Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Smitfraud-c, virtumonde.sdn, Win32.TDSS.rtk


  • Please log in to reply
10 replies to this topic

#1 swake13

swake13

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 08 May 2009 - 10:12 PM

I've run into something nasty (since my brother came to visit last weekend) and can't get rid of it. The malware sweepers I've run keep finding the same problems over and over. Spybot S&D keeps finding Smitfraud-C, Virtumonde.sdn and Win32.TDSS.rtk. Spy Sweeper keeps popping up saying something is trying to add chkdsk.lnk to the startup and I keep telling it to remove it. I've run Spybot S&D, Spy Sweeper, Malwarebytes, Smitfraudfix and Vundo. Every time I reboot and run any of the sweeping programs again, they find the same problems even though they said they successfully removed them before the reboot.

Any help would be greatly appreciated!

Thanks for looking at this for me.


Here is my DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Shawn at 21:54:45.20 on Fri 05/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1367 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ole2.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Documents and Settings\Shawn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {EA9E386F-6607-4C2B-A682-90E0EAE442CE} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [autochk] "rundll32.exe" c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [36X Raid Configurer] "c:\windows\system32\xRaidSetup.exe" boot
mRun: [JMB36X IDE Setup] "c:\windows\raidtool\xInsIDE.exe"
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [Kernel and Hardware Abstraction Layer] "c:\windows\KHALMNPR.EXE"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [<NO NAME>]
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher.exe"
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRun: [<NO NAME>] c:\windows\temp\gqp4fpd6.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\gqp4fpd6.exe
dRun: [Diagnostic Manager] c:\windows\temp\2123616880.exe
dRun: [A00FEFAA7.exe] c:\windows\temp\_A00FEFAA7.exe
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\documents and settings\shawn\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\shawn\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210381608700
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shawn\applic~1\mozilla\firefox\profiles\wkljzmxh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

============= SERVICES / DRIVERS ===============

R0 cn2487;cn2487;c:\windows\system32\drivers\cn2487.sys [2008-1-27 31744]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-5-9 13696]
R1 MemAlloc;MemAlloc;c:\windows\system32\drivers\MemAlloc.sys [2009-3-28 5543]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
R2 OLE multi config;OLE multi config;c:\windows\system32\ole2.exe [2009-4-19 221184]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-13 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-13 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-13 677128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-4-2 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-2-5 1181040]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-5-16 3768]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;c:\windows\system32\drivers\LStone2k.sys [2009-3-28 247936]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2005-3-10 227584]
S3 MovGDrv32;MovGDrv32;c:\windows\system32\drivers\MovGDrv32.sys [2008-8-10 508544]
S3 Ndisusb;GeneLink Network Driver;c:\windows\system32\drivers\genelan.sys [2009-1-28 11328]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [2009-3-28 136352]
S3 PciCon;PciCon;\??\m:\pcicon.sys --> m:\PciCon.sys [?]
S3 PL2501NW;Hi-Speed USB-USB Network Adapter;c:\windows\system32\drivers\pl2501nw.sys --> c:\windows\system32\drivers\PL2501NW.sys [?]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-10-18 200704]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys --> c:\windows\system32\drivers\ulink.sys [?]
S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\vnic.sys --> c:\windows\system32\drivers\VNic.sys [?]

