Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection! not sure with what


  • This topic is locked This topic is locked
16 replies to this topic

#1 slamdeal

slamdeal

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 09 December 2008 - 05:50 PM

I'm not sure what site I was on yesterday, but ESET gave a warning that it was blocking a site and some file because of some malicious stuff. I thought it took care of it, until later i noticed i had winmore securite (or something like that).

I tried to run malware, but it wont let it, nor any other online scanners even in safe mode. Kaspersky found one virus, and it removed it, but the infection still exists.

I ran RSIT, OTView, and GMER.

Attached are the logs. - OT VIEW pasted here, exceeded attachment space

Thanks so much!!!

PS> I have all network traffic disabled by ESET, but i got a message that some address was blocked (64.69.33.135:80/... .... .... i dont have the last part)


OTVIEW:

OTViewIt logfile created on: 12/9/2008 2:24:20 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 651.70 Mb Available Physical Memory | 63.74% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 32.54 Gb Free Space | 28.42% Space Free | Partition Type: NTFS
Drive D: | 167.68 Gb Total Space | 6.85 Gb Free Space | 4.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 978.72 Mb Total Space | 945.77 Mb Free Space | 96.63% Space Free | Partition Type: FAT

Computer Name: DRAGOS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/12/21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[2008/10/22 16:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2006/08/11 14:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2008/07/01 09:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
[2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[2008/12/08 22:09:34 | 00,075,817 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\073A1E80.exe
[2007/08/03 12:51:06 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
[2008/12/03 19:07:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2007/08/03 12:51:18 | 01,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[2008/04/13 16:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/12/09 12:01:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Stopped])
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/01 09:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2007/12/21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
[2008/12/03 19:07:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/10/22 16:10:24 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
[2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 13:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/08/11 14:48:08 | 00,087,552 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\commonfx.dll -- (COMMONFX.DLL [On_Demand | Stopped])
[2006/08/11 14:48:50 | 00,158,720 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])
[2006/08/11 14:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2006/08/11 14:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2006/08/11 14:48:12 | 00,536,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctaudfx.dll -- (CTAUDFX.DLL [On_Demand | Stopped])
[2005/11/10 17:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2006/08/11 14:48:28 | 00,160,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\cteapsfx.dll -- (CTEAPSFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:40 | 00,269,824 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:50 | 00,115,200 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])
[2006/08/11 14:48:06 | 00,317,952 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])
[2006/08/11 14:48:42 | 01,170,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTEXFIFX.dll -- (CTEXFIFX.DLL [On_Demand | Stopped])
[2006/08/11 14:48:52 | 00,061,952 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])
[2006/08/11 14:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2006/08/11 14:48:32 | 00,548,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctsblfx.dll -- (CTSBLFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/07/01 08:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2008/07/01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2006/08/11 14:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/07/01 09:04:34 | 00,071,688 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw [Auto | Running])
[2008/07/01 09:04:36 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis [On_Demand | Running])
[2008/07/01 09:04:38 | 00,054,280 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi [System | Running])
[2001/08/17 04:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/08/11 14:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2006/08/11 14:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Stopped])
[2006/08/11 14:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/12/09 12:15:09 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2008/03/20 11:14:16 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
[2008/03/20 10:03:40 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/11 14:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/05/03 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/04/16 14:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2008/05/03 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 10:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie_rsearch.html

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/12/03 19:52:29 | 00,000,000 | ---D | M]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/12/03 19:52:29 | 00,000,000 | ---D | M]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
"ESPN BottomLine"=C:\Program Files\ESPN\BottomLine\bline.exe (ESPN Enterprises, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoJITSetup"=1
"NoWebJITSetup"=1

