13 13:57:37 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2008/10/13 13:54:15 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2008/10/13 13:54:14 | 00,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/10/13 13:53:56 | 01,327,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/10/13 13:45:45 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2008/10/12 21:23:51 | 00,056,622 | ---- | M] () -- C:\VETlog.dmp
[2008/10/12 17:30:34 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2008/10/12 16:19:26 | 00,001,874 | ---- | M] () -- C:\Users\ant\Desktop\HijackThis.lnk
[2008/10/12 14:57:44 | 00,001,055 | ---- | M] () -- C:\Users\ant\Desktop\Spybot - Search & Destroy.lnk
[2008/10/12 13:11:38 | 00,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Watch.lnk
[2008/10/12 13:11:38 | 00,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2008/10/10 22:16:45 | 00,002,560 | ---- | M] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2008/10/10 20:15:27 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts
[2008/10/09 22:02:38 | 00,307,238 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2008/10/08 17:17:38 | 00,000,839 | ---- | M] () -- C:\Users\ant\Desktop\EverQuest - Shortcut.lnk
[2008/10/07 12:19:42 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2008/10/05 13:20:15 | 00,000,843 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2008/10/04 14:47:54 | 00,149,747 | ---- | M] () -- C:\AnalysisLog.sr0
[2008/10/04 13:58:58 | 00,001,169 | ---- | M] () -- C:\Windows\mozver.dat
[2008/10/04 13:52:03 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/04 12:54:50 | 00,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2008/09/30 15:01:13 | 00,982,965 | -HS- | M] () -- C:\Windows\System32\pwcmlgyo.ini
[2008/09/28 17:46:25 | 00,000,760 | ---- | M] () -- C:\Users\Public\Desktop\WinAce Archiver.lnk
[2008/09/26 16:40:21 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.0.lnk
[2008/09/26 16:40:20 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys
[2008/09/26 16:40:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2008/09/26 16:40:16 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2008/09/26 16:40:14 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2008/09/26 16:40:14 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2008/09/26 15:56:14 | 00,789,074 | -HS- | M] () -- C:\Windows\System32\HkUDfMoq.ini
[2008/09/26 15:50:14 | 00,789,332 | -HS- | M] () -- C:\Windows\System32\HkUDfMoq.ini2
[2008/09/26 13:11:35 | 00,837,488 | -HS- | M] () -- C:\Windows\System32\oUvCKRqr.ini
[2008/09/26 13:10:57 | 00,837,488 | -HS- | M] () -- C:\Windows\System32\oUvCKRqr.ini2
[2008/09/25 15:27:21 | 00,000,858 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall Pro.lnk
[2008/09/25 13:20:29 | 00,143,104 | ---- | M] () -- C:\Windows\System32\guard32.dll
[2008/09/25 13:20:29 | 00,085,008 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2008/09/25 13:20:29 | 00,073,232 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2008/09/25 13:20:29 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2008/09/25 12:39:39 | 01,129,539 | -HS- | M] () -- C:\Windows\System32\ltlewurq.ini
[2008/09/24 12:39:12 | 00,026,340 | ---- | M] () -- C:\Users\ant\AppData\Roaming\UserTile.png
[2008/09/24 12:34:24 | 01,105,802 | -HS- | M] () -- C:\Windows\System32\msvduylt.ini
< End of report >

and the extra txt. doc

OTViewIt Extras logfile created on: 10/23/2008 11:37:41 AM - Run 3
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Users\ant\Desktop\New Folder
Windows Vista An unknown product (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 19.86% Memory free
2.73 Gb Paging File | 1.51 Gb Available in Paging File | 55.27% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 82.97 Gb Free Space | 54.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: ant
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/26 16:40:03 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}"=Norton Security Scan
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}"=RTC Client API v1.2
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}"=Bonjour Core for Windows
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{89661B04-C646-4412-B6D3-5E19F02F1F37}"=EAX4 Unified Redist
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}"=Microsoft Visual C Runtime
"{90840409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Excel Viewer 2003
"{9F70BF98-003C-491D-81FC-FF9792206AF0}"=iTunes
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}"=VC 9.0 Runtime
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}"=Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"AVG8Uninstall"=AVG Free 8.0
"COMODO Firewall Pro"=COMODO Firewall Pro
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"IE40"=Microsoft Internet Explorer 6
"Jarte_is1"=Jarte 3.0
"LimeWire"=LimeWire 4.14.12
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Mozilla Firefox (2.0.0.16)"=Mozilla Firefox (2.0.0.16)
"NVIDIA Drivers"=NVIDIA Drivers
"Security Task Manager"=Security Task Manager 1.7f
"SoundTaxi_is1"=SoundTaxi 3.1.8
"VirtualCloneDrive"=VirtualCloneDrive
"WinAce Archiver"=WinAce Archiver
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"ZoneAlarm Security Suite"=ZoneAlarm Security Suite

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2008 12:50:25 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:25 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:25 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:27 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:27 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:27 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:27 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:27 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:28 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2008 12:50:29 PM | Computer Name = ant-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 10/23/2008 3:08:43 AM | Computer Name = home | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/23/2008 3:08:43 AM | Computer Name = home | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/23/2008 3:08:43 AM | Computer Name = home | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/23/2008 3:08:48 AM | Computer Name = home | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/23/2008 3:13:04 AM | Computer Name = home | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/23/2008 11:20:08 AM | Computer Name = home | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/23/2008 11:20:08 AM | Computer Name = home | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/23/2008 11:20:08 AM | Computer Name = home | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/23/2008 11:20:08 AM | Computer Name = home | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/23/2008 11:20:08 AM | Computer Name = home | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 AM

Posted 23 October 2008 - 11:15 AM

Hello.