=============== Created Last 30 ================

2009-05-08 21:52 446 a------- c:\windows\system32\win32hlp.cnf
2009-05-08 21:45 24,064 a--sh--- c:\documents and settings\shawn\protect.dll
2009-05-08 21:18 <DIR> --d----- C:\VundoFix Backups
2009-05-08 21:17 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-08 21:17 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-05-08 19:11 3,610 a------- c:\windows\system32\tmp.reg
2009-05-08 07:20 66,048 a------- c:\windows\system32\lds.exe
2009-05-07 19:56 <DIR> --d----- c:\docume~1\shawn\applic~1\r2 Studios
2009-05-07 19:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\r2 Studios
2009-05-07 19:56 <DIR> --d----- c:\program files\r2 Studios
2009-05-06 10:53 <DIR> --d----- c:\program files\Coupons
2009-05-05 21:21 683 a------- c:\windows\wininit.ini
2009-05-05 14:33 99,328 a------- c:\windows\system32\icucbo.dll
2009-05-05 14:33 99,328 a------- c:\windows\system32\hhnfddth.dll
2009-05-05 14:07 99,328 a------- c:\windows\system32\qloyumpn.dll
2009-05-05 14:07 99,328 a------- c:\windows\system32\lixziz.dll
2009-05-05 13:40 99,328 a------- c:\windows\system32\evbmip.dll
2009-05-05 13:40 99,328 a------- c:\windows\system32\ariduuvd.dll
2009-05-05 12:59 <DIR> --d----- c:\docume~1\shawn\applic~1\Malwarebytes
2009-05-05 12:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-05 12:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 12:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-05 12:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 12:18 104,960 ac------ c:\windows\system32\dllcache\userinit.exe
2009-05-05 11:45 <DIR> --d----- c:\program files\common files\Microsoft Update Engine
2009-05-01 23:06 <DIR> --d----- c:\program files\nLite
2009-05-01 22:47 <DIR> --d----- C:\bbie
2009-05-01 22:36 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-05-01 21:14 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-05-01 21:14 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-05-01 21:10 5,376 a------- c:\windows\system32\MSPCLOCK.sys
2009-05-01 21:03 299,923 a------- c:\windows\system32\drivers\sonyhcs.sys
2009-05-01 21:03 102,220 a------- c:\windows\system32\drivers\sonypvs1.sys
2009-05-01 21:03 53,248 a------- c:\windows\system32\SONYHCY.DLL
2009-05-01 21:03 38,739 a------- c:\windows\system32\drivers\sonyhcc.sys
2009-05-01 21:03 6,097 a------- c:\windows\system32\drivers\sonyhcb.sys
2009-05-01 21:03 3,654 a------- c:\windows\system32\drivers\Sonyhcp.dll
2009-05-01 21:03 <DIR> --d----- C:\Drivers
2009-04-29 19:57 103,872 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-04-28 09:59 3,176 a------- c:\windows\system32\gafilter.sti
2009-04-28 09:59 4,808 a------- c:\windows\system32\gaeffect.sti
2009-04-28 08:16 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-28 08:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-26 10:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MediaMonkey
2009-04-26 09:51 <DIR> --d----- c:\program files\Walmart MP3 Music Downloads
2009-04-24 22:50 <DIR> --d----- c:\program files\common files\Stardock
2009-04-24 22:50 <DIR> --d----- c:\program files\Stardock
2009-04-24 22:46 427 a------- c:\windows\ULEAD32.INI
2009-04-24 22:46 1,056,768 a------- c:\windows\system32\ROBOEX32.DLL
2009-04-24 22:46 <DIR> --d----- c:\program files\Ulead Systems
2009-04-23 21:07 <DIR> --d----- c:\docume~1\shawn\applic~1\proDAD
2009-04-23 21:06 <DIR> --d----- c:\program files\LooksBuilderSE
2009-04-23 21:05 237,568 a----r-- c:\windows\system32\qtmlClient.dll
2009-04-23 21:05 69,632 a------- c:\windows\system32\MtxPreview.dll
2009-04-23 21:05 49,152 a------- c:\windows\system32\MtxParhBFXPreview.dll
2009-04-23 21:05 49,152 a------- c:\windows\system32\CvoAPI.dll
2009-04-23 21:05 45,056 a------- c:\windows\system32\BFXSrcFilter.ax