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoRemoteRecursiveEvents"=1
"MemCheckBoxInRunDlg"=1
"NoCDBurning"=1
"StartMenuFavorites"=0
"Start_ShowMyComputer"=1
"Start_ShowMyDocs"=1
"Start_ShowMyMusic"=0
"Start_ShowRun"=1
"Start_ShowSearch"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0
"VerboseStatus"=1
"NoInternetOpenWith"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoStartBanner"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoActiveDesktop"=1
"NoRecentDocsMenu"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [2008/07/29 20:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{6C269571-C6D7-4818-BCA4-32A035E8C884}: http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab -- Creative Software AutoUpdate
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.microsoft.com/download/7/E...04/clearadj.cab -- CTAdjust Class
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su/...15106/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{636B8AE1-DC71-41F5-8EAB-F239A7EA919E} (Servers: | Description: VIA PCI 10/100Mb Fast Ethernet Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
>File not found --
>[2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
>[2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/09 14:23:39 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/09 14:23:30 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/09 12:23:09 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\klif.spi
[2008/12/09 12:16:07 | 00,096,559 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/12/09 12:16:07 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/12/09 12:15:30 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/12/09 12:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/12/09 12:15:09 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/12/09 12:14:15 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/12/09 12:14:15 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2008/12/09 12:14:12 | 33,138,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\kav8.0.0.454en.exe
[2008/12/09 12:14:12 | 00,402,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2008/12/09 12:02:48 | 10,721,56672 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/09 11:57:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/09 11:44:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/12/08 22:09:34 | 00,075,817 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\073A1E80.exe
[2008/12/08 18:13:18 | 00,000,499 | ---- | C] () -- C:\WINDOWS\apdfpr.ini
[2008/12/08 18:05:44 | 00,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2008/12/08 17:58:51 | 00,015,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mloa(Letter).PDF
[2008/12/08 16:40:13 | 01,966,586 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Oh You Mad Cuz I'm Stylin On You_.AVI
[2008/12/08 14:42:27 | 00,433,559 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\herro.MP3
[2008/12/08 12:24:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\incredibad
[2008/12/07 22:12:48 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/12/07 22:12:48 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/12/06 11:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\ESPN
[2008/12/06 00:04:42 | 00,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2008/12/05 11:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Updater5
[2008/12/05 10:09:08 | 00,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2008/12/05 10:09:08 | 00,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2008/12/05 10:08:07 | 00,000,000 | ---D | C] -- C:\Envision
[2008/12/05 10:07:50 | 00,000,000 | ---D | C] -- C:\CLOSED
[2008/12/04 19:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2008/12/04 19:18:52 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2008/12/04 18:17:29 | 00,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2008/12/04 16:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SorensonMedia
[2008/12/04 15:37:17 | 00,000,000 | ---D | C] -- C:\Program Files\vixy.net
[2008/12/03 20:05:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/12/03 19:50:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Control Panels
[2008/12/03 19:47:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2008/12/03 19:28:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2008/12/03 19:21:24 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/12/03 19:21:24 | 00,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2008/12/03 19:17:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/03 19:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/12/03 19:09:28 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/12/03 19:07:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2008/12/03 14:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/12/03 13:17:14 | 00,001,728 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2008/12/03 09:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BPFTP
[2008/12/03 09:25:13 | 00,001,190 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mp3s.lnk
[2008/12/03 09:10:53 | 00,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Point.lnk
[2008/12/03 09:10:25 | 00,135,680 | ---- | C] (Fannie Mae) -- C:\WINDOWS\System32\escli32.dll
[2008/12/03 09:10:25 | 00,091,136 | ---- | C] (Sax Software Corp.) -- C:\WINDOWS\System32\saxcom32.dll
[2008/12/03 09:10:25 | 00,045,568 | ---- | C] (Sax Software) -- C:\WINDOWS\System32\saxxfr32.dll
[2008/12/03 09:10:25 | 00,011,691 | ---- | C] () -- C:\WINDOWS\System32\MODEM.LST
[2008/12/03 09:10:25 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\ini.bat
[2008/12/03 09:10:24 | 01,175,552 | ---- | C] (Tidestone Technologies, Inc.) -- C:\WINDOWS\System32\TTF16.ocx
[2008/12/03 09:10:24 | 00,448,192 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Tab32x30.ocx
[2008/12/03 09:10:23 | 00,458,752 | ---- | C] (Office OCX - Office Viewer ActiveX Control) -- C:\WINDOWS\System32\OA_FullVersion.ocx
[2008/12/03 09:10:23 | 00,172,032 | ---- | C] (Software Artisans, Inc. (http://www.softartisans.com)) -- C:\WINDOWS\System32\SAXFile.dll
[2008/12/03 09:10:22 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2008/12/03 09:10:22 | 00,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2008/12/03 09:10:22 | 00,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2008/12/03 09:10:22 | 00,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2008/12/03 09:10:22 | 00,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2008/12/03 09:10:21 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/12/03 09:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2008/12/03 09:10:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2008/12/03 09:09:41 | 01,064,960 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\acXMLParser.dll
[2008/12/03 09:09:39 | 01,064,960 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2008/12/03 09:08:45 | 00,000,000 | ---D | C] -- C:\PNTDATA
[2008/12/03 09:08:43 | 00,000,000 | ---D | C] -- C:\WINPOINT
[2008/12/03 09:08:43 | 00,000,000 | ---D | C] -- C:\PNTTEMPL
[2008/12/03 09:08:41 | 00,000,838 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2008/12/03 09:07:14 | 00,000,573 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2008/12/03 09:06:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2008/12/03 09:02:17 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2008/12/03 09:01:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2008/12/03 09:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2008/12/03 08:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\BulletProof FTP Client v2.6
[2008/12/02 20:06:58 | 00,002,561 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Excel.lnk
[2008/12/02 20:06:54 | 00,002,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Word.lnk
[2008/12/02 20:05:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Movies
[2008/12/02 19:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2008/12/02 19:58:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2008/12/02 19:57:07 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2008/12/02 19:57:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/12/02 19:56:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2008/12/02 19:53:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/12/02 19:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/12/02 19:26:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/12/02 19:20:04 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/02 19:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/02 19:20:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2008/12/02 19:01:15 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2008/12/02 18:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2008/12/02 18:59:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/12/02 18:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2008/12/02 18:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2008/12/02 18:50:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2008/12/02 18:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2008/12/02 18:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/12/02 18:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/12/02 18:48:46 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/12/02 18:26:22 | 00,000,524 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job
[2008/12/02 18:23:14 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2008/12/02 18:19:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2008/12/02 18:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/12/02 18:09:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/02 18:09:08 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/02 18:09:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/02 18:09:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/02 18:06:38 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\!!Downloads!!
[2008/12/02 18:00:30 | 00,000,000 | ---D | C] -- C:\Program Files\Sorenson Media
[2008/12/02 17:51:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\iTunes Music
[2008/12/02 17:43:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\WORK
[2008/12/02 17:22:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Music
[2008/12/02 17:14:22 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\old
[2008/12/02 17:09:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2008/12/02 17:09:15 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2008/12/02 17:07:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/12/02 17:07:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/12/02 17:07:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/02 17:07:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/12/02 16:52:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/12/02 16:52:03 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/02 16:52:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/12/02 16:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2008/12/02 16:51:54 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/12/02 16:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/02 16:51:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2008/12/02 16:23:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/02 16:15:12 | 00,030,264 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,030,264 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,027,816 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,027,816 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/12/02 16:15:12 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2008/12/02 16:15:02 | 03,162,278 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.BAK
[2008/12/02 16:09:37 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2008/12/02 16:09:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults
[2008/12/02 16:09:29 | 03,162,278 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.CDF
[2008/12/02 16:08:44 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/12/02 16:08:44 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/12/02 16:08:44 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/12/02 16:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2008/12/02 16:00:58 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2008/12/02 15:53:07 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2008/12/02 15:52:44 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2008/12/02 15:50:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2008/12/02 15:46:14 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2008/12/02 15:42:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/02 15:38:12 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/12/02 15:38:12 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/12/02 15:38:09 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/12/02 15:38:09 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/12/02 15:38:08 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2008/12/02 15:38:08 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/12/02 15:38:06 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/12/02 15:38:06 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/12/02 15:38:04 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/12/02 15:38:04 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/12/02 15:38:03 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/12/02 15:38:03 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/12/02 15:38:01 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/12/02 15:38:01 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/12/02 15:37:59 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/12/02 15:37:59 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/12/02 15:37:58 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys
[2008/12/02 15:37:58 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2008/12/02 15:37:56 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys
[2008/12/02 15:37:56 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2008/12/02 15:37:55 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
[2008/12/02 15:37:55 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2008/12/02 15:37:18 | 00,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/12/02 15:37:18 | 00,114,688 | ---- | C] (Portions Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/12/02 15:37:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Creative
[2008/12/02 15:37:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\data
[2008/12/02 15:36:59 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/12/02 15:36:59 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/12/02 15:36:59 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/12/02 15:36:59 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/12/02 15:36:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2008/12/02 15:36:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2008/12/02 15:36:58 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/12/02 15:36:58 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/12/02 15:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2008/12/02 15:32:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2008/12/02 15:32:53 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2008/12/02 15:28:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/02 15:20:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/12/02 15:19:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/02 15:14:15 | 00,070,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/02 15:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/02 15:14:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2008/12/02 15:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2008/12/02 15:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2008/12/02 15:03:38 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/12/02 15:03:37 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/12/02 15:03:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/12/02 15:03:36 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/12/02 15:03:36 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/12/02 15:03:35 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/12/02 15:03:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/12/02 15:03:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/12/02 15:03:27 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/12/02 15:03:23 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/12/02 15:03:23 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/12/02 15:03:14 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/12/02 15:03:11 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/12/02 15:03:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/12/02 15:03:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/12/02 15:02:49 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2008/12/02 15:02:49 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2008/12/02 15:02:45 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2008/12/02 15:02:44 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/12/02 15:02:42 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/12/02 15:02:42 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/12/02 15:02:42 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/12/02 15:02:40 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/12/02 15:02:36 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/12/02 15:02:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/12/02 15:02:33 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/12/02 15:02:33 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/12/02 15:02:33 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/12/02 15:02:31 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/12/02 15:02:30 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/12/02 15:02:30 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/12/02 14:58:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/02 14:58:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2008/12/02 14:58:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/12/02 14:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/12/02 14:54:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/12/02 14:50:52 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/02 14:49:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/12/02 14:46:14 | 04,316,176 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/02 14:45:18 | 19,148,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/02 14:45:04 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/12/02 14:45:04 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/12/02 14:45:04 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/12/02 14:45:04 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/12/02 14:45:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/12/02 06:44:53 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2008/12/02 06:44:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/12/02 06:44:50 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/12/02 06:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/12/02 06:44:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2008/12/02 06:43:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/02 06:42:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/02 06:42:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/02 06:41:58 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2008/12/02 06:41:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/02 06:41:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2008/12/02 06:41:28 | 00,062,633 | ---- | C] () -- C:\WINDOWS\prio197uninstall.exe
[2008/12/02 06:41:28 | 00,000,135 | ---- | C] () -- C:\WINDOWS\System32\prio.ini
[2008/12/02 06:41:05 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/12/02 06:41:05 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2008/12/02 06:41:05 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2008/12/02 06:41:05 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2008/12/02 06:41:05 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/12/02 06:41:05 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/02 06:41:05 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2008/12/02 06:41:05 | 00,094,208 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pskill.exe
[2008/12/02 06:41:05 | 00,013,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\LAYOUT.DLL
[2008/12/02 06:41:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sleep.exe
[2008/12/02 06:41:04 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/12/02 06:41:04 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/12/02 06:41:04 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/12/02 06:41:04 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2008/12/02 06:41:04 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/12/02 06:41:04 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2008/12/02 06:41:04 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2008/12/02 06:41:04 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2008/12/02 06:41:04 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2008/12/02 06:41:04 | 00,155,720 | ---- | C] () -- C:\WINDOWS\System32\CDR.exe
[2008/12/02 06:41:04 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe
[2008/12/02 06:41:04 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2008/12/02 06:41:04 | 00,005,405 | ---- | C] () -- C:\WINDOWS\System32\CHNGTEXT.EXE
[2008/12/02 06:41:04 | 00,001,754 | ---- | C] () -- C:\WINDOWS\System32\CHOICE.COM
[2008/12/02 06:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2008/12/02 06:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/02 06:41:02 | 00,000,000 | ---D | C] -- C:\eXPerience
[2008/12/02 06:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/12/02 06:40:15 | 00,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2008/12/02 06:40:15 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2008/12/02 06:40:11 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008/12/02 06:40:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2008/12/02 06:40:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2008/12/02 06:40:07 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:40:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/12/02 06:40:07 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/12/02 06:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2008/12/02 06:39:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/12/02 06:39:51 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/02 06:39:50 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2008/12/02 06:39:44 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2008/12/02 06:38:49 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/02 06:38:20 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/02 06:38:20 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/02 06:38:20 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/12/02 06:38:16 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/02 06:38:16 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/02 06:38:14 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/02 06:38:05 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/12/02 06:38:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2008/12/02 06:37:08 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2008/12/02 06:37:08 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/12/02 06:36:57 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2008/12/02 06:36:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2008/12/02 06:36:32 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2008/12/02 06:36:30 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/12/02 06:36:30 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/12/02 06:36:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/12/02 06:36:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/12/02 06:36:24 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/12/02 06:36:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/12/02 06:36:23 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/12/02 06:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2008/12/02 06:36:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/12/02 06:36:20 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/12/02 06:36:20 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2008/12/02 06:36:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2008/12/02 06:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2008/12/02 06:36:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2008/12/02 06:36:13 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/12/02 06:36:13 | 00,203,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/12/02 06:36:13 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2008/12/02 06:36:13 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2008/12/02 06:36:12 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/12/02 06:36:12 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/12/02 06:36:12 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/12/02 06:36:12 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/12/02 06:36:12 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2008/12/02 06:36:12 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/12/02 06:36:12 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/12/02 06:36:12 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/12/02 06:36:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/12/02 06:36:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/12/02 06:36:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/12/02 06:36:11 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/12/02 06:36:11 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/12/02 06:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2008/12/02 06:35:52 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2008/12/02 06:35:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2008/12/02 06:35:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2008/12/02 06:35:52 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2008/12/02 06:35:50 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2008/12/02 06:35:50 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2008/12/02 06:35:49 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2008/12/02 06:35:49 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2008/12/02 06:35:49 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/12/02 06:35:49 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/12/02 06:35:49 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2008/12/02 06:35:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2008/12/02 06:35:48 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/12/02 06:35:48 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/12/02 06:35:48 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/12/02 06:35:48 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/12/02 06:35:48 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/12/02 06:35:48 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/12/02 06:35:45 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/12/02 06:35:45 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/12/02 06:35:45 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/12/02 06:35:45 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2008/12/02 06:35:44 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/12/02 06:35:43 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/12/02 06:35:43 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/12/02 06:35:43 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/12/02 06:35:43 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2008/12/02 06:35:42 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/12/02 06:35:42 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/12/02 06:35:42 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/12/02 06:35:42 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/12/02 06:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2008/12/02 06:35:34 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2008/12/02 06:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/12/02 06:35:05 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/02 06:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/12/02 06:34:53 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/12/02 06:34:53 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/12/02 06:34:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2008/12/02 06:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/12/02 06:34:39 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/12/02 06:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2008/12/02 06:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2008/12/02 06:34:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/12/02 06:34:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2008/12/02 06:34:20 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2008/12/02 06:34:20 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/12/02 06:34:20 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2008/12/02 06:34:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2008/12/02 06:34:19 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/12/02 06:34:15 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/02 06:34:15 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/02 06:34:15 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/02 06:34:15 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/02 06:34:15 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/02 06:34:14 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/02 06:34:14 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/02 06:34:14 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/02 06:34:14 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/02 06:34:14 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/02 06:34:14 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/02 06:34:13 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/12/02 06:34:13 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/12/02 06:34:13 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/12/02 06:34:13 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2008/12/02 06:34:12 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2008/12/02 06:34:12 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2008/12/02 06:34:12 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2008/12/02 06:34:12 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2008/12/02 06:34:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2008/12/02 06:34:12 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/12/02 06:34:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2008/12/02 06:34:12 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2008/12/02 06:34:12 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/12/02 06:34:11 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2008/12/02 06:34:11 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/12/02 06:34:11 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2008/12/02 06:34:11 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/12/02 06:34:11 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2008/12/02 06:34:11 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2008/12/02 06:34:11 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2008/12/02 06:34:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2008/12/02 06:34:11 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/12/02 06:34:11 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/12/02 06:34:05 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/12/02 06:33:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2008/12/02 06:33:55 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/12/02 06:33:55 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2008/12/02 06:33:55 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2008/12/02 06:33:55 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/12/02 06:33:54 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/12/02 06:33:54 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/12/02 06:33:54 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/12/02 06:33:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2008/12/02 06:33:53 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/12/02 06:33:53 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/12/02 06:33:53 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/12/02 06:33:53 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2008/12/02 06:33:53 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/12/02 06:33:53 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/12/02 06:33:53 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/12/02 06:33:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/12/02 06:33:52 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/12/02 06:33:52 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2008/12/02 06:33:52 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008/12/02 06:33:52 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2008/12/02 06:33:52 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/12/02 06:33:52 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2008/12/02 06:33:52 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2008/12/02 06:33:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2008/12/02 06:33:51 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/12/02 06:33:51 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/12/02 06:33:51 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2008/12/02 06:33:51 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2008/12/02 06:33:51 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2008/12/02 06:33:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2008/12/02 06:33:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/12/02 06:33:51 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2008/12/02 06:33:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2008/12/02 06:33:50 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2008/12/02 06:33:50 | 00,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/12/02 06:33:50 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2008/12/02 06:33:50 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/12/02 06:33:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2008/12/02 06:33:49 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2008/12/02 06:33:49 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/12/02 06:33:49 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/12/02 06:33:49 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/12/02 06:33:49 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/12/02 06:33:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/12/02 06:33:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2008/12/02 06:33:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/12/02 06:33:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2008/12/02 06:33:48 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/12/02 06:33:48 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/12/02 06:33:48 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/12/02 06:33:48 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/12/02 06:33:48 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/12/02 06:33:48 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/12/02 06:33:48 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/12/02 06:33:47 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/12/02 06:33:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2008/12/02 06:33:42 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2008/12/02 06:33:42 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/12/02 06:33:42 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/12/02 06:33:38 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/12/02 06:33:38 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/12/02 06:33:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/12/02 06:32:43 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2008/12/02 06:31:58 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/12/02 06:31:12 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2008/12/02 06:31:00 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\drivers\ltmdmnt.sys
[2008/12/02 06:29:18 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2008/12/02 06:29:16 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/02 06:29:13 | 00,472,824 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/02 06:29:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2008/12/02 06:29:12 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/02 06:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2008/12/02 06:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2008/12/02 06:29:08 | 00,000,000 | R--D | C] -- C:\Program Files
[2008/12/02 06:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2008/12/02 06:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2008/12/02 06:29:05 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2008/12/02 06:29:05 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2008/12/02 06:29:05 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2008/12/02 06:29:01 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2008/12/02 06:29:01 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2008/12/02 06:29:01 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2008/12/02 06:29:01 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2008/12/02 06:28:59 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2008/12/02 06:28:59 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2008/12/02 06:28:58 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2008/12/02 06:28:57 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2008/12/02 06:28:52 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/12/02 06:28:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/12/02 06:28:51 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2008/12/02 06:28:51 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2008/12/02 06:28:51 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2008/12/02 06:28:51 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2008/12/02 06:28:51 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2008/12/02 06:28:51 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2008/12/02 06:28:51 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2008/12/02 06:28:51 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2008/12/02 06:28:51 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2008/12/02 06:28:51 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2008/12/02 06:28:51 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2008/12/02 06:28:50 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2008/12/02 06:28:50 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2008/12/02 06:28:50 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2008/12/02 06:28:50 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2008/12/02 06:28:50 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2008/12/02 06:28:50 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2008/12/02 06:28:50 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2008/12/02 06:28:50 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2008/12/02 06:28:50 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2008/12/02 06:28:50 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2008/12/02 06:28:49 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2008/12/02 06:28:49 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2008/12/02 06:28:49 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/12/02 06:28:49 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2008/12/02 06:28:49 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/12/02 06:28:48 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2008/12/02 06:28:48 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/12/02 06:28:48 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2008/12/02 06:28:38 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/02 06:28:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2008/12/02 06:28:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2008/12/02 06:28:18 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/02 06:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2008/12/02 06:27:01 | 01,556,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/02 06:27:01 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/12/02 06:26:22 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2008/12/02 06:26:19 | 00,000,950 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/02 06:23:00 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2008/12/02 06:23:00 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2008/12/02 06:23:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/09 12:23:09 | 00,000,000 | -HS- | M] () -- C:\WINDOWS\klif.spi
[2008/12/09 12:18:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/09 12:18:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/09 12:18:31 | 10,721,56672 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/09 12:17:32 | 00,030,264 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/09 12:17:32 | 00,030,264 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/09 12:17:32 | 00,027,816 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/09 12:17:32 | 00,027,816 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/09 12:17:32 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/09 12:17:32 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/12/09 12:17:32 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/12/09 12:17:20 | 04,316,176 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/09 12:17:19 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.CDF
[2008/12/09 12:17:19 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.BAK
[2008/12/09 12:16:07 | 00,096,559 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/12/09 12:16:07 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/12/09 12:15:09 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/12/09 12:01:20 | 00,402,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2008/12/09 12:01:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/12/09 11:59:58 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2008/12/09 11:56:20 | 33,138,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\kav8.0.0.454en.exe
[2008/12/09 11:05:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/09 11:04:13 | 00,000,838 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2008/12/09 04:10:00 | 00,000,524 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job
[2008/12/08 22:09:34 | 00,075,817 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\073A1E80.exe
[2008/12/08 18:14:05 | 00,015,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mloa(Letter).PDF
[2008/12/08 18:13:29 | 00,000,499 | ---- | M] () -- C:\WINDOWS\apdfpr.ini
[2008/12/08 16:40:15 | 01,966,586 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Oh You Mad Cuz I'm Stylin On You_.AVI
[2008/12/08 14:42:28 | 00,433,559 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\herro.MP3
[2008/12/05 10:09:08 | 00,000,058 | ---- | M] () -- C:\WINDOWS\mchguid.ini
[2008/12/05 10:09:08 | 00,000,058 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2008/12/04 21:43:36 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2008/12/04 18:38:16 | 00,472,824 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/04 18:38:16 | 00,403,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/04 18:38:16 | 00,063,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/04 09:33:12 | 01,556,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/03 20:07:45 | 00,070,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/03 13:18:53 | 00,001,728 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2008/12/03 09:27:17 | 00,001,190 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mp3s.lnk
[2008/12/03 09:10:53 | 00,001,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Point.lnk
[2008/12/03 09:10:21 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/12/03 09:08:12 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Word.lnk
[2008/12/03 09:07:14 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2008/12/02 20:06:58 | 00,002,561 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Excel.lnk
[2008/12/02 19:02:23 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/02 15:37:18 | 00,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/12/02 15:37:18 | 00,114,688 | ---- | M] (Portions Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/12/02 15:18:09 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/02 14:58:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/12/02 14:54:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/02 14:47:06 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2008/12/02 14:47:04 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008/12/02 06:44:53 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2008/12/02 06:44:37 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/02 06:44:37 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/02 06:41:28 | 00,062,633 | ---- | M] () -- C:\WINDOWS\prio197uninstall.exe
[2008/12/02 06:41:28 | 00,000,135 | ---- | M] () -- C:\WINDOWS\System32\prio.ini
[2008/12/02 06:39:44 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2008/12/02 06:38:54 | 00,000,950 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/02 06:38:26 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:38:26 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:38:20 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/02 06:38:20 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/02 06:38:20 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/02 06:38:16 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/02 06:38:05 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/02 06:35:05 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/02 06:34:53 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/12/02 06:34:53 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2008/12/02 06:32:51 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/02 06:29:18 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2008/12/02 06:29:08 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
< End of report >