OK, we'll continue when the Kaspersky is finished.

With Regards,
The Panda

#6 ant2009

ant2009
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 October 2008 - 01:56 PM

i did the kaspersky scan and it didn't find any viruses

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 AM

Posted 23 October 2008 - 02:36 PM

Hello ant2009.

I see leftovers from a previous infection. Nothing still active at the moment.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable AVG:
  • Please navigate to the system tray on the bottom right hand corner and look for this Posted Image sign.
  • Right click it-> select Quit Control Center.
  • A warning will pop up, click Yes
To disable SpyBot's TeaTimer:
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore when booted, navigate to C:\WINDOWS\erdnt (possibly WINNT), choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.
Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :services
    
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35837daa-2ff2-4416-aeef-34b50cf55f72}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F94CC5E7-E29D-4BF5-A982-A020BCC01F37}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    [HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):"msv1_0"
    :files
    C:\Windows\System32\ltlewurq.ini
    C:\Windows\System32\pwcmlgyo.ini
    C:\Windows\System32\HkUDfMoq.ini
    C:\Windows\System32\HkUDfMoq.ini2
    C:\Windows\System32\oUvCKRqr.ini
    C:\Windows\System32\msvduylt.ini
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Post back with:
-the OTMoveIt log
-a new HijackThis log

With Regards,
The Panda

#8 ant2009

ant2009
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 October 2008 - 03:11 PM

i did everything up to the otmoveit log...the program freezes when it gets to

"Authentication Packages"=hex(7):"msv1_0"
:files
C:\Windows\System32\ltlewurq.ini
C:\Windows\System32\pwcmlgyo.ini
C:\Windows\System32\HkUDfMoq.ini
C:\Windows\System32\HkUDfMoq.ini2
C:\Windows\System32\oUvCKRqr.ini
C:\Windows\System32\msvduylt.ini

also, are these viruses what allows ppl to see what sites i visted and what i type and stuff?

#9 ant2009

ant2009
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 October 2008 - 03:13 PM

gonna reboot and try it again

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 AM

Posted 23 October 2008 - 03:23 PM

Hello.

also, are these viruses what allows ppl to see what sites i visted and what i type and stuff?

Unfortunately yes, there are infections that can do almost any bad thing you can think of.

If OTMoveIt still freezes up, we'll try something else.

With Regards,
The Padna

#11 ant2009

ant2009
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 October 2008 - 03:35 PM

ya otmovit program still doesn't work. when i rebooted i also got a message box that said

" unable to create file: c:\windows\ERDNT\autobackup\10-23-08\erdnt.inf .... Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later resstoration of the registry can only be done manually, by using another OS to copy back the files.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 AM

Posted 23 October 2008 - 04:01 PM

Hello ant2009.

Did you choose Run as Administrator? If not, try again doing that. If you did, then follow the directions below.

OK, let's try it the old fashioned way.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35837daa-2ff2-4416-aeef-34b50cf55f72}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F94CC5E7-E29D-4BF5-A982-A020BCC01F37}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    [HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

Create and Run Batch Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    for %%a in (
    "C:\Windows\System32\ltlewurq.ini"
    "C:\Windows\System32\pwcmlgyo.ini"
    "C:\Windows\System32\HkUDfMoq.ini"
    "C:\Windows\System32\HkUDfMoq.ini2"
    "C:\Windows\System32\oUvCKRqr.ini"
    "C:\Windows\System32\msvduylt.ini"
    ) do (
    IF exist "%%~a" (
    attrib -s -r -h "%%~a"
    del /q /f "%%~a"
    if not exist "%%~a" (
    ECHO %%~a -Deleted.>>Report.txt
    ) ELSE (
    ECHO %%~a -Failed to delete.>>Report.txt
    )
    ) ELSE (
    ECHO %%~a -Not found.>>Report.txt
    )
    )
    start notepad report
    del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Right click fix.bat and select Run as Administrator. You will see a black command prompt open, followed by a notepad. Copy the contents of the notepad back in your next reply.


Post back with a new OTView it log (just OTViewIt.txt)

With Regards,
The Panda

#13 ant2009

ant2009
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 October 2008 - 04:16 PM

C:\Windows\System32\ltlewurq.ini -Deleted.
C:\Windows\System32\pwcmlgyo.ini -Deleted.
C:\Windows\System32\HkUDfMoq.ini -Deleted.
C:\Windows\System32\HkUDfMoq.ini2 -Deleted.
C:\Windows\System32\oUvCKRqr.ini -Deleted.
C:\Windows\System32\msvduylt.ini -Deleted.