2009-04-23 21:05 0 a------- c:\windows\Graffiti5.2Pin.ini
2009-04-23 21:05 <DIR> --d----- c:\program files\Boris FX, Inc
2009-04-23 21:00 <DIR> --d----- c:\program files\common files\Pinnacle
2009-04-23 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pinnacle Studio Ultimate
2009-04-23 20:55 <DIR> --d----- c:\program files\common files\Yahoo!
2009-04-23 20:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Studio 12
2009-04-23 20:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pinnacle Studio Plus
2009-04-22 09:28 <DIR> --d----- c:\docume~1\shawn\applic~1\Red Chair Software
2009-04-22 08:56 509,448 a------- c:\windows\system32\XAudio2_2.dll
2009-04-22 08:56 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2009-04-22 08:56 238,088 a------- c:\windows\system32\xactengine3_2.dll
2009-04-22 08:56 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2009-04-22 08:56 467,984 a------- c:\windows\system32\d3dx10_39.dll
2009-04-22 08:56 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2009-04-22 08:56 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2009-04-22 08:56 443,752 a------- c:\windows\system32\d3dx10_34.dll
2009-04-22 08:55 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2009-04-22 08:55 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-04-22 08:55 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-04-21 22:13 <DIR> --d----- c:\program files\AutoCAD 2010
2009-04-21 22:12 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-04-21 22:12 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-04-21 22:12 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-04-21 22:12 <DIR> --d----- c:\windows\Logs
2009-04-21 12:08 <DIR> --d----- c:\program files\caws
2009-04-20 21:28 111,992 a------- c:\windows\system32\acaptuser32.dll
2009-04-20 19:14 <DIR> --d----- c:\program files\Easy Icon Maker
2009-04-19 18:18 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-04-19 18:18 45,392 a------- c:\windows\system32\AdobePDF.dll
2009-04-19 16:18 151 a------- c:\windows\system32\dxcombin.inf
2009-04-19 16:18 221,184 a------- c:\windows\system32\ole2.exe
2009-04-19 12:07 <DIR> --d----- c:\docume~1\shawn\applic~1\Creative Home
2009-04-19 09:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Home
2009-04-19 08:54 <DIR> --d----- c:\program files\Microsoft Streets & Trips 2009
2009-04-19 00:29 <DIR> --d----- C:\CompChecker
2009-04-19 00:26 <DIR> --d----- c:\program files\MSECache
2009-04-19 00:10 <DIR> --d----- c:\program files\gBurner
2009-04-17 13:42 <DIR> --d----- c:\program files\PeerGuardian2
2009-04-17 13:32 361,600 a------- c:\windows\system32\drivers\tcpip.copy
2009-04-17 13:24 <DIR> --d----- c:\program files\uTorrent
2009-04-17 13:24 <DIR> --d----- c:\docume~1\shawn\applic~1\uTorrent
2009-04-16 22:24 <DIR> --d----- c:\program files\Vstplugins
2009-04-16 00:12 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 00:12 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 00:12 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 00:12 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 00:12 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 00:12 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 00:12 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 00:12 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 00:12 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 20:45 <DIR> --d----- C:\Bookmarks
2009-04-15 15:27 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 15:27 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:27 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 09:38 <DIR> --d----- c:\program files\SuperNZB
2009-04-14 21:32 <DIR> --d----- c:\program files\FLAC
2009-04-11 10:33 <DIR> --dsh--- c:\windows\ftpcache