Edited by slamdeal, 10 December 2008 - 02:22 PM.


BC AdBot (Login to Remove)

 


#2 slamdeal

slamdeal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 15 December 2008 - 02:40 PM

this is the warning that keeps popping up from eset. i have blocked all network traffic

Posted Image

Edited by slamdeal, 15 December 2008 - 02:41 PM.


#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 16 December 2008 - 07:29 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • New GMER log, since you already ran it.
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 slamdeal

slamdeal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 17 December 2008 - 01:30 PM

EB,

Thanks a lot for the help, I really appreciate it.

While I was waiting for somebody to answer (I understand how swamped you guys must be), I ran SpybotSD and it found win32.TDSS.rtk. It tried to clean it, but every time I would run it again, it would seem to still find it. I then did some more research and ran SDFIX and it seems like that may have taken care of it, although I am not 100% sure (all the symptoms seem to be gone).

I tried to run the online Kaspersky AV, but while updating the databases I kept getting the 'blue screen of death.' It seemed to be in relation to an error with klif.sys. So I ran the desktop version of the AV and I'm attaching that log, together with the OTViewIt log and the GMER log. (I have attached the Extras log, OTViewIt log is too big and I'm just pasting it here).

Thanks once again for everything you do.


OTViewIt logfile created on: 12/16/2008 7:57:17 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 633.09 Mb Available Physical Memory | 61.92% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 38.60 Gb Free Space | 33.71% Space Free | Partition Type: NTFS
Drive D: | 167.68 Gb Total Space | 6.85 Gb Free Space | 4.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGOS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/12/21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2006/08/11 14:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2008/07/01 09:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
[2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[2007/08/03 12:51:06 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
[2007/08/03 12:51:18 | 01,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/12/03 19:07:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2007/07/11 12:07:56 | 15,442,496 | ---- | M] (Calyx Software) -- C:\WINPOINT\winpoint.exe
[2007/08/13 10:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/04/13 16:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/12/16 19:55:44 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Stopped])
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/01 09:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2007/12/21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
[2008/12/03 19:07:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 13:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/08/11 14:48:08 | 00,087,552 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\commonfx.dll -- (COMMONFX.DLL [On_Demand | Stopped])
[2006/08/11 14:48:50 | 00,158,720 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])
[2006/08/11 14:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2006/08/11 14:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2006/08/11 14:48:12 | 00,536,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctaudfx.dll -- (CTAUDFX.DLL [On_Demand | Stopped])
[2005/11/10 17:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2006/08/11 14:48:28 | 00,160,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\cteapsfx.dll -- (CTEAPSFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:40 | 00,269,824 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:50 | 00,115,200 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])
[2006/08/11 14:48:06 | 00,317,952 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])
[2006/08/11 14:48:42 | 01,170,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTEXFIFX.dll -- (CTEXFIFX.DLL [On_Demand | Stopped])
[2006/08/11 14:48:52 | 00,061,952 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])
[2006/08/11 14:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2006/08/11 14:48:32 | 00,548,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctsblfx.dll -- (CTSBLFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/07/01 08:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2008/07/01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2006/08/11 14:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/07/01 09:04:34 | 00,071,688 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw [Auto | Running])
[2008/07/01 09:04:36 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis [On_Demand | Running])
[2008/07/01 09:04:38 | 00,054,280 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi [System | Running])
[2001/08/17 04:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/09 14:28:57 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2006/08/11 14:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2006/08/11 14:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Stopped])
[2006/08/11 14:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/12/09 12:15:09 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2008/03/20 11:14:16 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
[2008/03/20 10:03:40 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/11 14:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/05/03 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/04/16 14:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2008/05/03 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 10:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie_rsearch.html

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (289869 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
9986 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/12/03 19:52:29 | 00,000,000 | ---D | M]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/12/03 19:52:29 | 00,000,000 | ---D | M]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
"ESPN BottomLine"=C:\Program Files\ESPN\BottomLine\bline.exe File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
"ESPN BottomLine"=C:\Program Files\ESPN\BottomLine\bline.exe File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoJITSetup"=1
"NoWebJITSetup"=1

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoRemoteRecursiveEvents"=1
"MemCheckBoxInRunDlg"=1
"NoCDBurning"=1
"StartMenuFavorites"=0
"Start_ShowMyComputer"=1
"Start_ShowMyDocs"=1
"Start_ShowMyMusic"=0
"Start_ShowRun"=1
"Start_ShowSearch"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0
"VerboseStatus"=1
"NoInternetOpenWith"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoStartBanner"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoRecentDocsMenu"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoStartBanner"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoActiveDesktop"=1
"NoRecentDocsMenu"=1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoStartBanner"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoActiveDesktop"=1
"NoRecentDocsMenu"=1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoStartBanner"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoActiveDesktop"=1
"NoRecentDocsMenu"=1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoStartBanner"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoActiveDesktop"=1
"NoRecentDocsMenu"=1