OTViewIt logfile created on: 10/23/2008 5:11:50 PM - Run 5
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Users\ant\Desktop\New Folder
Windows Vista An unknown product (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 34.20% Memory free
2.73 Gb Paging File | 1.79 Gb Available in Paging File | 65.72% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 84.39 Gb Free Space | 55.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: ant
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/02 05:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 05:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/06/20 00:04:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/10/13 14:00:40 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 05:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/10/12 13:27:02 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2006/11/02 05:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 05:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 05:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/09/26 16:39:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/09/25 13:20:29 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
[2008/06/21 08:26:30 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2006/11/02 08:34:02 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
[2008/06/29 18:01:01 | 00,052,168 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/06/13 08:05:26 | 16,239,616 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RTHDCPL.exe
[2006/02/20 22:19:09 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
[2008/05/27 10:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/09/26 16:39:56 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2007/05/25 13:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1140494536\EE\aolsoftware.exe
[2008/09/25 13:20:28 | 01,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
[2008/09/26 16:39:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2004/10/18 18:42:18 | 00,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
[2006/11/02 05:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/06/02 11:13:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/09 04:01:32 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2008/06/21 08:26:36 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2006/11/02 05:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2006/11/02 05:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/11/02 05:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/09/13 02:08:49 | 07,667,312 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/11/02 08:35:02 | 01,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2008/09/26 16:39:54 | 00,551,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
[2006/11/02 05:45:30 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
[2008/10/23 11:29:50 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Users\ant\Desktop\New Folder\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/12 13:27:02 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
[2008/09/26 16:39:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/09/26 16:39:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006/11/02 02:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/09/25 13:20:29 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/10/13 14:35:00 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 08:34:56 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/11/02 05:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008/06/21 08:26:30 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/11/02 09:01:50 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 08:34:58 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/06/20 00:04:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/11/02 05:46:12 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
[2006/11/02 05:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/10/13 14:00:40 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 05:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/12/14 18:06:14 | 00,184,320 | ---- | M] (SoundMovieServer) -- C:\Windows\System32\snmvtsvc.exe -- (SoundMovieServer [On_Demand | Stopped])
[2006/11/02 05:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 05:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/08/21 20:41:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/02 08:34:59 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/02 08:34:02 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 05:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 05:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/01 14:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
[2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/02/20 22:19:13 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/09/26 16:40:16 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/26 16:40:14 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/09/26 16:40:20 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys -- (AvgWfpX [On_Demand | Running])
[2006/11/02 04:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 04:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/02/22 21:15:49 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\Windows\System32\drivers\CdaD10BA.SYS -- (CdaD10BA [Auto | Running])
[2006/11/02 04:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/02/14 04:03:37 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2008/09/25 13:20:29 | 00,085,008 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/09/25 13:20:29 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 05:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 04:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/10/13 14:35:00 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 08:33:51 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/07/21 08:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
[2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 05:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 04:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 05:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 03:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/10/13 13:57:37 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 04:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 04:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/09/25 13:20:29 | 00,073,232 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys -- (Inspect [On_Demand | Running])
[2006/06/13 23:04:12 | 04,299,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 04:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 05:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 04:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/06/03 23:01:58 | 00,147,984 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys -- (KLIF [System | Running])
[2006/11/02 04:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 04:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2008/10/10 22:16:45 | 00,002,560 | ---- | M] () -- C:\Windows\System32\drivers\mchInjDrv.sys -- (mchInjDrv [System | Running])
[2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/10/13 14:26:06 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2007/12/14 18:06:18 | 00,003,768 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\MovRVDrv32.sys -- (MovRVDrv32 [On_Demand | Running])
[2006/11/02 05:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2007/07/12 03:02:04 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006/11/02 04:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2007/12/12 04:02:12 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 05:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 05:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 05:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 05:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/10/13 14:21:17 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 04:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 03:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD [On_Demand | Running])
[2008/06/20 00:04:00 | 07,468,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Boot | Running])
[2006/11/02 05:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 05:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/10/13 14:35:01 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 08:33:47 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 05:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 04:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 05:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/02/14 04:03:35 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/07/05 08:39:29 | 00,059,256 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2006/11/02 04:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/06/14 10:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2007/02/08 13:44:43 | 00,083,320 | ---- | M] (Protection Technology (StarForce)) -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2006/11/02 05:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 04:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007/12/14 18:06:18 | 00,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Running])
[2006/11/02 05:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/12/12 04:02:12 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2007/12/12 04:02:12 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 04:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 04:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 05:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2007/07/12 03:02:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2007/07/12 03:02:03 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Stopped])
[2006/11/02 05:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 05:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 04:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 04:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/07/16 20:12:47 | 00,028,672 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\drivers\VClone.sys -- (VClone [On_Demand | Running])
[2006/11/02 04:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 04:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 05:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 05:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/08/21 20:42:58 | 00,294,288 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant [System | Running])
[2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 04:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/29 18:24:57 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2006/11/02 05:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/02/14 04:03:35 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 04:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 04:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"First Home Page"=C:\Program Files\AOL Toolbar\welcome.html
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" ()
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
"HostManager"=C:\Program Files\Common Files\AOL\1140494536\ee\AOLSoftware.exe (AOL LLC)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s (Elaborate Bytes AG)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{38E51477-DDB4-4aed-9D61-D0C193E10749}: Button: Rip YouTube File -- %ProgramFiles%\SoundTaxi\YouTubeRipper.dll [2007/12/14 18:18:54 | 00,319,488 | ---- | M] ()
{38E51477-DDB4-4aed-9D61-D0C193E10749}: Menu: Rip YouTube file embedded in this page -- %ProgramFiles%\SoundTaxi\YouTubeRipper.dll [2007/12/14 18:18:54 | 00,319,488 | ---- | M] ()
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2572503412-796414374-1460479264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
46 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3860DD98-0549-4D50-AA72-5D17D200EE10}: http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab -- Windows Live OneCare safety scanner control