==================== Find3M ====================

2009-05-05 12:18 104,960 a------- c:\windows\system32\userinit.exe
2009-04-19 20:51 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-04-06 13:32 1,563,008 a------- c:\windows\WRSetup.dll
2009-04-02 18:08 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-02 18:08 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 18:08 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-02 14:30 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-04-02 14:30 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-04-02 14:30 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-27 20:36 290,816 a------- c:\windows\system32\TubeFinder.exe
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-26 15:25 218,624 a------- c:\windows\system32\uxtheme.dll
2009-02-17 08:33 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:14 14,488 a------- c:\windows\system32\AcSignExtRes.dll
2009-02-09 04:13 429,720 a------- c:\windows\system32\AcSignOpt.exe
2009-02-09 04:13 43,160 a------- c:\windows\system32\AcSignIcon.dll
2009-02-09 04:13 29,848 a------- c:\windows\system32\AcSignExt.dll
2009-02-05 22:15 0 a------- c:\program files\WMHelper.log
2008-12-12 13:46 2,698,040 a------- c:\program files\UIXcontrols.dll
2008-12-12 13:45 1,682,232 a------- c:\program files\UIX.dll
2008-12-12 13:45 985,912 a------- c:\program files\ZuneShell.dll
2008-12-12 13:45 636,728 a------- c:\program files\ZuneDBApi.dll
2008-12-12 13:45 686,904 a------- c:\program files\UIX.renderapi.dll
2008-12-12 13:40 59,008 a------- c:\program files\ZuneDXVA2.dll
2008-12-12 13:40 50,304 a------- c:\program files\ZuneCfg.dll
2008-12-12 13:40 44,160 a------- c:\program files\ZuneConfig.exe
2008-12-12 13:40 43,136 a------- c:\program files\ZuneShellExt.dll
2008-12-12 13:40 39,552 a------- c:\program files\ZuneEnc.exe
2008-12-12 13:40 32,384 a------- c:\program files\UIXsup.dll
2008-12-12 13:40 21,120 a------- c:\program files\ZunePS.dll
2008-12-12 13:40 19,072 a------- c:\program files\ZuneShare.exe
2008-11-10 13:15 232,448 a------- c:\program files\l3codecp.acm
2008-09-12 15:42 802 a------- c:\program files\Zune.exe.config
2008-09-12 15:41 155,552 a------- c:\program files\softwaremap_frc.png
2008-09-12 15:41 1,922 a------- c:\program files\TopBar.gif
2008-09-12 15:41 1,885 a------- c:\program files\ZuneLogo.gif
2008-09-12 15:41 156,314 a------- c:\program files\softwaremap_esm.png
2008-09-12 15:41 152,910 a------- c:\program files\softwaremap.png
2008-09-12 15:41 302 a------- c:\program files\Background.jpg
2008-09-12 15:41 54 a------- c:\program files\Arrow.gif
2008-09-12 15:38 382,240 a------- c:\program files\WMHelper.dll
2008-06-26 18:02 0 -------- c:\documents and settings\shawn\Shawn_notes.dat
2007-08-27 16:56 1,089,440 a------- c:\program files\msidcrl40.dll
2008-06-26 14:17 1,264 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:55:13.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 09 May 2009 - 05:22 AM

Hi swake13,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 swake13

swake13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 09 May 2009 - 07:43 AM

Hello m0le!

Thank you for taking this on. I envy you for what you're learning.

I am here and will patiently await your instructions.

Thanks again!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 10 May 2009 - 10:02 AM

Hi swake13,

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

On with the fix...

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 swake13

swake13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 10 May 2009 - 10:32 PM

Thanks m0le.

Here is my Combofix.txt log.

ComboFix 09-05-09.05 - Shawn 05/10/2009 22:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1552 [GMT -5:00]
Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated)
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\protect.dll
c:\documents and settings\NetworkService\protect.dll
c:\documents and settings\Shawn\protect.dll
c:\documents and settings\Shawn\Start Menu\Programs\StartUp\ChkDisk.dll
c:\documents and settings\Shawn\Start Menu\Programs\StartUp\ChkDisk.lnk
c:\windows\system32\ariduuvd.dll
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\drivers\ovfsthxpfdufuoa.sys
c:\windows\system32\evbmip.dll
c:\windows\system32\hhnfddth.dll
c:\windows\system32\icucbo.dll
c:\windows\system32\lixziz.dll
c:\windows\system32\lmn_setup.exe
c:\windows\system32\ovfsthxmwqfssqi.dll
c:\windows\system32\ovfsthxnvijvvat.dat
c:\windows\system32\ovfsthxpqmegcqm.dll
c:\windows\system32\ovfsthxsesceyqb.dat
c:\windows\system32\ovfsthxuycqdivi.dll
c:\windows\system32\qloyumpn.dll
c:\windows\system32\tmp.reg
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxmnipvmum