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoStartBanner"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoRecentDocsMenu"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [2008/07/29 20:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1801674531-1645522239-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{6C269571-C6D7-4818-BCA4-32A035E8C884}: http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab -- Creative Software AutoUpdate
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.microsoft.com/download/7/E...04/clearadj.cab -- CTAdjust Class
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su/...15106/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{636B8AE1-DC71-41F5-8EAB-F239A7EA919E} (Servers: | Description: VIA PCI 10/100Mb Fast Ethernet Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
>File not found --
>[2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
>[2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/16 19:55:37 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/12/16 16:10:36 | 07,518,240 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.0.5.exe
[2008/12/16 16:03:10 | 00,000,686 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081216-160310.backup
[2008/12/16 15:00:12 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 12:47:10 | 00,050,570 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cold.jpg
[2008/12/16 11:41:21 | 00,604,154 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How_can_she_slap.gif
[2008/12/16 11:39:19 | 00,099,220 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\e22b283de036.gif
[2008/12/16 11:23:09 | 00,044,351 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ymcs.jpg
[2008/12/16 11:20:59 | 00,195,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2008-12-16-babeam.jpg
[2008/12/16 10:05:42 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/12/16 10:05:42 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/12/16 10:05:41 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/12/16 10:05:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/12/15 14:52:15 | 06,286,368 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/15 14:52:15 | 00,311,328 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/12/15 14:52:15 | 00,051,240 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/15 14:52:15 | 00,002,144 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/12/15 14:52:14 | 10,721,56672 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/15 14:42:47 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/15 14:39:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/12/15 14:37:59 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/12/15 14:37:56 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SDFix.exe
[2008/12/15 13:46:39 | 00,000,373 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/15 11:38:10 | 00,008,145 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\block.JPG
[2008/12/11 15:08:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/11 15:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/10 11:01:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\leads
[2008/12/09 14:28:57 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/09 14:28:57 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/09 14:28:57 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/09 14:28:57 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/09 14:23:30 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/09 12:16:07 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/12/09 12:16:07 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/12/09 12:15:30 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/12/09 12:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/12/09 12:15:09 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/12/09 11:57:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/09 11:44:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/12/08 18:13:18 | 00,000,499 | ---- | C] () -- C:\WINDOWS\apdfpr.ini
[2008/12/08 18:05:44 | 00,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2008/12/07 22:12:48 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/12/07 22:12:48 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/12/06 11:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\ESPN
[2008/12/06 00:04:42 | 00,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2008/12/05 11:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Updater5
[2008/12/05 10:09:08 | 00,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2008/12/05 10:09:08 | 00,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2008/12/05 10:08:07 | 00,000,000 | ---D | C] -- C:\Envision
[2008/12/05 10:07:50 | 00,000,000 | ---D | C] -- C:\CLOSED
[2008/12/04 19:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2008/12/04 19:18:52 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2008/12/04 18:17:29 | 00,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2008/12/04 16:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SorensonMedia
[2008/12/04 15:37:17 | 00,000,000 | ---D | C] -- C:\Program Files\vixy.net
[2008/12/03 20:05:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/12/03 19:50:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Control Panels
[2008/12/03 19:47:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2008/12/03 19:28:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2008/12/03 19:21:24 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/12/03 19:21:24 | 00,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2008/12/03 19:17:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/03 19:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/12/03 19:09:28 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/12/03 19:07:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2008/12/03 14:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/12/03 13:17:14 | 00,001,728 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2008/12/03 09:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BPFTP
[2008/12/03 09:25:13 | 00,001,190 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mp3s.lnk
[2008/12/03 09:10:53 | 00,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Point.lnk
[2008/12/03 09:10:25 | 00,135,680 | ---- | C] (Fannie Mae) -- C:\WINDOWS\System32\escli32.dll
[2008/12/03 09:10:25 | 00,091,136 | ---- | C] (Sax Software Corp.) -- C:\WINDOWS\System32\saxcom32.dll
[2008/12/03 09:10:25 | 00,045,568 | ---- | C] (Sax Software) -- C:\WINDOWS\System32\saxxfr32.dll
[2008/12/03 09:10:25 | 00,011,691 | ---- | C] () -- C:\WINDOWS\System32\MODEM.LST
[2008/12/03 09:10:25 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\ini.bat
[2008/12/03 09:10:24 | 01,175,552 | ---- | C] (Tidestone Technologies, Inc.) -- C:\WINDOWS\System32\TTF16.ocx
[2008/12/03 09:10:24 | 00,448,192 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Tab32x30.ocx
[2008/12/03 09:10:23 | 00,458,752 | ---- | C] (Office OCX - Office Viewer ActiveX Control) -- C:\WINDOWS\System32\OA_FullVersion.ocx
[2008/12/03 09:10:23 | 00,172,032 | ---- | C] (Software Artisans, Inc. (http://www.softartisans.com)) -- C:\WINDOWS\System32\SAXFile.dll
[2008/12/03 09:10:22 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2008/12/03 09:10:22 | 00,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2008/12/03 09:10:22 | 00,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2008/12/03 09:10:22 | 00,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2008/12/03 09:10:22 | 00,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2008/12/03 09:10:21 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/12/03 09:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2008/12/03 09:10:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2008/12/03 09:09:41 | 01,064,960 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\acXMLParser.dll
[2008/12/03 09:09:39 | 01,064,960 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2008/12/03 09:08:45 | 00,000,000 | ---D | C] -- C:\PNTDATA
[2008/12/03 09:08:43 | 00,000,000 | ---D | C] -- C:\WINPOINT
[2008/12/03 09:08:43 | 00,000,000 | ---D | C] -- C:\PNTTEMPL
[2008/12/03 09:08:41 | 00,001,020 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2008/12/03 09:07:14 | 00,000,573 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2008/12/03 09:06:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2008/12/03 09:02:17 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2008/12/03 09:01:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2008/12/03 09:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2008/12/03 08:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\BulletProof FTP Client v2.6
[2008/12/02 20:06:58 | 00,002,561 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Excel.lnk
[2008/12/02 20:06:54 | 00,002,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Word.lnk
[2008/12/02 20:05:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Movies
[2008/12/02 19:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2008/12/02 19:58:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2008/12/02 19:57:07 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2008/12/02 19:57:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/12/02 19:56:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2008/12/02 19:53:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/12/02 19:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/12/02 19:26:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/12/02 19:20:04 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/02 19:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/02 19:20:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2008/12/02 19:01:15 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2008/12/02 18:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2008/12/02 18:59:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/12/02 18:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2008/12/02 18:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2008/12/02 18:50:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2008/12/02 18:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2008/12/02 18:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/12/02 18:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/12/02 18:48:46 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/12/02 18:26:22 | 00,000,524 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job
[2008/12/02 18:23:14 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2008/12/02 18:19:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2008/12/02 18:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/12/02 18:09:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/02 18:06:38 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\!!Downloads!!
[2008/12/02 18:00:30 | 00,000,000 | ---D | C] -- C:\Program Files\Sorenson Media
[2008/12/02 17:51:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\iTunes Music
[2008/12/02 17:43:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\WORK
[2008/12/02 17:22:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Music
[2008/12/02 17:14:22 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\old
[2008/12/02 17:09:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2008/12/02 17:09:15 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2008/12/02 17:07:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/12/02 17:07:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/12/02 17:07:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/02 17:07:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/12/02 16:52:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/12/02 16:52:03 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/02 16:52:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/12/02 16:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2008/12/02 16:51:54 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/12/02 16:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/02 16:51:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2008/12/02 16:23:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/02 16:15:12 | 00,030,264 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,030,264 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,027,816 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,027,816 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/12/02 16:15:12 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2008/12/02 16:15:02 | 03,162,278 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.BAK
[2008/12/02 16:09:37 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2008/12/02 16:09:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults
[2008/12/02 16:09:29 | 03,162,278 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.CDF
[2008/12/02 16:08:44 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/12/02 16:08:44 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/12/02 16:08:44 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/12/02 16:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2008/12/02 16:00:58 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2008/12/02 15:53:07 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2008/12/02 15:52:44 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2008/12/02 15:50:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2008/12/02 15:46:14 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2008/12/02 15:42:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/02 15:38:12 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/12/02 15:38:12 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/12/02 15:38:09 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/12/02 15:38:09 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/12/02 15:38:08 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2008/12/02 15:38:08 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/12/02 15:38:06 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/12/02 15:38:06 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/12/02 15:38:04 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/12/02 15:38:04 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/12/02 15:38:03 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/12/02 15:38:03 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/12/02 15:38:01 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/12/02 15:38:01 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/12/02 15:37:59 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/12/02 15:37:59 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/12/02 15:37:58 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys
[2008/12/02 15:37:58 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2008/12/02 15:37:56 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys
[2008/12/02 15:37:56 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2008/12/02 15:37:55 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
[2008/12/02 15:37:55 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2008/12/02 15:37:18 | 00,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/12/02 15:37:18 | 00,114,688 | ---- | C] (Portions Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/12/02 15:37:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Creative
[2008/12/02 15:37:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\data
[2008/12/02 15:36:59 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/12/02 15:36:59 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/12/02 15:36:59 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/12/02 15:36:59 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/12/02 15:36:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2008/12/02 15:36:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2008/12/02 15:36:58 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/12/02 15:36:58 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/12/02 15:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2008/12/02 15:32:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2008/12/02 15:32:53 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2008/12/02 15:28:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/02 15:20:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/12/02 15:19:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/02 15:14:15 | 00,070,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/02 15:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/02 15:14:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2008/12/02 15:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2008/12/02 15:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2008/12/02 15:03:38 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/12/02 15:03:37 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/12/02 15:03:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/12/02 15:03:36 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/12/02 15:03:36 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/12/02 15:03:35 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/12/02 15:03:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/12/02 15:03:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/12/02 15:03:27 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/12/02 15:03:23 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/12/02 15:03:23 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/12/02 15:03:14 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/12/02 15:03:11 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/12/02 15:03:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/12/02 15:03:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/12/02 15:02:49 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2008/12/02 15:02:49 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2008/12/02 15:02:45 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2008/12/02 15:02:44 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/12/02 15:02:42 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/12/02 15:02:42 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/12/02 15:02:42 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/12/02 15:02:40 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/12/02 15:02:36 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/12/02 15:02:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/12/02 15:02:33 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/12/02 15:02:33 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/12/02 15:02:33 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/12/02 15:02:31 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/12/02 15:02:30 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/12/02 15:02:30 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/12/02 14:58:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/02 14:58:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2008/12/02 14:58:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/12/02 14:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/12/02 14:54:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/12/02 14:50:52 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/02 14:49:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/12/02 14:46:14 | 04,849,686 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/02 14:45:18 | 19,148,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/02 14:45:04 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/12/02 14:45:04 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/12/02 14:45:04 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/12/02 14:45:04 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/12/02 14:45:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/12/02 06:44:53 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2008/12/02 06:44:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/12/02 06:44:50 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/12/02 06:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/12/02 06:44:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2008/12/02 06:43:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/02 06:42:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/02 06:42:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/02 06:41:58 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2008/12/02 06:41:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/02 06:41:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2008/12/02 06:41:28 | 00,000,135 | ---- | C] () -- C:\WINDOWS\System32\prio.ini
[2008/12/02 06:41:05 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/12/02 06:41:05 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2008/12/02 06:41:05 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2008/12/02 06:41:05 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2008/12/02 06:41:05 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/12/02 06:41:05 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/02 06:41:05 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2008/12/02 06:41:05 | 00,094,208 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pskill.exe
[2008/12/02 06:41:05 | 00,013,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\LAYOUT.DLL
[2008/12/02 06:41:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sleep.exe
[2008/12/02 06:41:04 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/12/02 06:41:04 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/12/02 06:41:04 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/12/02 06:41:04 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2008/12/02 06:41:04 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/12/02 06:41:04 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2008/12/02 06:41:04 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2008/12/02 06:41:04 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2008/12/02 06:41:04 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2008/12/02 06:41:04 | 00,155,720 | ---- | C] () -- C:\WINDOWS\System32\CDR.exe
[2008/12/02 06:41:04 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe
[2008/12/02 06:41:04 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2008/12/02 06:41:04 | 00,005,405 | ---- | C] () -- C:\WINDOWS\System32\CHNGTEXT.EXE
[2008/12/02 06:41:04 | 00,001,754 | ---- | C] () -- C:\WINDOWS\System32\CHOICE.COM
[2008/12/02 06:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2008/12/02 06:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/02 06:41:02 | 00,000,000 | ---D | C] -- C:\eXPerience
[2008/12/02 06:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/12/02 06:40:15 | 00,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2008/12/02 06:40:15 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2008/12/02 06:40:11 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008/12/02 06:40:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2008/12/02 06:40:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2008/12/02 06:40:07 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:40:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/12/02 06:40:07 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/12/02 06:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2008/12/02 06:39:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/12/02 06:39:51 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/02 06:39:50 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2008/12/02 06:39:44 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2008/12/02 06:38:49 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/02 06:38:20 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/02 06:38:20 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/02 06:38:20 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/12/02 06:38:16 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/02 06:38:16 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/02 06:38:14 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/02 06:38:05 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/12/02 06:38:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2008/12/02 06:37:08 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2008/12/02 06:37:08 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/12/02 06:36:57 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2008/12/02 06:36:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2008/12/02 06:36:32 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2008/12/02 06:36:30 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/12/02 06:36:30 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/12/02 06:36:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/12/02 06:36:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/12/02 06:36:24 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/12/02 06:36:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/12/02 06:36:23 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/12/02 06:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2008/12/02 06:36:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/12/02 06:36:20 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/12/02 06:36:20 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2008/12/02 06:36:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2008/12/02 06:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2008/12/02 06:36:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2008/12/02 06:36:13 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/12/02 06:36:13 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/12/02 06:36:13 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/12/02 06:36:13 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2008/12/02 06:36:13 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2008/12/02 06:36:12 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/12/02 06:36:12 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/12/02 06:36:12 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/12/02 06:36:12 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/12/02 06:36:12 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2008/12/02 06:36:12 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/12/02 06:36:12 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/12/02 06:36:12 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/12/02 06:36:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/12/02 06:36:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/12/02 06:36:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/12/02 06:36:11 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/12/02 06:36:11 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/12/02 06:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2008/12/02 06:35:52 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2008/12/02 06:35:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2008/12/02 06:35:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2008/12/02 06:35:52 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2008/12/02 06:35:50 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2008/12/02 06:35:50 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2008/12/02 06:35:49 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2008/12/02 06:35:49 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2008/12/02 06:35:49 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/12/02 06:35:49 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/12/02 06:35:49 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2008/12/02 06:35:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2008/12/02 06:35:48 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/12/02 06:35:48 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/12/02 06:35:48 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/12/02 06:35:48 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/12/02 06:35:48 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/12/02 06:35:48 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/12/02 06:35:45 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/12/02 06:35:45 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/12/02 06:35:45 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/12/02 06:35:45 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2008/12/02 06:35:44 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/12/02 06:35:43 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/12/02 06:35:43 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/12/02 06:35:43 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/12/02 06:35:43 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2008/12/02 06:35:42 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/12/02 06:35:42 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/12/02 06:35:42 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/12/02 06:35:42 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/12/02 06:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2008/12/02 06:35:34 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2008/12/02 06:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/12/02 06:35:05 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/02 06:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/12/02 06:34:53 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/12/02 06:34:53 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/12/02 06:34:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2008/12/02 06:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/12/02 06:34:39 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/12/02 06:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2008/12/02 06:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2008/12/02 06:34:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/12/02 06:34:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2008/12/02 06:34:20 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2008/12/02 06:34:20 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/12/02 06:34:20 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2008/12/02 06:34:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2008/12/02 06:34:19 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/12/02 06:34:15 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/02 06:34:15 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/02 06:34:15 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/02 06:34:15 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/02 06:34:15 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/02 06:34:14 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/02 06:34:14 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/02 06:34:14 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/02 06:34:14 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/02 06:34:14 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/02 06:34:14 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/02 06:34:13 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/12/02 06:34:13 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/12/02 06:34:13 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/12/02 06:34:13 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2008/12/02 06:34:12 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2008/12/02 06:34:12 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2008/12/02 06:34:12 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2008/12/02 06:34:12 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2008/12/02 06:34:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2008/12/02 06:34:12 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/12/02 06:34:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2008/12/02 06:34:12 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2008/12/02 06:34:12 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/12/02 06:34:11 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2008/12/02 06:34:11 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/12/02 06:34:11 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2008/12/02 06:34:11 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/12/02 06:34:11 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2008/12/02 06:34:11 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2008/12/02 06:34:11 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2008/12/02 06:34:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2008/12/02 06:34:11 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/12/02 06:34:11 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/12/02 06:34:05 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/12/02 06:33:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2008/12/02 06:33:55 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/12/02 06:33:55 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2008/12/02 06:33:55 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2008/12/02 06:33:55 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/12/02 06:33:54 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/12/02 06:33:54 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/12/02 06:33:54 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/12/02 06:33:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2008/12/02 06:33:53 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/12/02 06:33:53 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/12/02 06:33:53 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/12/02 06:33:53 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2008/12/02 06:33:53 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/12/02 06:33:53 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/12/02 06:33:53 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/12/02 06:33:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/12/02 06:33:52 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/12/02 06:33:52 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2008/12/02 06:33:52 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008/12/02 06:33:52 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2008/12/02 06:33:52 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/12/02 06:33:52 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2008/12/02 06:33:52 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2008/12/02 06:33:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2008/12/02 06:33:51 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/12/02 06:33:51 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/12/02 06:33:51 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2008/12/02 06:33:51 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2008/12/02 06:33:51 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2008/12/02 06:33:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2008/12/02 06:33:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/12/02 06:33:51 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2008/12/02 06:33:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2008/12/02 06:33:50 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2008/12/02 06:33:50 | 00,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/12/02 06:33:50 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2008/12/02 06:33:50 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/12/02 06:33:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2008/12/02 06:33:49 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2008/12/02 06:33:49 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/12/02 06:33:49 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/12/02 06:33:49 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/12/02 06:33:49 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/12/02 06:33:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/12/02 06:33:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2008/12/02 06:33:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/12/02 06:33:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2008/12/02 06:33:48 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/12/02 06:33:48 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/12/02 06:33:48 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/12/02 06:33:48 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/12/02 06:33:48 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/12/02 06:33:48 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/12/02 06:33:48 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/12/02 06:33:47 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/12/02 06:33:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2008/12/02 06:33:42 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2008/12/02 06:33:42 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/12/02 06:33:42 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/12/02 06:33:38 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/12/02 06:33:38 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/12/02 06:33:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/12/02 06:32:43 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2008/12/02 06:31:58 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/12/02 06:31:12 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2008/12/02 06:31:00 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\drivers\ltmdmnt.sys
[2008/12/02 06:29:18 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2008/12/02 06:29:16 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/02 06:29:13 | 00,472,824 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/02 06:29:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2008/12/02 06:29:12 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/02 06:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2008/12/02 06:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2008/12/02 06:29:08 | 00,000,000 | R--D | C] -- C:\Program Files
[2008/12/02 06:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2008/12/02 06:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2008/12/02 06:29:05 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2008/12/02 06:29:05 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2008/12/02 06:29:05 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2008/12/02 06:29:01 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2008/12/02 06:29:01 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2008/12/02 06:29:01 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2008/12/02 06:29:01 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2008/12/02 06:28:59 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2008/12/02 06:28:59 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2008/12/02 06:28:58 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2008/12/02 06:28:57 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2008/12/02 06:28:52 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/12/02 06:28:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/12/02 06:28:51 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2008/12/02 06:28:51 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2008/12/02 06:28:51 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2008/12/02 06:28:51 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2008/12/02 06:28:51 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2008/12/02 06:28:51 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2008/12/02 06:28:51 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2008/12/02 06:28:51 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2008/12/02 06:28:51 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2008/12/02 06:28:51 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2008/12/02 06:28:51 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2008/12/02 06:28:50 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2008/12/02 06:28:50 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2008/12/02 06:28:50 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2008/12/02 06:28:50 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2008/12/02 06:28:50 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2008/12/02 06:28:50 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2008/12/02 06:28:50 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2008/12/02 06:28:50 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2008/12/02 06:28:50 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2008/12/02 06:28:50 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2008/12/02 06:28:49 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2008/12/02 06:28:49 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2008/12/02 06:28:49 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/12/02 06:28:49 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2008/12/02 06:28:49 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/12/02 06:28:48 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2008/12/02 06:28:48 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/12/02 06:28:48 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2008/12/02 06:28:38 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/02 06:28:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2008/12/02 06:28:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2008/12/02 06:28:18 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/02 06:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2008/12/02 06:27:01 | 01,556,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/02 06:27:01 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/12/02 06:26:22 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2008/12/02 06:26:19 | 00,000,950 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/02 06:23:00 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2008/12/02 06:23:00 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2008/12/02 06:23:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/16 19:55:44 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/12/16 16:10:33 | 00,001,020 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2008/12/16 16:09:41 | 07,518,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.0.5.exe
[2008/12/16 16:03:10 | 00,289,869 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/12/16 15:00:13 | 00,004,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 12:47:11 | 00,050,570 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cold.jpg
[2008/12/16 11:41:22 | 00,604,154 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How_can_she_slap.gif
[2008/12/16 11:39:20 | 00,099,220 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\e22b283de036.gif
[2008/12/16 11:23:17 | 00,044,351 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ymcs.jpg
[2008/12/16 11:21:00 | 00,195,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2008-12-16-babeam.jpg
[2008/12/16 10:03:46 | 00,311,328 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/12/16 10:03:46 | 00,002,144 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/12/16 10:01:27 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2008/12/16 09:51:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/16 09:51:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/16 09:51:31 | 10,721,56672 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/15 20:23:02 | 00,030,264 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/15 20:23:02 | 00,030,264 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/15 20:23:02 | 00,027,816 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/15 20:23:02 | 00,027,816 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/15 20:23:02 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/15 20:23:02 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/12/15 20:23:02 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/12/15 20:23:01 | 06,286,368 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/15 20:23:01 | 00,051,240 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/15 20:22:27 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.CDF
[2008/12/15 20:22:27 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.BAK
[2008/12/15 20:22:24 | 04,849,686 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/15 16:33:37 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/12/15 14:45:09 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081216-160310.backup
[2008/12/15 14:42:48 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/15 14:34:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SDFix.exe
[2008/12/15 14:22:48 | 00,000,373 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/15 11:38:11 | 00,008,145 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\block.JPG
[2008/12/15 11:24:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/11 04:05:00 | 00,000,524 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job
[2008/12/09 14:28:57 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/09 14:28:57 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/09 14:28:57 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/09 12:16:07 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/12/09 12:15:09 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/12/08 18:13:29 | 00,000,499 | ---- | M] () -- C:\WINDOWS\apdfpr.ini
[2008/12/05 10:09:08 | 00,000,058 | ---- | M] () -- C:\WINDOWS\mchguid.ini
[2008/12/05 10:09:08 | 00,000,058 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2008/12/04 18:38:16 | 00,472,824 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/04 18:38:16 | 00,403,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/04 18:38:16 | 00,063,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/04 09:33:12 | 01,556,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/03 20:07:45 | 00,070,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/03 13:18:53 | 00,001,728 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2008/12/03 09:27:17 | 00,001,190 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mp3s.lnk
[2008/12/03 09:10:53 | 00,001,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Point.lnk
[2008/12/03 09:10:21 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/12/03 09:08:12 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Word.lnk
[2008/12/03 09:07:14 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2008/12/02 20:06:58 | 00,002,561 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Excel.lnk
[2008/12/02 19:02:23 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/02 15:37:18 | 00,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/12/02 15:37:18 | 00,114,688 | ---- | M] (Portions Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/12/02 15:18:09 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/02 14:58:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/12/02 14:54:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/02 14:47:06 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2008/12/02 14:47:04 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008/12/02 06:44:53 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2008/12/02 06:44:37 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/02 06:44:37 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/02 06:41:28 | 00,000,135 | ---- | M] () -- C:\WINDOWS\System32\prio.ini
[2008/12/02 06:39:44 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2008/12/02 06:38:54 | 00,000,950 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/02 06:38:26 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:38:26 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:38:20 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/02 06:38:20 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/02 06:38:20 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/02 06:38:16 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/02 06:38:05 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/02 06:35:05 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/02 06:34:53 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/12/02 06:34:53 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2008/12/02 06:32:51 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/02 06:29:18 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2008/12/02 06:29:08 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
< End of report >