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{C86B00FE-0E8F-40CE-89D2-DB26C395100A} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/09/26 16:40:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll, digest.dll
>[2006/11/02 05:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 05:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 17:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2008/10/23 15:54:08 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/23 15:50:38 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2008/10/23 15:49:39 | 00,000,913 | ---- | C] () -- C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/23 15:48:50 | 00,000,733 | ---- | C] () -- C:\Users\ant\Desktop\NTREGOPT.lnk
[2008/10/23 15:48:43 | 00,000,714 | ---- | C] () -- C:\Users\ant\Desktop\ERUNT.lnk
[2008/10/23 15:47:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/22 03:10:16 | 00,000,000 | ---D | C] -- C:\Windows\CheckSur
[2008/10/18 12:29:09 | 07,478,208 | ---- | C] (Microsoft Corporation) -- C:\Users\ant\Desktop\windows-kb890830-v2.3.exe
[2008/10/16 15:49:07 | 01,795,959 | -H-- | C] () -- C:\Users\ant\AppData\Local\IconCache.db
[2008/10/16 13:24:03 | 13,405,96224 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/16 12:24:43 | 52,423,056 | ---- | C] () -- C:\Users\ant\Desktop\zaSuiteSetup_80_059_000_en(2).exe
[2008/10/15 19:55:23 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2008/10/15 19:55:01 | 02,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/10/15 19:54:26 | 03,505,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/10/15 19:54:25 | 03,470,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/10/15 19:28:39 | 52,423,056 | ---- | C] () -- C:\Users\ant\Desktop\zaSuiteSetup_80_059_000_en.exe
[2008/10/15 11:22:20 | 00,266,128 | ---- | C] () -- C:\Users\ant\Desktop\zapSetup_en.exe
[2008/10/14 15:11:13 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\Malwarebytes
[2008/10/14 15:10:59 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 15:10:58 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/10/14 15:10:57 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/10/14 15:10:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/10/14 15:10:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/14 15:09:28 | 02,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ant\Desktop\mbam-setup.exe
[2008/10/13 23:17:56 | 00,087,040 | ---- | C] () -- C:\Users\ant\Desktop\BCH_3023_Exam2_Oct_2006_Answer_Key.doc
[2008/10/13 23:17:51 | 00,029,184 | ---- | C] () -- C:\Users\ant\Desktop\Enzyme Kinetic_Derivation of M&M_Equation.doc
[2008/10/13 23:17:39 | 00,025,088 | ---- | C] () -- C:\Users\ant\Desktop\First_Order_Kinetics_Handout.doc
[2008/10/13 17:29:03 | 00,000,911 | ---- | C] () -- C:\Users\ant\Desktop\EverQuest - Shortcut (2).lnk
[2008/10/13 14:35:48 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2008/10/13 14:35:48 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2008/10/13 14:35:48 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2008/10/13 14:35:47 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2008/10/13 14:35:12 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2008/10/13 14:35:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2008/10/13 14:35:08 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/10/13 14:35:08 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2008/10/13 14:35:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2008/10/13 14:35:08 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/10/13 14:35:07 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2008/10/13 14:35:07 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2008/10/13 14:35:07 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2008/10/13 14:35:07 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2008/10/13 14:35:07 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2008/10/13 14:35:07 | 00,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2008/10/13 14:35:06 | 00,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2008/10/13 14:35:06 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2008/10/13 14:35:05 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2008/10/13 14:35:04 | 00,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2008/10/13 14:35:01 | 00,694,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2008/10/13 14:35:01 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2008/10/13 14:35:01 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2008/10/13 14:35:01 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/10/13 14:35:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2008/10/13 14:35:00 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/10/13 14:35:00 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2008/10/13 14:35:00 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008/10/13 14:32:31 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/10/13 14:32:26 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/10/13 14:32:26 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/10/13 14:30:48 | 00,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2008/10/13 14:30:30 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2008/10/13 14:30:26 | 00,258,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2008/10/13 14:30:22 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/10/13 14:30:21 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2008/10/13 14:30:20 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2008/10/13 14:30:19 | 01,655,289 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2008/10/13 14:30:18 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2008/10/13 14:30:18 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2008/10/13 14:30:18 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2008/10/13 14:30:17 | 00,502,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2008/10/13 14:30:16 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2008/10/13 14:27:35 | 11,315,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/10/13 14:26:25 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/10/13 14:26:06 | 01,060,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2008/10/13 14:26:06 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/10/13 14:25:23 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/10/13 14:23:57 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2008/10/13 14:23:14 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/10/13 14:22:40 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2008/10/13 14:22:38 | 10,617,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2008/10/13 14:22:37 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2008/10/13 14:22:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2008/10/13 14:22:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2008/10/13 14:22:35 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2008/10/13 14:21:39 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2008/10/13 14:21:23 | 00,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2008/10/13 14:21:19 | 00,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2008/10/13 14:21:19 | 00,015,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2008/10/13 14:21:17 | 00,211,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2008/10/13 14:21:17 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/10/13 14:19:10 | 01,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2008/10/13 14:19:09 | 01,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2008/10/13 14:19:09 | 01,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2008/10/13 14:19:08 | 01,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2008/10/13 14:19:07 | 01,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2008/10/13 14:18:54 | 01,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2008/10/13 14:18:50 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2008/10/13 14:18:05 | 05,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2008/10/13 14:17:52 | 07,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2008/10/13 14:17:42 | 05,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2008/10/13 14:17:40 | 06,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2008/10/13 14:17:38 | 04,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2008/10/13 14:17:37 | 02,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2008/10/13 14:17:36 | 04,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2008/10/13 14:17:36 | 03,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2008/10/13 14:17:26 | 06,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2008/10/13 14:17:23 | 11,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2008/10/13 14:17:14 | 04,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2008/10/13 14:16:05 | 01,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2008/10/13 14:15:56 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/10/13 14:15:54 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/10/13 14:15:53 | 03,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2008/10/13 14:15:52 | 01,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2008/10/13 14:15:51 | 04,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2008/10/13 14:15:50 | 01,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2008/10/13 14:15:48 | 04,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2008/10/13 14:15:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2008/10/13 14:15:45 | 06,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2008/10/13 14:15:42 | 06,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2008/10/13 14:15:39 | 06,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2008/10/13 14:15:35 | 09,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2008/10/13 14:15:33 | 06,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2008/10/13 14:15:32 | 01,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2008/10/13 14:15:29 | 05,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2008/10/13 14:15:26 | 04,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2008/10/13 14:15:23 | 05,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2008/10/13 14:15:19 | 05,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2008/10/13 14:15:16 | 07,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2008/10/13 14:15:14 | 05,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2008/10/13 14:15:12 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2008/10/13 14:15:11 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2008/10/13 14:15:10 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2008/10/13 14:15:10 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2008/10/13 14:15:09 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2008/10/13 14:15:08 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2008/10/13 14:15:08 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2008/10/13 14:15:08 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2008/10/13 14:15:08 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2008/10/13 14:15:07 | 01,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2008/10/13 14:15:07 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2008/10/13 14:15:06 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2008/10/13 14:15:06 | 03,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2008/10/13 14:15:06 | 02,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2008/10/13 14:15:05 | 04,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2008/10/13 14:15:05 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2008/10/13 14:15:05 | 01,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2008/10/13 14:15:04 | 02,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2008/10/13 14:15:04 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2008/10/13 14:15:04 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2008/10/13 