((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-09 02:18 . 2009-05-09 02:18 -------- d-----w C:\VundoFix Backups
2009-05-08 12:20 . 2009-05-08 12:20 66048 ----a-w c:\windows\system32\lds.exe
2009-05-08 00:56 . 2009-05-08 00:56 -------- d-----w c:\documents and settings\Shawn\Application Data\r2 Studios
2009-05-08 00:56 . 2009-05-08 00:56 -------- d-----w c:\documents and settings\All Users\Application Data\r2 Studios
2009-05-08 00:56 . 2009-05-08 00:56 -------- d-----w c:\program files\r2 Studios
2009-05-06 15:53 . 2009-05-08 13:51 -------- d-----w c:\program files\Coupons
2009-05-06 04:21 . 2009-05-06 06:19 -------- d-----w c:\documents and settings\Shawn\Application Data\Download Manager
2009-05-05 17:59 . 2009-05-05 17:59 -------- d-----w c:\documents and settings\Shawn\Application Data\Malwarebytes
2009-05-05 17:59 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 17:59 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 17:59 . 2009-05-05 17:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-05 17:59 . 2009-05-05 17:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-05 17:18 . 2009-05-05 17:18 104960 -c--a-w c:\windows\system32\dllcache\userinit.exe
2009-05-05 17:04 . 2009-05-05 17:04 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-05-05 16:47 . 2009-05-05 16:47 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-05 16:45 . 2009-05-05 16:49 -------- d-----w c:\program files\Common Files\Microsoft Update Engine
2009-05-02 04:06 . 2009-05-02 04:51 -------- d-----w c:\program files\nLite
2009-05-02 03:47 . 2009-05-02 03:49 -------- d-----w C:\bbie
2009-05-02 03:36 . 2009-05-02 03:36 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-02 02:14 . 2008-04-13 18:45 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-05-02 02:14 . 2008-04-13 18:45 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-05-02 02:10 . 2008-04-13 18:39 5376 ----a-w c:\windows\system32\MSPCLOCK.sys
2009-05-02 02:03 . 2001-11-05 14:23 299923 ----a-w c:\windows\system32\drivers\sonyhcs.sys
2009-05-02 02:03 . 2001-07-04 01:39 3654 ----a-w c:\windows\system32\drivers\Sonyhcp.dll
2009-05-02 02:03 . 2001-11-05 14:23 38739 ----a-w c:\windows\system32\drivers\sonyhcc.sys
2009-05-02 02:03 . 2001-11-05 14:23 6097 ----a-w c:\windows\system32\drivers\sonyhcb.sys
2009-05-02 02:03 . 2001-07-04 01:33 53248 ----a-w c:\windows\system32\SONYHCY.DLL
2009-05-02 02:03 . 2002-10-16 03:41 102220 ----a-w c:\windows\system32\drivers\sonypvs1.sys
2009-05-02 02:03 . 2009-05-02 02:03 -------- d-----w C:\Drivers
2009-04-30 00:57 . 2009-04-30 00:57 103872 ----a-w c:\windows\system32\drivers\AnyDVD.sys
2009-04-29 23:41 . 2009-04-29 23:41 -------- d-sh--w c:\documents and settings\Default User\IETldCache
2009-04-28 13:16 . 2009-05-06 02:13 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-28 13:16 . 2009-05-08 23:41 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-26 15:48 . 2009-04-26 15:48 -------- d-----w c:\documents and settings\All Users\Application Data\MediaMonkey
2009-04-26 14:51 . 2009-04-26 14:51 -------- d-----w c:\documents and settings\Shawn\Local Settings\Application Data\Walmart MP3 Music Downloads
2009-04-26 14:51 . 2009-04-26 14:51 -------- d-----w c:\program files\Walmart MP3 Music Downloads
2009-04-25 03:50 . 2009-04-25 03:50 -------- d-----w c:\program files\Common Files\Stardock
2009-04-25 03:50 . 2009-04-25 03:50 -------- d-----w c:\program files\Stardock
2009-04-25 03:46 . 2009-04-25 03:46 -------- d-----w c:\program files\Ulead Systems
2009-04-25 03:46 . 1999-10-15 17:50 1056768 ----a-w c:\windows\system32\ROBOEX32.DLL
2009-04-24 02:07 . 2009-04-24 02:07 -------- d-----w c:\documents and settings\Shawn\Application Data\proDAD
2009-04-24 02:06 . 2009-04-24 02:07 -------- d-----w c:\program files\LooksBuilderSE
2009-04-24 02:05 . 2003-06-26 15:04 237568 ----a-r c:\windows\system32\qtmlClient.dll
2009-04-24 02:05 . 2003-07-01 21:49 69632 ----a-w c:\windows\system32\MtxPreview.dll