Edited by slamdeal, 17 December 2008 - 05:25 PM.


#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 17 December 2008 - 03:31 PM

Hello.

Please re-run OTViewIT.exe and post back with the Extra.txt please. Attaching it is difficult to read.

While I was waiting for somebody to answer (I understand how swamped you guys must be), I ran SpybotSD and it found win32.TDSS.rtk. It tried to clean it, but every time I would run it again, it would seem to still find it. I then did some more research and ran SDFIX and it seems like that may have taken care of it, although I am not 100% sure (all the symptoms seem to be gone).

Okay, thanks for letting me know.

I tried to run the online Kaspersky AV, but while updating the databases I kept getting the 'blue screen of death.' It seemed to be in relation to an error with klif.sys. So I ran the desktop version of the AV and I'm attaching that log, together with the OTViewIt log and the GMER log. (I have attached the Extras log, OTViewIt log is too big and I'm just pasting it here).

Okay, I'll look into that soon. The bolded part that you mentioned I don't see it (post it back if it is not too big).. Please post that back since you already ran it.

Please post back with:
-Extra.txt
-Your Desktop AV log


Edit: Please also provide a description of any problems you may have still.

After you have posted those logs give me sometime to look over your log and create a response.

With Regards,
Extremeboy

Edited by extremeboy, 17 December 2008 - 03:34 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 slamdeal

slamdeal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 17 December 2008 - 06:14 PM

Thanks man! Why are you guys so awesome? (serious)

Anyway, I re-ran OTViewIt and here are those logs, together with the Kaspersky AV log. Were you able to read the GMER log? I'm reposting it, just in case you couldnt because it was attached. The only symptom I'm experiencing right now is that the system is much much slower than usual. During this post it froze a bunch of times while copying and pasting and it took me about 30 mins to post it all. I couldnt post anything else due to lack of attachment space and my post being too long. So I uploaded them on sendspace. Hope that is ok with you.

Thanks a million!!!

Here are the sendspace links:

File Name: OTViewIt.Txt
http://www.sendspace.com/file/j170mb

File Name: kaspersky.txt
http://www.sendspace.com/file/38adpv

File Name: gmer.log
http://www.sendspace.com/file/6gaam6

File Name: Extras.Txt
http://www.sendspace.com/file/utcde3



EXTRAS

OTViewIt Extras logfile created on: 12/17/2008 12:51:23 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 394.84 Mb Available Physical Memory | 38.62% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.85% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 37.95 Gb Free Space | 33.15% Space Free | Partition Type: NTFS
Drive D: | 167.68 Gb Total Space | 6.85 Gb Free Space | 4.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 978.72 Mb Total Space | 867.52 Mb Free Space | 88.64% Space Free | Partition Type: FAT

Computer Name: DRAGOS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/29 07:35:34 | 00,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
about -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])
ipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{07CEBBBD-E6EF-4265-BC65-777BD5C1FCD7}"=Point
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}"=Adobe Creative Suite 3 Master Collection
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}"=Adobe Setup
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{4E143D18-3570-4794-B7FC-327DE71A16C7}"=Sorenson Squeeze 4.5
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}"=Sorenson Squeeze 4.5
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}"=Nero 8
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}"=Point
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}"=Microsoft WSE 2.0 SP3 Runtime
"{F751F153-0D23-4ED5-85D5-BAE46893D1F9}"=Point
"{FBF09842-EB7F-4BC2-BD32-DDE2572B2195}"=ESET Smart Security
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe_5ac697db6c6103f6f8b5198d25f73f7"=Add or Remove Adobe Creative Suite 3 Master Collection
"AudioConSole"=Creative Audio Console
"BulletProof FTP Client_is1"=BulletProof FTP Client (remove only)
"ElcomSoft Password Recovery Studio 2006"=ElcomSoft Password Recovery Studio 2006
"ENTERPRISE"=Microsoft Office Enterprise 2007
"GoldWave v5.25"=GoldWave v5.25
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"vixy converter BETA_is1"=vixy converter uninstall
"VLC media player"=VLC media player 0.9.6
"Vuze"=Vuze
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2008 11:57:05 PM | Computer Name = EXPERIEN-499116 | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.

Error - 12/3/2008 11:21:13 PM | Computer Name = DRAGOS | Source = MsiInstaller | ID = 11904
Description = Product: Adobe Flash Player 9 ActiveX -- Error 1904.Module C:\WINDOWS\system32\Macromed\Flash\FlDbg9c.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 12/6/2008 4:54:07 PM | Computer Name = DRAGOS | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 8.1.0.137, faulting module
Acrobat.dll, version 8.1.0.137, fault address 0x00332e82.

Error - 12/8/2008 4:10:54 PM | Computer Name = DRAGOS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
npswf32.dll, version 9.0.115.0, fault address 0x0022a295.

Error - 12/9/2008 3:58:10 PM | Computer Name = DRAGOS | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\All Users\Application
Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\kav.en.msi is
not permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 12/9/2008 4:15:22 PM | Computer Name = DRAGOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/9/2008 4:15:46 PM | Computer Name = DRAGOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/9/2008 4:16:50 PM | Computer Name = DRAGOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/9/2008 4:16:50 PM | Computer Name = DRAGOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 12/16/2008 1:51:47 PM | Computer Name = DRAGOS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/17/2008 12:26:54 AM | Computer Name = DRAGOS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/17/2008 12:26:56 AM | Computer Name = DRAGOS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/17/2008 12:41:15 AM | Computer Name = DRAGOS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/17/2008 12:41:18 AM | Computer Name = DRAGOS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/17/2008 12:46:21 AM | Computer Name = DRAGOS | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 f10e9938, parameter2 000000ff, parameter3
00000001, parameter4 804e5609.

Error - 12/17/2008 12:47:30 AM | Computer Name = DRAGOS | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 f195c938, parameter2 000000ff, parameter3
00000001, parameter4 804e5609.

Error - 12/17/2008 12:55:04 AM | Computer Name = DRAGOS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/17/2008 12:55:05 AM | Computer Name = DRAGOS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/17/2008 12:56:43 AM | Computer Name = DRAGOS | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 f1a0f938, parameter2 000000ff, parameter3
00000001, parameter4 804e5609.


< End of report >

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 17 December 2008 - 06:30 PM

Hello.

We are just doing what we need to do to help. :)

Yup, I was able to see the GMER log fine.

No need to upload it onto another site you can just directly post it onto this forum for the logs I asked for such as GMER, OTViewIT.txt and also Extra.txt.

I'm glad you attached the Kaspersky log though that log is just incredibly huge :thumbsup:

In your Control Panel at the top of this topic, click it. Under the Your account summary heading you should be able to see some of your recent attachments, next on your right-side scroll down until you see Manage Your Attachments click that. From there you can remove all of them if you do not need them as you have already uploaded them so I can see them by download it. From now on if you need to attach anything huge you can attach it directly on this forum. :)

Anyways, give me sometime to look over your logs and create a response for you, I probably won't reply today, hopefully tomorrow so stayed tuned :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 slamdeal

slamdeal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 17 December 2008 - 08:04 PM

cool thanks... ill follow your advice regarding attachments from now on...

deeply thankful

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 20 December 2008 - 11:10 AM

Hello again.