14:15:02 | 02,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2008/10/13 14:15:01 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2008/10/13 14:15:00 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2008/10/13 14:15:00 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2008/10/13 14:14:59 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2008/10/13 14:14:59 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2008/10/13 14:14:58 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2008/10/13 14:14:56 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2008/10/13 14:14:55 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2008/10/13 14:14:53 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2008/10/13 14:14:51 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2008/10/13 14:14:47 | 09,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2008/10/13 14:14:46 | 02,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2008/10/13 14:14:45 | 02,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2008/10/13 14:14:44 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2008/10/13 14:14:43 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2008/10/13 14:14:42 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2008/10/13 14:14:42 | 00,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/10/13 14:14:40 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2008/10/13 14:14:39 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2008/10/13 14:14:37 | 06,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2008/10/13 14:14:35 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2008/10/13 14:00:45 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2008/10/13 14:00:44 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2008/10/13 14:00:44 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2008/10/13 14:00:42 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2008/10/13 14:00:42 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2008/10/13 14:00:42 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2008/10/13 14:00:42 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2008/10/13 14:00:40 | 02,605,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/10/13 14:00:40 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2008/10/13 13:59:15 | 00,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2008/10/13 13:59:14 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2008/10/13 13:59:14 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2008/10/13 13:59:04 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2008/10/13 13:59:04 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2008/10/13 13:59:04 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2008/10/13 13:59:02 | 01,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2008/10/13 13:59:00 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/10/13 13:58:57 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2008/10/13 13:58:57 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2008/10/13 13:58:56 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/10/13 13:58:56 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2008/10/13 13:58:56 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2008/10/13 13:58:56 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2008/10/13 13:58:55 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2008/10/13 13:58:53 | 08,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2008/10/13 13:58:02 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2008/10/13 13:58:02 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/10/13 13:57:37 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2008/10/13 13:54:15 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2008/10/13 13:54:14 | 00,737,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/10/13 13:53:56 | 01,327,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/10/13 13:45:44 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/12 21:38:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2008/10/12 17:30:19 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/10/12 16:16:04 | 00,001,874 | ---- | C] () -- C:\Users\ant\Desktop\HijackThis.lnk
[2008/10/12 16:16:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/12 15:51:43 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2008/10/12 14:57:44 | 00,001,055 | ---- | C] () -- C:\Users\ant\Desktop\Spybot - Search & Destroy.lnk
[2008/10/12 14:57:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2008/10/12 14:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/12 13:11:38 | 00,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Watch.lnk
[2008/10/12 13:11:38 | 00,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2008/10/12 13:11:27 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/12 13:11:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2008/10/12 13:05:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/10 21:32:28 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2008/10/10 20:57:01 | 00,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2008/10/09 22:02:38 | 00,307,238 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2008/10/08 17:17:38 | 00,000,839 | ---- | C] () -- C:\Users\ant\Desktop\EverQuest - Shortcut.lnk
[2008/10/07 13:57:49 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\Ubisoft
[2008/10/07 13:57:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2008/10/07 13:57:19 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2008/10/07 13:57:19 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2008/10/07 13:57:16 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2008/10/07 13:57:11 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2008/10/07 13:57:11 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2008/10/07 13:57:08 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2008/10/07 13:57:03 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2008/10/07 13:57:03 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2008/10/07 13:57:00 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2008/10/07 13:56:58 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2008/10/07 13:56:53 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2008/10/07 13:56:53 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2008/10/07 13:56:49 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2008/10/07 13:56:48 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2008/10/07 13:56:47 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2008/10/07 13:56:45 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2008/10/07 13:56:43 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2008/10/07 13:56:43 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2008/10/07 13:56:40 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2008/10/07 13:56:38 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2008/10/07 13:56:37 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2008/10/07 13:56:35 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2008/10/07 13:56:35 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2008/10/07 13:56:33 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2008/10/07 12:21:30 | 00,000,000 | ---D | C] -- C:\Users\ant\Desktop\New Folder (7)
[2008/10/07 12:20:36 | 00,000,000 | ---D | C] -- C:\Users\ant\Desktop\New Folder (6)
[2008/10/06 13:55:36 | 00,000,000 | -HSD | C] -- C:\found.007
[2008/10/05 13:59:41 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\Gearbox Software
[2008/10/05 13:20:15 | 00,000,843 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2008/10/05 13:19:58 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\WinRAR
[2008/10/05 13:15:33 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2008/10/05 13:15:06 | 00,000,000 | ---D | C] -- C:\Program Files\Winrar 3.80
[2008/10/05 12:50:42 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2008/10/05 12:00:39 | 00,000,000 | ---D | C] -- C:\Users\ant\Desktop\New Folder (5)
[2008/10/05 01:21:47 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\MailFrontier
[2008/10/05 00:35:37 | 42,332,9568 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2008/10/05 00:35:37 | 03,346,748 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2008/10/05 00:31:08 | 00,147,984 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2008/10/05 00:30:24 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/10/05 00:29:46 | 00,349,222 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2008/10/04 14:46:53 | 00,149,747 | ---- | C] () -- C:\AnalysisLog.sr0
[2008/10/04 13:58:52 | 00,001,169 | ---- | C] () -- C:\Windows\mozver.dat
[2008/10/04 13:52:03 | 00,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/04 12:54:50 | 00,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2008/10/04 12:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2008/10/02 12:43:02 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\uTorrent
[2008/09/28 22:10:58 | 00,004,183 | ---- | C] () -- C:\rollback.ini
[2008/09/28 19:45:44 | 00,000,000 | ---D | C] -- C:\ProgramData\MailFrontier
[2008/09/28 18:04:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2008/09/28 17:57:25 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2008/09/28 17:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2008/09/28 17:52:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2008/09/28 17:51:53 | 00,000,000 | ---D | C] -- C:\Users\ant\Desktop\New Folder (4)
[2008/09/28 17:51:46 | 00,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2008/09/28 17:50:46 | 00,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2008/09/28 17:46:25 | 00,000,760 | ---- | C] () -- C:\Users\Public\Desktop\WinAce Archiver.lnk
[2008/09/28 17:45:42 | 00,000,000 | ---D | C] -- C:\Program Files\WinAce
[2008/09/28 15:52:37 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\AVGTOOLBAR
[2008/09/26 16:41:29 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/09/26 16:40:21 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.0.lnk
[2008/09/26 16:40:20 | 00,069,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys
[2008/09/26 16:40:20 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2008/09/26 16:40:16 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2008/09/26 16:40:14 | 28,869,184 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2008/09/26 16:40:14 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2008/09/26 16:40:14 | 00,043,628 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2008/09/26 16:40:14 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2008/09/26 16:40:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2008/09/26 16:39:53 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/09/26 16:39:52 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2008/09/26 15:57:27 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Local\Comodo
[2008/09/26 15:33:59 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2008/09/26 15:30:59 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2008/09/26 13:07:55 | 00,837,488 | -HS- | C] () -- C:\Windows\System32\oUvCKRqr.ini2
[2008/09/25 15:27:21 | 00,000,858 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall Pro.lnk
[2008/09/25 13:20:34 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\Comodo
[2008/09/25 13:20:33 | 00,143,104 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008/09/25 13:20:33 | 00,085,008 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2008/09/25 13:20:33 | 00,073,232 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2008/09/25 13:20:33 | 00,025,104 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2008/09/25 13:20:33 | 00,000,000 | ---D | C] -- C:\ProgramData\comodo
[2008/09/25 13:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2008/09/24 12:39:12 | 00,026,340 | ---- | C] () -- C:\Users\ant\AppData\Roaming\UserTile.png
[2008/09/24 12:39:12 | 00,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\PeerNetworking