2009-04-24 02:05 . 2003-07-01 21:49 49152 ----a-w c:\windows\system32\MtxParhBFXPreview.dll
2009-04-24 02:05 . 2003-01-20 14:08 49152 ----a-w c:\windows\system32\CvoAPI.dll
2009-04-24 02:05 . 2009-04-24 02:05 -------- d-----w c:\program files\Boris FX, Inc
2009-04-24 02:00 . 2009-04-24 02:00 -------- d-----w c:\program files\Common Files\Pinnacle
2009-04-24 02:00 . 2009-04-24 02:00 -------- d-----w c:\documents and settings\Shawn\Local Settings\Application Data\Downloaded Installations
2009-04-24 02:00 . 2009-04-24 02:26 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2009-04-24 01:55 . 2009-04-24 01:55 -------- d-----w c:\program files\Common Files\Yahoo!
2009-04-24 01:55 . 2009-04-24 01:55 -------- d-----w c:\documents and settings\All Users\Application Data\Studio 12
2009-04-24 01:55 . 2009-04-24 01:55 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2009-04-22 14:28 . 2009-04-22 14:28 -------- d-----w c:\documents and settings\Shawn\Application Data\Red Chair Software
2009-04-22 13:56 . 2008-07-31 15:41 68616 ----a-w c:\windows\system32\XAPOFX1_1.dll
2009-04-22 13:56 . 2008-07-31 15:40 509448 ----a-w c:\windows\system32\XAudio2_2.dll
2009-04-22 13:56 . 2008-07-31 15:41 238088 ----a-w c:\windows\system32\xactengine3_2.dll
2009-04-22 13:56 . 2008-07-12 13:18 1493528 ----a-w c:\windows\system32\D3DCompiler_39.dll
2009-04-22 13:56 . 2008-07-12 13:18 467984 ----a-w c:\windows\system32\d3dx10_39.dll
2009-04-22 13:56 . 2008-07-12 13:18 3851784 ----a-w c:\windows\system32\D3DX9_39.dll
2009-04-22 13:56 . 2007-05-16 21:45 443752 ----a-w c:\windows\system32\d3dx10_34.dll
2009-04-22 13:56 . 2007-05-16 21:45 1124720 ----a-w c:\windows\system32\D3DCompiler_34.dll
2009-04-22 13:55 . 2007-05-16 21:45 3497832 ----a-w c:\windows\system32\d3dx9_34.dll
2009-04-22 13:55 . 2006-11-29 18:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-22 13:55 . 2006-09-28 21:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll
2009-04-22 03:13 . 2009-04-22 03:22 -------- d-----w c:\program files\AutoCAD 2010
2009-04-22 03:12 . 2008-03-05 20:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll
2009-04-22 03:12 . 2008-02-06 04:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll
2009-04-22 03:12 . 2008-03-05 20:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2009-04-22 03:12 . 2009-04-22 03:12 -------- d-----w c:\windows\Logs
2009-04-21 17:08 . 2009-04-21 17:10 -------- d-----w c:\program files\caws
2009-04-21 02:28 . 2009-02-27 17:55 111992 ----a-w c:\windows\system32\acaptuser32.dll
2009-04-21 00:14 . 2009-04-21 00:16 -------- d-----w c:\program files\Easy Icon Maker
2009-04-19 23:18 . 2008-04-07 10:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-19 23:18 . 2008-04-07 10:38 45392 ----a-w c:\windows\system32\AdobePDF.dll
2009-04-19 21:28 . 2009-05-11 03:03 1082144 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-19 21:18 . 2009-04-19 21:18 221184 ----a-w c:\windows\system32\ole2.exe
2009-04-19 21:09 . 2009-04-19 21:09 -------- d-----w c:\program files\Adobe Media Player
2009-04-19 21:02 . 2009-04-19 21:02 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-19 17:07 . 2009-04-19 17:07 -------- d-----w c:\documents and settings\Shawn\Application Data\Creative Home
2009-04-19 14:36 . 2009-04-25 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Creative Home
2009-04-19 13:54 . 2009-04-19 13:55 -------- d-----w c:\program files\Microsoft Streets & Trips 2009
2009-04-19 05:29 . 2009-04-19 05:29 -------- d-----w C:\CompChecker
2009-04-19 05:26 . 2009-04-19 05:26 -------- d-----w c:\program files\MSECache
2009-04-19 05:10 . 2009-04-19 05:10 -------- d-----w c:\program files\gBurner
2009-04-17 18:42 . 2009-05-08 01:00 -------- d-----w c:\program files\PeerGuardian2
2009-04-17 18:24 . 2009-04-17 18:24 -------- d-----w c:\program files\uTorrent
2009-04-17 18:24 . 2009-05-08 12:26 -------- d-----w c:\documents and settings\Shawn\Application Data\uTorrent