Sorry for the delay.

From the logs you have provided for me, I don't see much malware activity going around here. Probably most of them were removed by SDfix.

Some things I need to warn you about one of them is you had a TDSServ infection, this infection is a rootkit and backdoor which are very dangerous.

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Right now I would just want to see a Online scan for Kaspersky/ESET.


Next...

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Vuze). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Next...

2 Anti-virus Programs Running Simultaenously Warning

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. In addition to wasting resources, if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Kaspersky Anti-Virus 2009 or ESET Smart Security.

Please uninstall them until you are only running one antivirus using Add/Remove Programs.

note: I would suggest you remove Kaspersky Anti-Virus 2009 since you had some problems with it relating to BSOD's (Blue Screen of Death). That file is related to Kaspersky. If you wish to keep Kaspersky you might want to reinstall it and then Remove ESET. That's just some of my thoughts for you, but the decision is still yours:)

Next...

Poker Related Programs

I see you have installed a program called:Full Tilt Poker

If you read about Full Tilt Poker, in the link above, it is considered bad. If you intentionally installed it and you wish to keep it that's fine. I strongly advise you remove it via add/remove however.


From what I see so far nothing serious going on. Slowness occurs to many factors. One of the factors I have already mentioned is running 2 Anti-virus programs. It can crash your computer and also cause very slow peformances. Also the amount of RAM you have on your computer and the number of running processes and services you have enabled can also affect it. After removing one of the AV, see how your computer is running.

I would still like to see an online scanner though. See if Kaspersky works, if not then run ESET.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

OR

Run ESET Online Scan
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Please post back:
-Online scan Log(kaspersky/ESET)
-Fresh OTViewIT log
-Description of any remaining problems


:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 slamdeal

slamdeal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 22 December 2008 - 03:03 PM

I have ran ESET online scan and no threats were found.

I decided to keep ESET as my AV and uninstalled Kaspersky. Should I remove Spybot-S&D as well?
Also I was thinking of investing in a program that would protect me from future attacks. Is what I have the best or should I get something else. I'm thinking about buying something and I'd like to buy the best.

Thanks

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 22 December 2008 - 03:45 PM

Hello.

I have ran ESET online scan and no threats were found.

I decided to keep ESET as my AV and uninstalled Kaspersky. Should I remove Spybot-S&D as well?
Also I was thinking of investing in a program that would protect me from future attacks. Is what I have the best or should I get something else. I'm thinking about buying something and I'd like to buy the best.

Thanks

No, do not remove Spybot S&D unless you want to. It's an good anti-spyware program that has real-time protection that can help protect you.

Please note that No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

*Note that having multiple antispyware programs is encouraged, but not multiple antiviruses.

I personally don't 'buy' any products they are all free. I'm not trying to say that the ones you buy are worse/better than the free ones, I'm just giving you an opinon. The ones you buy are usually "security suites", meaning they have everything in it such as firewall, anti-virus, rootkit scanner and anti-spyware. From personal experiences they slow down your computer as it "hogs" alot of resources. However, with that said not all of them are like that. I don't know much commerical used security programs as I don't use it but there is a link with some anti-malware resources that you might want to check out over here.

I think your protection right now is fairly good. You might also want to install a firewall later. Right now, we need to finish dealing with anything you may still have. Please post back with a Fresh OTViewIT logs so I can take a look if there are anything else that needs to be dealt with.

Also do you have any problems? Please tell me so we can deal with anything that you may still have.

:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 slamdeal

slamdeal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 22 December 2008 - 09:10 PM

Thanks a lot for all the help.

Here are the new OTViewIT and Extra logs.

Attached Files



#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 22 December 2008 - 09:49 PM

Hello.

Could you please post it here, instead of attaching it. It makes it very difficult to see and analyze. Please post the OTViewIT and Extra log directly onto this topic please.

Also please tell me any problems you are still having as there isn't much showing in the log at the moment. Please tell me in your next reply so we can deal with it.

With Regards,
Extremeboy

Edited by extremeboy, 22 December 2008 - 09:53 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 AM

Posted 25 December 2008 - 12:43 PM

Hello

Are you still there?

If you are please follow the instructions in my previous post by posting back the logs.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5 days the topic will need to be closed. I know it's Christmas and the holidays so I will understand and leave the topic a bit longer that usual. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 slamdeal

slamdeal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 26 December 2008 - 11:48 AM

EB,
Sorry I took so long to re-post these. Here are the logs posted. As far as problems go, I do not seem to be experiencing any anymore.

Thanks again for your help

OTViewIT

OTViewIt logfile created on: 12/22/2008 5:51:46 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 299.25 Mb Available Physical Memory | 29.27% Memory free
2.41 Gb Paging File | 1.85 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 30.05 Gb Free Space | 26.25% Space Free | Partition Type: NTFS
Drive D: | 167.68 Gb Total Space | 6.85 Gb Free Space | 4.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGOS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/12/21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[2008/12/16 20:01:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2004/09/23 16:17:38 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\vtigercrm5\apache\bin\Apache.exe
[2004/09/23 16:17:38 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\vtigercrm5\apache\bin\Apache.exe
[2006/08/11 14:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2008/07/01 09:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
[2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[2008/12/16 20:01:39 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/08/03 12:51:06 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
[2007/08/03 12:51:18 | 01,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/12/03 19:07:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/12/02 12:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2007/07/11 12:07:56 | 15,442,496 | ---- | M] (Calyx Software) -- C:\WINPOINT\winpoint.exe
[2008/12/16 19:55:44 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/01 09:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2007/12/21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
[2008/12/03 19:07:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/12/16 20:01:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2004/09/23 16:17:38 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\vtigercrm5\apache\bin\Apache.exe -- (vtigercrm504 [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 13:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/08/11 14:48:08 | 00,087,552 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\commonfx.dll -- (COMMONFX.DLL [On_Demand | Stopped])
[2006/08/11 14:48:50 | 00,158,720 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])
[2006/08/11 14:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2006/08/11 14:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2006/08/11 14:48:12 | 00,536,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctaudfx.dll -- (CTAUDFX.DLL [On_Demand | Stopped])
[2005/11/10 17:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2006/08/11 14:48:28 | 00,160,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\cteapsfx.dll -- (CTEAPSFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:40 | 00,269,824 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:50 | 00,115,200 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])
[2006/08/11 14:48:06 | 00,317,952 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])
[2006/08/11 14:48:42 | 01,170,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTEXFIFX.dll -- (CTEXFIFX.DLL [On_Demand | Stopped])
[2006/08/11 14:48:52 | 00,061,952 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])
[2006/08/11 14:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2006/08/11 14:48:32 | 00,548,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctsblfx.dll -- (CTSBLFX.DLL [On_Demand | Stopped])
[2006/08/11 14:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/07/01 08:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2008/07/01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2006/08/11 14:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/07/01 09:04:34 | 00,071,688 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw [Auto | Running])
[2008/07/01 09:04:36 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis [On_Demand | Running])
[2008/07/01 09:04:38 | 00,054,280 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi [System | Running])
[2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 04:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/17 10:04:31 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2006/08/11 14:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2006/08/11 14:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Stopped])
[2006/08/11 14:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2008/03/20 11:14:16 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
[2008/03/20 10:03:40 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/11 14:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/05/03 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/04/16 14:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2008/05/03 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 10:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie_rsearch.html

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (289869 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
9986 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/12/03 19:52:29 | 00,000,000 | ---D | M]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/12/03 19:52:29 | 00,000,000 | ---D | M]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
"ESPN BottomLine"=C:\Program Files\ESPN\BottomLine\bline.exe File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoJITSetup"=1
"NoWebJITSetup"=1