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2008/10/23 17:10:08 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3FB71C29-888D-4BD3-999E-6FC875969E60}.job
[2008/10/23 16:22:41 | 00,349,222 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2008/10/23 16:21:33 | 00,000,458 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2008/10/23 16:21:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/10/23 16:21:04 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/10/23 16:21:04 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/10/23 16:20:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/10/23 16:20:17 | 13,405,96224 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/23 15:49:44 | 00,000,913 | ---- | M] () -- C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/23 15:48:50 | 00,000,733 | ---- | M] () -- C:\Users\ant\Desktop\NTREGOPT.lnk
[2008/10/23 15:48:43 | 00,000,714 | ---- | M] () -- C:\Users\ant\Desktop\ERUNT.lnk
[2008/10/23 12:41:06 | 00,004,183 | ---- | M] () -- C:\rollback.ini
[2008/10/22 22:30:59 | 01,795,959 | -H-- | M] () -- C:\Users\ant\AppData\Local\IconCache.db
[2008/10/21 16:00:13 | 42,332,9568 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2008/10/21 16:00:13 | 03,346,748 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2008/10/18 12:29:08 | 07,478,208 | ---- | M] (Microsoft Corporation) -- C:\Users\ant\Desktop\windows-kb890830-v2.3.exe
[2008/10/18 12:13:10 | 00,000,249 | ---- | M] () -- C:\Windows\win.ini
[2008/10/18 11:54:24 | 00,000,404 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2008/10/16 12:25:15 | 52,423,056 | ---- | M] () -- C:\Users\ant\Desktop\zaSuiteSetup_80_059_000_en(2).exe
[2008/10/16 03:19:00 | 00,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/10/15 22:24:37 | 00,043,628 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2008/10/15 22:24:34 | 28,869,184 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2008/10/15 19:29:04 | 52,423,056 | ---- | M] () -- C:\Users\ant\Desktop\zaSuiteSetup_80_059_000_en.exe
[2008/10/15 11:22:16 | 00,266,128 | ---- | M] () -- C:\Users\ant\Desktop\zapSetup_en.exe
[2008/10/14 18:01:43 | 00,001,356 | ---- | M] () -- C:\Users\ant\AppData\Local\d3d9caps.dat
[2008/10/14 15:10:59 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 15:09:28 | 02,189,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ant\Desktop\mbam-setup.exe
[2008/10/13 23:18:05 | 00,087,040 | ---- | M] () -- C:\Users\ant\Desktop\BCH_3023_Exam2_Oct_2006_Answer_Key.doc
[2008/10/13 23:17:52 | 00,029,184 | ---- | M] () -- C:\Users\ant\Desktop\Enzyme Kinetic_Derivation of M&M_Equation.doc
[2008/10/13 23:17:40 | 00,025,088 | ---- | M] () -- C:\Users\ant\Desktop\First_Order_Kinetics_Handout.doc
[2008/10/13 17:29:03 | 00,000,911 | ---- | M] () -- C:\Users\ant\Desktop\EverQuest - Shortcut (2).lnk
[2008/10/13 14:48:53 | 00,955,422 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/10/13 14:48:53 | 00,218,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/10/13 14:48:52 | 00,226,862 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/10/13 14:44:55 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2008/10/13 14:44:55 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2008/10/13 14:44:54 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/10/13 14:35:48 | 00,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2008/10/13 14:35:48 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2008/10/13 14:35:48 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2008/10/13 14:35:47 | 00,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2008/10/13 14:35:12 | 00,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2008/10/13 14:35:12 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2008/10/13 14:35:08 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/10/13 14:35:08 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2008/10/13 14:35:08 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2008/10/13 14:35:08 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/10/13 14:35:07 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2008/10/13 14:35:07 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2008/10/13 14:35:07 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2008/10/13 14:35:07 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2008/10/13 14:35:07 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2008/10/13 14:35:07 | 00,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2008/10/13 14:35:06 | 00,564,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2008/10/13 14:35:06 | 00,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2008/10/13 14:35:05 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2008/10/13 14:35:04 | 00,286,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2008/10/13 14:35:01 | 00,694,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2008/10/13 14:35:01 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2008/10/13 14:35:01 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2008/10/13 14:35:01 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/10/13 14:35:01 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2008/10/13 14:35:00 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/10/13 14:35:00 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2008/10/13 14:35:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008/10/13 14:32:31 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/10/13 14:32:27 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/10/13 14:32:26 | 01,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/10/13 14:30:48 | 00,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2008/10/13 14:30:30 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2008/10/13 14:30:26 | 00,258,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2008/10/13 14:30:23 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/10/13 14:30:21 | 00,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2008/10/13 14:30:20 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2008/10/13 14:30:19 | 01,655,289 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2008/10/13 14:30:18 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2008/10/13 14:30:18 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2008/10/13 14:30:18 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2008/10/13 14:30:17 | 00,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2008/10/13 14:30:16 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2008/10/13 14:27:35 | 11,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/10/13 14:26:25 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/10/13 14:26:06 | 01,060,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2008/10/13 14:26:06 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/10/13 14:25:23 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/10/13 14:23:57 | 00,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2008/10/13 14:23:14 | 00,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/10/13 14:22:41 | 08,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2008/10/13 14:22:39 | 10,617,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2008/10/13 14:22:37 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2008/10/13 14:22:36 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2008/10/13 14:22:36 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2008/10/13 14:22:35 | 00,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2008/10/13 14:21:39 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2008/10/13 14:21:23 | 00,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2008/10/13 14:21:19 | 00,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2008/10/13 14:21:19 | 00,015,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2008/10/13 14:21:18 | 00,211,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2008/10/13 14:21:17 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/10/13 14:19:11 | 01,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2008/10/13 14:19:10 | 01,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2008/10/13 14:19:09 | 01,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2008/10/13 14:19:08 | 01,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2008/10/13 14:19:07 | 01,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2008/10/13 14:18:55 | 01,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2008/10/13 14:18:51 | 02,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2008/10/13 14:18:06 | 05,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2008/10/13 14:17:54 | 07,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2008/10/13 14:17:44 | 05,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2008/10/13 14:17:42 | 06,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2008/10/13 14:17:40 | 04,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2008/10/13 14:17:38 | 02,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2008/10/13 14:17:37 | 04,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2008/10/13 14:17:36 | 03,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2008/10/13 14:17:33 | 06,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2008/10/13 14:17:23 | 11,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2008/10/13 14:17:14 | 04,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2008/10/13 14:16:05 | 01,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2008/10/13 14:16:01 | 12,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/10/13 