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"AlwaysPromptWhenDownload"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoRemoteRecursiveEvents"=1
"MemCheckBoxInRunDlg"=1
"NoCDBurning"=1
"StartMenuFavorites"=0
"Start_ShowMyComputer"=1
"Start_ShowMyDocs"=1
"Start_ShowMyMusic"=0
"Start_ShowRun"=1
"Start_ShowSearch"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0
"VerboseStatus"=1
"NoInternetOpenWith"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=1
"LinkResolveIgnoreLinkInfo"=1
"NoResolveSearch"=1
"NoStartBanner"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoRecentDocsMenu"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6C269571-C6D7-4818-BCA4-32A035E8C884}: http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab -- Creative Software AutoUpdate
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.microsoft.com/download/7/E...04/clearadj.cab -- CTAdjust Class
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su/...15106/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{636B8AE1-DC71-41F5-8EAB-F239A7EA919E} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/22 12:14:39 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Family tree1.xls
[2008/12/20 22:01:35 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/12/20 10:37:12 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2008/12/19 16:50:28 | 00,056,229 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\xmasflow.gif
[2008/12/19 12:21:43 | 00,030,631 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ISO1.nri
[2008/12/18 14:32:27 | 01,072,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\virginia high rate 1 (Autosaved).csv
[2008/12/18 10:22:08 | 00,001,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vtiger CRM.lnk
[2008/12/18 10:21:21 | 00,000,452 | ---- | C] () -- C:\WINDOWS\tasks\vtigerCRM Email Reminder.job
[2008/12/18 10:21:21 | 00,000,416 | ---- | C] () -- C:\WINDOWS\tasks\vtigerCRM Notification Scheduler.job
[2008/12/18 10:20:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\vtigerCRMBackup
[2008/12/18 10:19:23 | 00,000,000 | ---D | C] -- C:\Program Files\vtigercrm5
[2008/12/18 10:18:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\vtigerCRMlogs
[2008/12/17 17:57:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2008/12/17 17:36:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/12/17 17:24:34 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/12/17 17:23:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/17 11:45:36 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/12/17 11:45:25 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/12/17 11:45:20 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/17 11:45:19 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/17 11:45:19 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/17 11:45:19 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/17 11:45:19 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/17 11:45:19 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/17 11:45:18 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/12/17 11:45:18 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/12/17 11:45:16 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/17 11:44:48 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/12/17 11:44:41 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/12/17 11:44:40 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/12/17 11:44:39 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/12/17 11:44:39 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/12/17 11:44:33 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/12/17 11:44:31 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/12/17 11:44:30 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/12/17 11:44:28 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/12/17 11:44:12 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2008/12/17 11:44:11 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/12/17 11:44:10 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/12/17 10:04:31 | 00,300,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\alpha.dll
[2008/12/17 10:04:29 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\alpha.exe
[2008/12/17 09:23:59 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/16 20:01:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/16 20:01:36 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/16 20:00:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/12/16 19:55:37 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/12/16 16:03:10 | 00,000,686 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081216-160310.backup
[2008/12/16 15:00:12 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 11:20:59 | 00,195,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2008-12-16-babeam.jpg
[2008/12/16 10:05:42 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/12/16 10:05:42 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/12/16 10:05:41 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/12/15 14:52:14 | 10,721,56672 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/15 14:42:47 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/15 14:39:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/12/15 14:37:59 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/12/15 14:37:56 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SDFix.exe
[2008/12/15 13:46:39 | 00,000,373 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/11 15:08:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/11 15:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/10 11:01:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\leads
[2008/12/09 14:28:57 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/09 14:28:57 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/09 14:28:57 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/09 14:28:57 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/09 14:23:30 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/09 12:15:30 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/12/09 11:57:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/09 11:44:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/12/08 18:13:18 | 00,000,499 | ---- | C] () -- C:\WINDOWS\apdfpr.ini
[2008/12/08 18:05:44 | 00,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2008/12/07 22:12:48 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/12/07 22:12:48 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/12/06 11:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\ESPN
[2008/12/06 00:04:42 | 00,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2008/12/05 11:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Updater5
[2008/12/05 10:09:08 | 00,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2008/12/05 10:09:08 | 00,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2008/12/05 10:08:07 | 00,000,000 | ---D | C] -- C:\Envision
[2008/12/05 10:07:50 | 00,000,000 | ---D | C] -- C:\CLOSED
[2008/12/04 19:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2008/12/04 19:18:52 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2008/12/04 18:17:29 | 00,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2008/12/04 16:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SorensonMedia
[2008/12/04 15:37:17 | 00,000,000 | ---D | C] -- C:\Program Files\vixy.net
[2008/12/03 20:05:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/12/03 19:50:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Control Panels
[2008/12/03 19:47:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2008/12/03 19:28:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2008/12/03 19:21:24 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/12/03 19:21:24 | 00,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2008/12/03 19:17:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/03 19:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/12/03 19:09:28 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/12/03 19:07:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2008/12/03 14:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/12/03 13:17:14 | 00,001,728 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2008/12/03 09:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BPFTP
[2008/12/03 09:25:13 | 00,001,190 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mp3s.lnk
[2008/12/03 09:10:53 | 00,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Point.lnk
[2008/12/03 09:10:25 | 00,135,680 | ---- | C] (Fannie Mae) -- C:\WINDOWS\System32\escli32.dll
[2008/12/03 09:10:25 | 00,091,136 | ---- | C] (Sax Software Corp.) -- C:\WINDOWS\System32\saxcom32.dll
[2008/12/03 09:10:25 | 00,045,568 | ---- | C] (Sax Software) -- C:\WINDOWS\System32\saxxfr32.dll
[2008/12/03 09:10:25 | 00,011,691 | ---- | C] () -- C:\WINDOWS\System32\MODEM.LST
[2008/12/03 09:10:25 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\ini.bat
[2008/12/03 09:10:24 | 01,175,552 | ---- | C] (Tidestone Technologies, Inc.) -- C:\WINDOWS\System32\TTF16.ocx
[2008/12/03 09:10:24 | 00,448,192 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Tab32x30.ocx
[2008/12/03 09:10:23 | 00,458,752 | ---- | C] (Office OCX - Office Viewer ActiveX Control) -- C:\WINDOWS\System32\OA_FullVersion.ocx
[2008/12/03 09:10:23 | 00,172,032 | ---- | C] (Software Artisans, Inc. (http://www.softartisans.com)) -- C:\WINDOWS\System32\SAXFile.dll
[2008/12/03 09:10:22 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2008/12/03 09:10:22 | 00,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2008/12/03 09:10:22 | 00,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2008/12/03 09:10:22 | 00,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2008/12/03 09:10:22 | 00,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2008/12/03 09:10:21 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/12/03 09:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2008/12/03 09:10:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2008/12/03 09:09:41 | 01,064,960 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\acXMLParser.dll
[2008/12/03 09:09:39 | 01,064,960 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2008/12/03 09:08:45 | 00,000,000 | ---D | C] -- C:\PNTDATA
[2008/12/03 09:08:43 | 00,000,000 | ---D | C] -- C:\WINPOINT
[2008/12/03 09:08:43 | 00,000,000 | ---D | C] -- C:\PNTTEMPL
[2008/12/03 09:08:41 | 00,001,020 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2008/12/03 09:07:14 | 00,000,573 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2008/12/03 09:06:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2008/12/03 09:02:17 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2008/12/03 09:01:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2008/12/03 09:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2008/12/03 08:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\BulletProof FTP Client v2.6
[2008/12/02 20:06:58 | 00,002,561 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Excel.lnk
[2008/12/02 20:06:54 | 00,002,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Word.lnk
[2008/12/02 20:05:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Movies
[2008/12/02 19:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2008/12/02 19:58:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2008/12/02 19:57:07 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2008/12/02 19:57:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/12/02 19:56:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2008/12/02 19:53:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008/12/02 19:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/12/02 19:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/12/02 19:26:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/12/02 19:20:04 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/02 19:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/02 19:20:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2008/12/02 19:01:15 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2008/12/02 18:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2008/12/02 18:59:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/12/02 18:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2008/12/02 18:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2008/12/02 18:50:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2008/12/02 18:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2008/12/02 18:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/12/02 18:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/12/02 18:48:46 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/12/02 18:26:22 | 00,000,524 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job
[2008/12/02 18:23:14 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2008/12/02 18:19:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2008/12/02 18:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/12/02 18:09:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/02 18:06:38 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\!!Downloads!!
[2008/12/02 18:00:30 | 00,000,000 | ---D | C] -- C:\Program Files\Sorenson Media
[2008/12/02 17:51:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\iTunes Music
[2008/12/02 17:43:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\WORK
[2008/12/02 17:22:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Music
[2008/12/02 17:14:22 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\old
[2008/12/02 17:09:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2008/12/02 17:09:15 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2008/12/02 17:07:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/12/02 17:07:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/12/02 17:07:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/02 17:07:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2008/12/02 16:52:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/12/02 16:52:03 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/02 16:52:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/12/02 16:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2008/12/02 16:51:54 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/12/02 16:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/02 16:51:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2008/12/02 16:23:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/02 16:15:12 | 00,030,264 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,030,264 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,027,816 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,027,816 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/02 16:15:12 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/12/02 16:15:12 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2008/12/02 16:15:02 | 03,162,278 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.BAK
[2008/12/02 16:09:37 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2008/12/02 16:09:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults
[2008/12/02 16:09:29 | 03,162,278 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.CDF
[2008/12/02 16:08:44 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/12/02 16:08:44 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/12/02 16:08:44 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/12/02 16:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2008/12/02 16:00:58 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2008/12/02 15:53:07 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2008/12/02 15:52:44 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2008/12/02 15:50:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2008/12/02 15:46:14 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2008/12/02 15:42:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/02 15:38:12 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/12/02 15:38:12 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/12/02 15:38:09 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/12/02 15:38:09 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/12/02 15:38:08 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2008/12/02 15:38:08 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/12/02 15:38:06 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/12/02 15:38:06 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/12/02 15:38:04 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/12/02 15:38:04 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/12/02 15:38:03 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/12/02 15:38:03 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/12/02 15:38:01 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/12/02 15:38:01 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/12/02 15:37:59 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/12/02 15:37:59 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/12/02 15:37:58 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys
[2008/12/02 15:37:58 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2008/12/02 15:37:56 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys
[2008/12/02 15:37:56 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2008/12/02 15:37:55 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
[2008/12/02 15:37:55 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2008/12/02 15:37:18 | 00,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/12/02 15:37:18 | 00,114,688 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/12/02 15:37:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Creative
[2008/12/02 15:37:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\data
[2008/12/02 15:36:59 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/12/02 15:36:59 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/12/02 15:36:59 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/12/02 15:36:59 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/12/02 15:36:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2008/12/02 15:36:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2008/12/02 15:36:58 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/12/02 15:36:58 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/12/02 15:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2008/12/02 15:32:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2008/12/02 15:32:53 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2008/12/02 15:28:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/02 15:20:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/12/02 15:19:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/02 15:14:15 | 00,070,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/02 15:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/02 15:14:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2008/12/02 15:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2008/12/02 15:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2008/12/02 15:03:38 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/12/02 15:03:37 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/12/02 15:03:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/12/02 15:03:36 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/12/02 15:03:36 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/12/02 15:03:35 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/12/02 15:03:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/12/02 15:03:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/12/02 15:03:27 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/12/02 15:03:23 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/12/02 15:03:23 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/12/02 15:03:14 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/12/02 15:03:11 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/12/02 15:03:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/12/02 15:03:11 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/12/02 15:02:49 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2008/12/02 15:02:49 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2008/12/02 15:02:45 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2008/12/02 15:02:44 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/12/02 15:02:42 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/12/02 15:02:42 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/12/02 15:02:42 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/12/02 15:02:40 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/12/02 15:02:36 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/12/02 15:02:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/12/02 15:02:33 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/12/02 15:02:33 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/12/02 15:02:33 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/12/02 15:02:31 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/12/02 15:02:30 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/12/02 15:02:30 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/12/02 14:58:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/02 14:58:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2008/12/02 14:58:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/12/02 14:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/12/02 14:54:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/12/02 14:50:52 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/02 14:49:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/12/02 14:46:14 | 11,234,030 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/02 14:45:18 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/02 14:45:04 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/12/02 14:45:04 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/12/02 14:45:04 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/12/02 14:45:04 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/12/02 14:45:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/12/02 06:44:53 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2008/12/02 06:44:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/12/02 06:44:50 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/12/02 06:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/12/02 06:44:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2008/12/02 06:43:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/02 06:42:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/02 06:42:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/02 06:41:58 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2008/12/02 06:41:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/02 06:41:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2008/12/02 06:41:28 | 00,000,135 | ---- | C] () -- C:\WINDOWS\System32\prio.ini
[2008/12/02 06:41:05 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/12/02 06:41:05 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2008/12/02 06:41:05 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2008/12/02 06:41:05 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2008/12/02 06:41:05 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/12/02 06:41:05 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/02 06:41:05 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2008/12/02 06:41:05 | 00,094,208 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pskill.exe
[2008/12/02 06:41:05 | 00,013,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\LAYOUT.DLL
[2008/12/02 06:41:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sleep.exe
[2008/12/02 06:41:04 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/12/02 06:41:04 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/12/02 06:41:04 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/12/02 06:41:04 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2008/12/02 06:41:04 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/12/02 06:41:04 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2008/12/02 06:41:04 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2008/12/02 06:41:04 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2008/12/02 06:41:04 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2008/12/02 06:41:04 | 00,155,720 | ---- | C] () -- C:\WINDOWS\System32\CDR.exe
[2008/12/02 06:41:04 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe
[2008/12/02 06:41:04 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2008/12/02 06:41:04 | 00,005,405 | ---- | C] () -- C:\WINDOWS\System32\CHNGTEXT.EXE
[2008/12/02 06:41:04 | 00,001,754 | ---- | C] () -- C:\WINDOWS\System32\CHOICE.COM
[2008/12/02 06:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2008/12/02 06:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/02 06:41:02 | 00,000,000 | ---D | C] -- C:\eXPerience
[2008/12/02 06:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/12/02 06:40:15 | 00,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2008/12/02 06:40:15 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2008/12/02 06:40:11 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008/12/02 06:40:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2008/12/02 06:40:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2008/12/02 06:40:07 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:40:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/12/02 06:40:07 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/12/02 06:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2008/12/02 06:39:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/12/02 06:39:51 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/02 06:39:50 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2008/12/02 06:39:44 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2008/12/02 06:38:49 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/02 06:38:20 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/02 06:38:20 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/02 06:38:20 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/12/02 06:38:16 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/02 06:38:16 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/02 06:38:14 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/02 06:38:05 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/12/02 06:38:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2008/12/02 06:37:08 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2008/12/02 06:37:08 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/12/02 06:36:57 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2008/12/02 06:36:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2008/12/02 06:36:32 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2008/12/02 06:36:30 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/12/02 06:36:30 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/12/02 06:36:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/12/02 06:36:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/12/02 06:36:24 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/12/02 06:36:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/12/02 06:36:23 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/12/02 06:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2008/12/02 06:36:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/12/02 06:36:20 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/12/02 06:36:20 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2008/12/02 06:36:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2008/12/02 06:36:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2008/12/02 06:36:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2008/12/02 06:36:13 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/12/02 06:36:13 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/12/02 06:36:13 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/12/02 06:36:13 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2008/12/02 06:36:13 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2008/12/02 06:36:12 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/12/02 06:36:12 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/12/02 06:36:12 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/12/02 06:36:12 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/12/02 06:36:12 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2008/12/02 06:36:12 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/12/02 06:36:12 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/12/02 06:36:12 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/12/02 06:36:12 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/12/02 06:36:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/12/02 06:36:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/12/02 06:36:11 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/12/02 06:36:11 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/12/02 06:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2008/12/02 06:35:52 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2008/12/02 06:35:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2008/12/02 06:35:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2008/12/02 06:35:52 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2008/12/02 06:35:50 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2008/12/02 06:35:50 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2008/12/02 06:35:49 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2008/12/02 06:35:49 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2008/12/02 06:35:49 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/12/02 06:35:49 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/12/02 06:35:49 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2008/12/02 06:35:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2008/12/02 06:35:48 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/12/02 06:35:48 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/12/02 06:35:48 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/12/02 06:35:48 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/12/02 06:35:48 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/12/02 06:35:48 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/12/02 06:35:45 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/12/02 06:35:45 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/12/02 06:35:45 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/12/02 06:35:45 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2008/12/02 06:35:44 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/12/02 06:35:43 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/12/02 06:35:43 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/12/02 06:35:43 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/12/02 06:35:43 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2008/12/02 06:35:42 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/12/02 06:35:42 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/12/02 06:35:42 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/12/02 06:35:42 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/12/02 06:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2008/12/02 06:35:34 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2008/12/02 06:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/12/02 06:35:05 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/02 06:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/12/02 06:34:53 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/12/02 06:34:53 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/12/02 06:34:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2008/12/02 06:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/12/02 06:34:39 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/12/02 06:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2008/12/02 06:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2008/12/02 06:34:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/12/02 06:34:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2008/12/02 06:34:20 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2008/12/02 06:34:20 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/12/02 06:34:20 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2008/12/02 06:34:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2008/12/02 06:34:19 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/12/02 06:34:15 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/02 06:34:15 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/02 06:34:15 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/02 06:34:15 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/02 06:34:15 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/02 06:34:14 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/02 06:34:14 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/02 06:34:14 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/02 06:34:14 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/02 06:34:14 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/02 06:34:14 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/02 06:34:13 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/12/02 06:34:13 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/12/02 06:34:13 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/12/02 06:34:13 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2008/12/02 06:34:12 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2008/12/02 06:34:12 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2008/12/02 06:34:12 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2008/12/02 06:34:12 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2008/12/02 06:34:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2008/12/02 06:34:12 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/12/02 06:34:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2008/12/02 06:34:12 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2008/12/02 06:34:12 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/12/02 06:34:11 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2008/12/02 06:34:11 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/12/02 06:34:11 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2008/12/02 06:34:11 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/12/02 06:34:11 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2008/12/02 06:34:11 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2008/12/02 06:34:11 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2008/12/02 06:34:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2008/12/02 06:34:11 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2008/12/02 06:34:11 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/12/02 06:34:11 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/12/02 06:34:05 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/12/02 06:33:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2008/12/02 06:33:55 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/12/02 06:33:55 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2008/12/02 06:33:55 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2008/12/02 06:33:55 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/12/02 06:33:54 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/12/02 06:33:54 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/12/02 06:33:54 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/12/02 06:33:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2008/12/02 06:33:53 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/12/02 06:33:53 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/12/02 06:33:53 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/12/02 06:33:53 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2008/12/02 06:33:53 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/12/02 06:33:53 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/12/02 06:33:53 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/12/02 06:33:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/12/02 06:33:52 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/12/02 06:33:52 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2008/12/02 06:33:52 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008/12/02 06:33:52 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2008/12/02 06:33:52 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/12/02 06:33:52 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2008/12/02 06:33:52 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2008/12/02 06:33:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2008/12/02 06:33:51 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/12/02 06:33:51 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/12/02 06:33:51 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2008/12/02 06:33:51 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2008/12/02 06:33:51 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2008/12/02 06:33:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2008/12/02 06:33:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/12/02 06:33:51 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2008/12/02 06:33:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2008/12/02 06:33:50 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2008/12/02 06:33:50 | 00,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/12/02 06:33:50 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2008/12/02 06:33:50 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/12/02 06:33:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2008/12/02 06:33:49 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2008/12/02 06:33:49 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/12/02 06:33:49 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/12/02 06:33:49 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/12/02 06:33:49 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/12/02 06:33:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/12/02 06:33:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2008/12/02 06:33:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/12/02 06:33:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2008/12/02 06:33:48 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/12/02 06:33:48 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/12/02 06:33:48 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/12/02 06:33:48 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/12/02 06:33:48 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/12/02 06:33:48 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/12/02 06:33:48 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/12/02 06:33:47 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/12/02 06:33:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2008/12/02 06:33:42 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2008/12/02 06:33:42 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/12/02 06:33:42 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/12/02 06:33:38 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/12/02 06:33:38 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/12/02 06:33:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/12/02 06:32:43 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2008/12/02 06:31:58 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/12/02 06:31:12 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2008/12/02 06:31:00 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\drivers\ltmdmnt.sys
[2008/12/02 06:29:18 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2008/12/02 06:29:16 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/02 06:29:13 | 00,460,756 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/02 06:29:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2008/12/02 06:29:12 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/02 06:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2008/12/02 06:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2008/12/02 06:29:08 | 00,000,000 | R--D | C] -- C:\Program Files
[2008/12/02 06:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2008/12/02 06:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2008/12/02 06:29:05 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2008/12/02 06:29:05 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2008/12/02 06:29:05 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2008/12/02 06:29:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2008/12/02 06:29:01 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2008/12/02 06:29:01 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2008/12/02 06:29:01 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2008/12/02 06:29:01 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2008/12/02 06:29:01 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2008/12/02 06:28:59 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2008/12/02 06:28:59 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2008/12/02 06:28:59 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2008/12/02 06:28:58 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2008/12/02 06:28:58 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2008/12/02 06:28:58 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2008/12/02 06:28:57 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2008/12/02 06:28:52 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/12/02 06:28:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/12/02 06:28:51 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2008/12/02 06:28:51 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2008/12/02 06:28:51 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2008/12/02 06:28:51 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2008/12/02 06:28:51 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2008/12/02 06:28:51 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2008/12/02 06:28:51 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2008/12/02 06:28:51 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2008/12/02 06:28:51 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2008/12/02 06:28:51 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2008/12/02 06:28:51 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2008/12/02 06:28:50 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2008/12/02 06:28:50 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2008/12/02 06:28:50 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2008/12/02 06:28:50 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2008/12/02 06:28:50 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2008/12/02 06:28:50 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2008/12/02 06:28:50 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2008/12/02 06:28:50 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2008/12/02 06:28:50 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2008/12/02 06:28:50 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2008/12/02 06:28:49 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2008/12/02 06:28:49 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2008/12/02 06:28:49 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/12/02 06:28:49 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2008/12/02 06:28:49 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/12/02 06:28:48 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2008/12/02 06:28:48 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/12/02 06:28:48 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2008/12/02 06:28:38 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/02 06:28:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2008/12/02 06:28:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2008/12/02 06:28:18 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/02 06:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2008/12/02 06:27:01 | 01,556,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/02 06:27:01 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/12/02 06:26:22 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2008/12/02 06:26:19 | 00,000,950 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/02 06:23:00 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2008/12/02 06:23:00 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2008/12/02 06:23:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2008/12/02 06:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/22 17:52:01 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\vtigerCRM Email Reminder.job
[2008/12/22 12:14:39 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Family tree1.xls
[2008/12/22 11:57:13 | 00,001,020 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2008/12/22 11:00:01 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\vtigerCRM Notification Scheduler.job
[2008/12/22 04:05:00 | 00,000,524 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job
[2008/12/21 16:23:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/21 11:58:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/21 11:58:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/21 11:58:43 | 10,721,56672 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/20 22:30:11 | 00,030,264 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/20 22:30:11 | 00,030,264 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/20 22:30:11 | 00,027,816 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/20 22:30:11 | 00,027,816 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/20 22:30:11 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000004-005B1102}.rfx
[2008/12/20 22:30:11 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/12/20 22:30:11 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/12/20 22:08:52 | 01,072,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\virginia high rate 1 (Autosaved).csv
[2008/12/20 22:08:21 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.CDF
[2008/12/20 22:08:21 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-005B1102}.BAK
[2008/12/20 22:08:19 | 11,234,030 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/19 16:50:29 | 00,056,229 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\xmasflow.gif
[2008/12/19 16:30:52 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 15:10:14 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2008/12/19 13:06:40 | 00,030,631 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ISO1.nri
[2008/12/18 10:22:08 | 00,001,667 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vtiger CRM.lnk
[2008/12/17 17:48:17 | 01,556,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/17 17:41:51 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/17 17:30:51 | 00,460,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/17 17:30:51 | 00,409,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/17 17:30:51 | 00,064,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/17 10:04:54 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/17 10:04:31 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/17 10:04:31 | 00,300,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\alpha.dll
[2008/12/17 10:04:31 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/16 19:55:44 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/12/16 16:03:10 | 00,289,869 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/12/16 11:21:00 | 00,195,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2008-12-16-babeam.jpg
[2008/12/15 14:45:09 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081216-160310.backup
[2008/12/15 14:42:48 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/15 14:34:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SDFix.exe
[2008/12/15 14:22:48 | 00,000,373 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/12 22:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 22:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/09 14:28:57 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/08 18:13:29 | 00,000,499 | ---- | M] () -- C:\WINDOWS\apdfpr.ini
[2008/12/05 10:09:08 | 00,000,058 | ---- | M] () -- C:\WINDOWS\mchguid.ini
[2008/12/05 10:09:08 | 00,000,058 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2008/12/03 20:07:45 | 00,070,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/03 13:18:53 | 00,001,728 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2008/12/03 09:27:17 | 00,001,190 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mp3s.lnk
[2008/12/03 09:10:53 | 00,001,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Point.lnk
[2008/12/03 09:10:21 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/12/03 09:08:12 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Word.lnk
[2008/12/03 09:07:14 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2008/12/02 20:06:58 | 00,002,561 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Excel.lnk
[2008/12/02 19:02:23 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/02 15:37:18 | 00,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/12/02 15:37:18 | 00,114,688 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/12/02 15:18:09 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/02 14:58:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/12/02 14:47:06 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2008/12/02 14:47:04 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008/12/02 06:44:53 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2008/12/02 06:44:37 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/02 06:44:37 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/02 06:41:28 | 00,000,135 | ---- | M] () -- C:\WINDOWS\System32\prio.ini
[2008/12/02 06:39:44 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2008/12/02 06:38:54 | 00,000,950 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/12/02 06:38:26 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:38:26 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/12/02 06:38:20 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/02 06:38:20 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/02 06:38:20 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/02 06:38:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/02 06:38:16 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/02 06:38:05 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/02 06:35:05 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/02 06:34:53 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/12/02 06:34:53 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2008/12/02 06:32:51 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/02 06:29:18 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2008/12/02 06:29:08 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/02 06:28:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
< End of report >



EXTRAS


OTViewIt Extras logfile created on: 12/22/2008 5:51:47 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.42 Mb Total Physical Memory | 299.25 Mb Available Physical Memory | 29.27% Memory free
2.41 Gb Paging File | 1.85 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 30.05 Gb Free Space | 26.25% Space Free | Partition Type: NTFS
Drive D: | 167.68 Gb Total Space | 6.85 Gb Free Space | 4.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAGOS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/29 07:35:34 | 00,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
about -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])
ipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{07CEBBBD-E6EF-4265-BC65-777BD5C1FCD7}"=Point
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}"=Adobe Creative Suite 3 Master Collection
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}"=Adobe Setup
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{4E143D18-3570-4794-B7FC-327DE71A16C7}"=Sorenson Squeeze 4.5
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}"=Sorenson Squeeze 4.5
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}"=Nero 8
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DCC8C8EB-4289-4ECA-8104-B72FE316C5C0}"=vtiger CRM 5.0.4
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}"=Point
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}"=Microsoft WSE 2.0 SP3 Runtime
"{F751F153-0D23-4ED5-85D5-BAE46893D1F9}"=Point
"{FBF09842-EB7F-4BC2-BD32-DDE2572B2195}"=ESET Smart Security
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe_5ac697db6c6103f6f8b5198d25f73f7"=Add or Remove Adobe Creative Suite 3 Master Collection
"AudioConSole"=Creative Audio Console
"BulletProof FTP Client_is1"=BulletProof FTP Client (remove only)
"ElcomSoft Password Recovery Studio 2006"=ElcomSoft Password Recovery Studio 2006
"ENTERPRISE"=Microsoft Office Enterprise 2007
"EsetOnlineScanner"=ESET Online Scanner
"GoldWave v5.25"=GoldWave v5.25
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"vixy converter BETA_is1"=vixy converter uninstall
"VLC media player"=VLC media player 0.9.6
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Vuze"=Vuze
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2008 11:57:05 PM | Computer Name = EXPERIEN-499116 | Source = MsiInstaller | ID = 11500
Description = Product: ESET Smart Security -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.

Error - 12/3/2008 11:21:13 PM | Computer Name = DRAGOS | Source = MsiInstaller | ID = 11904
Description = Product: Adobe Flash Player 9 ActiveX -- Error 1904.Module C:\WINDOWS\system32\Macromed\Flash\FlDbg9c.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 12/6/2008 4:54:07 PM | Computer Name = DRAGOS | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 8.1.0.137, faulting module
Acrobat.dll, version 8.1.0.137, fault address 0x00332e82.

Error - 12/8/2008 4:10:54 PM | Computer Name = DRAGOS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
npswf32.dll, version 9.0.115.0, fault address 0x0022a295.

Error - 12/9/2008 3:58:10 PM | Computer Name = DRAGOS | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\All Users\Application
Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\kav.en.msi is
not permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 12/9/2008 4:15:22 PM | Computer Name = DRAGOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/9/2008 4:15:46 PM | Computer Name = DRAGOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/9/2008 4:16:50 PM | Computer Name = DRAGOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/9/2008 4:16:50 PM | Computer Name = DRAGOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/17/2008 10:34:53 PM | Computer Name = DRAGOS | Source = Application Error | ID = 1000
Description = Faulting application squeeze.exe, version 4.5.304.23, faulting module
squeeze.exe, version 4.5.304.23, fault address 0x000719b0.

[ System Events ]
Error - 12/17/2008 12:47:30 AM | Computer Name = DRAGOS | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 f195c938, parameter2 000000ff, parameter3
00000001, parameter4 804e5609.

Error - 12/17/2008 12:55:04 AM | Computer Name = DRAGOS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/17/2008 12:55:05 AM | Computer Name = DRAGOS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/17/2008 12:56:43 AM | Computer Name = DRAGOS | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 f1a0f938, parameter2 000000ff, parameter3
00000001, parameter4 804e5609.

Error - 12/17/2008 5:35:47 PM | Computer Name = DRAGOS | Source = Service Control Manager | ID = 7034
Description = The NMIndexingService service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/17/2008 9:48:19 PM | Computer Name = DRAGOS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/17/2008 9:48:22 PM | Computer Name = DRAGOS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/18/2008 3:19:01 PM | Computer Name = DRAGOS | Source = Ftdisk | ID = 327711
Description = The fault tolerant driver could not read the on disk structures from
disk 7.

Error - 12/21/2008 3:59:00 PM | Computer Name = DRAGOS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/21/2008 3:59:07 PM | Computer Name = DRAGOS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users