14:15:55 | 02,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/10/13 14:15:54 | 03,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2008/10/13 14:15:53 | 01,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2008/10/13 14:15:52 | 04,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2008/10/13 14:15:50 | 01,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2008/10/13 14:15:49 | 04,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2008/10/13 14:15:48 | 06,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2008/10/13 14:15:48 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2008/10/13 14:15:44 | 06,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2008/10/13 14:15:41 | 06,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2008/10/13 14:15:38 | 09,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2008/10/13 14:15:35 | 06,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2008/10/13 14:15:32 | 01,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2008/10/13 14:15:31 | 05,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2008/10/13 14:15:28 | 04,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2008/10/13 14:15:26 | 05,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2008/10/13 14:15:23 | 05,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2008/10/13 14:15:19 | 07,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2008/10/13 14:15:16 | 05,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2008/10/13 14:15:14 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2008/10/13 14:15:12 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2008/10/13 14:15:11 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2008/10/13 14:15:10 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2008/10/13 14:15:09 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2008/10/13 14:15:09 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2008/10/13 14:15:08 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2008/10/13 14:15:08 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2008/10/13 14:15:08 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2008/10/13 14:15:07 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2008/10/13 14:15:07 | 01,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2008/10/13 14:15:07 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2008/10/13 14:15:06 | 03,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2008/10/13 14:15:06 | 02,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2008/10/13 14:15:05 | 04,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2008/10/13 14:15:05 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2008/10/13 14:15:05 | 01,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2008/10/13 14:15:04 | 02,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2008/10/13 14:15:04 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2008/10/13 14:15:04 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2008/10/13 14:15:03 | 02,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2008/10/13 14:15:01 | 04,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2008/10/13 14:15:00 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2008/10/13 14:15:00 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2008/10/13 14:14:59 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2008/10/13 14:14:59 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2008/10/13 14:14:58 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2008/10/13 14:14:57 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2008/10/13 14:14:56 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2008/10/13 14:14:54 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2008/10/13 14:14:53 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2008/10/13 14:14:51 | 09,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2008/10/13 14:14:46 | 02,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2008/10/13 14:14:46 | 02,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2008/10/13 14:14:45 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2008/10/13 14:14:44 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2008/10/13 14:14:43 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2008/10/13 14:14:42 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/10/13 14:14:41 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2008/10/13 14:14:39 | 06,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2008/10/13 14:14:39 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2008/10/13 14:14:36 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2008/10/13 14:00:45 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2008/10/13 14:00:44 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2008/10/13 14:00:44 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2008/10/13 14:00:42 | 00,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2008/10/13 14:00:42 | 00,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2008/10/13 14:00:42 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2008/10/13 14:00:42 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2008/10/13 14:00:40 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/10/13 14:00:40 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2008/10/13 13:59:15 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2008/10/13 13:59:14 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2008/10/13 13:59:14 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2008/10/13 13:59:04 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2008/10/13 13:59:04 | 00,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2008/10/13 13:59:04 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2008/10/13 13:59:03 | 01,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2008/10/13 13:59:00 | 00,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/10/13 13:58:57 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2008/10/13 13:58:57 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2008/10/13 13:58:56 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/10/13 13:58:56 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2008/10/13 13:58:56 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2008/10/13 13:58:56 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2008/10/13 13:58:55 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2008/10/13 13:58:53 | 08,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2008/10/13 13:58:02 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2008/10/13 13:58:02 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/10/13 13:57:37 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2008/10/13 13:54:15 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2008/10/13 13:54:14 | 00,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/10/13 13:53:56 | 01,327,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/10/13 13:45:45 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2008/10/12 21:23:51 | 00,056,622 | ---- | M] () -- C:\VETlog.dmp
[2008/10/12 17:30:34 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2008/10/12 16:19:26 | 00,001,874 | ---- | M] () -- C:\Users\ant\Desktop\HijackThis.lnk
[2008/10/12 14:57:44 | 00,001,055 | ---- | M] () -- C:\Users\ant\Desktop\Spybot - Search & Destroy.lnk
[2008/10/12 13:11:38 | 00,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Watch.lnk
[2008/10/12 13:11:38 | 00,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2008/10/10 22:16:45 | 00,002,560 | ---- | M] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2008/10/10 20:15:27 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts
[2008/10/09 22:02:38 | 00,307,238 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2008/10/08 17:17:38 | 00,000,839 | ---- | M] () -- C:\Users\ant\Desktop\EverQuest - Shortcut.lnk
[2008/10/07 12:19:42 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2008/10/05 13:20:15 | 00,000,843 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2008/10/04 14:47:54 | 00,149,747 | ---- | M] () -- C:\AnalysisLog.sr0
[2008/10/04 13:58:58 | 00,001,169 | ---- | M] () -- C:\Windows\mozver.dat
[2008/10/04 13:52:03 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2008/10/04 12:54:50 | 00,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2008/09/28 17:46:25 | 00,000,760 | ---- | M] () -- C:\Users\Public\Desktop\WinAce Archiver.lnk
[2008/09/26 16:40:21 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.0.lnk
[2008/09/26 16:40:20 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys
[2008/09/26 16:40:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2008/09/26 16:40:16 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2008/09/26 16:40:14 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2008/09/26 16:40:14 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2008/09/26 13:10:57 | 00,837,488 | -HS- | M] () -- C:\Windows\System32\oUvCKRqr.ini2
[2008/09/25 15:27:21 | 00,000,858 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall Pro.lnk
[2008/09/25 13:20:29 | 00,143,104 | ---- | M] () -- C:\Windows\System32\guard32.dll
[2008/09/25 13:20:29 | 00,085,008 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2008/09/25 13:20:29 | 00,073,232 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2008/09/25 13:20:29 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2008/09/24 12:39:12 | 00,026,340 | ---- | M] () -- C:\Users\ant\AppData\Roaming\UserTile.png
< End of report >

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 AM

Posted 23 October 2008 - 04:28 PM

Hello ant2009.

Looks good :thumbsup: . Just had missed a file to delete.

Create and Run Batch Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    for %%a in (
    "C:\Windows\System32\oUvCKRqr.ini2"
    ) do (
    IF exist "%%~a" (
    attrib -s -r -h "%%~a"
    del /q /f "%%~a"
    if not exist "%%~a" (
    ECHO %%~a -Deleted.>>Report.txt
    ) ELSE (
    ECHO %%~a -Failed to delete.>>Report.txt
    )
    ) ELSE (
    ECHO %%~a -Not found.>>Report.txt
    )
    )
    start notepad report
    del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Right click the icon and select Run as Administrator. If it does not say deleted, then post back to me.
-----------

Download and Run OTCleanIt
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Delete the file after use.

Remove ERUNT Backups
You should remove all the backups that ERUNT has made. Those backups may contain old registry keys, possibly those created by malware.

Delete everything under:
C:\WINDOWS\erdnt\

ERUNT will automatically remove backups older than 30 days, so there is no need to clear that folder manually in the future.

It is a good idea to have ERUNT installed, even when you are not infected. Tasks like installing programs and changing settings, which involve working with the registry, can cause problems that can be quickly undone by reverting to a backup. However, if you with to uninstall the program, do so using Add/Remove Programs.

Set New System Restore Point
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restor.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

For general slowness problems, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#15 ant2009

ant2009
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 October 2008 - 04:48 PM

thanks alot for the help btw. the only questions i can think of is....where do these
viruses and things store what you type. Is there a specific folder. And if someone did have keylogger of some type on my computer would all those programs you ran be able to find it.
also if i run more scans at a later time and find something is ok to post back here or should i start a new topic ...thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users