2009-04-17 03:30 . 2009-04-17 03:30 -------- d-----w c:\documents and settings\Shawn\Application Data\Publish Providers
2009-04-17 03:30 . 2009-04-17 03:30 -------- d-----w c:\documents and settings\Shawn\Local Settings\Application Data\Sony
2009-04-17 03:24 . 2009-04-17 03:24 -------- d-----w c:\program files\Vstplugins
2009-04-16 05:12 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 05:12 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 05:12 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 05:12 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 05:12 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 05:12 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 05:12 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 05:12 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 05:12 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 02:02 . 2009-04-16 02:02 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-16 01:45 . 2009-04-16 01:45 -------- d-----w C:\Bookmarks
2009-04-15 20:27 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 20:27 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 17:43 . 2009-04-15 17:43 -------- d-----w c:\documents and settings\Shawn\Local Settings\Application Data\Identities
2009-04-15 14:38 . 2009-04-15 14:38 -------- d-----w c:\program files\SuperNZB
2009-04-15 02:32 . 2009-04-15 02:32 -------- d-----w c:\program files\FLAC
2009-04-11 15:33 . 2009-04-11 15:33 -------- d-sh--w c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 15:12 . 2008-07-25 14:10 -------- d-----w c:\program files\Nero
2009-05-08 13:51 . 2008-07-29 02:40 -------- d-----w c:\program files\Collectorz.com
2009-05-08 13:48 . 2008-05-16 00:48 -------- d-----w c:\program files\Common Files\Nero
2009-05-08 02:13 . 2008-05-10 01:39 183032 ----a-w c:\documents and settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 17:16 . 2009-05-06 17:16 -------- d-----w c:\windows\Fonts\Fonts
2009-05-05 17:18 . 2003-03-31 12:00 104960 ----a-w c:\windows\system32\userinit.exe
2009-05-05 17:03 . 2008-05-10 06:09 -------- d-----w c:\program files\Common Files\Adobe
2009-05-02 02:03 . 2008-05-10 01:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 16:47 . 2008-05-22 06:30 -------- d-----w c:\program files\Microsoft Works
2009-04-27 00:14 . 2008-05-10 15:19 -------- d-----w c:\program files\Java
2009-04-26 14:24 . 2008-08-17 01:01 -------- d-----w c:\program files\Sprint Instinct Applications
2009-04-25 02:56 . 2008-05-14 14:04 -------- d-----w c:\program files\Sony
2009-04-25 02:53 . 2008-11-09 04:42 -------- d-----w c:\program files\Creative Home
2009-04-25 02:49 . 2008-05-13 05:00 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-24 02:07 . 2009-03-29 01:23 -------- d-----w c:\program files\proDAD
2009-04-24 02:04 . 2009-03-28 19:50 -------- d-----w c:\program files\Pinnacle
2009-04-22 14:28 . 2008-05-13 04:28 -------- d-----w c:\program files\Red Chair Software
2009-04-22 14:02 . 2008-05-13 05:00 -------- d-----w c:\program files\Autodesk
2009-04-20 01:51 . 2003-03-31 12:00 361600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-19 23:33 . 2008-08-15 13:59 -------- d-----w c:\program files\CCleaner
2009-04-15 14:46 . 2008-05-10 03:40 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-13 20:55 . 2009-04-06 03:52 164 ----a-w c:\windows\install.dat
2009-04-06 18:32 . 2008-05-10 02:10 1563008 ----a-w c:\windows\WRSetup.dll
2009-04-06 13:28 . 2009-04-06 13:28 -------- d-----w c:\program files\Wallpaper Rotator
2009-04-06 01:30 . 2008-08-11 02:21 -------- d-----w c:\program files\Free FLV Converter
2009-04-02 23:08 . 2009-03-13 17:45 50192 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-02 23:08 . 2009-03-13 17:45 50192 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 23:08 . 2009-03-13 17:45 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-02 19:30 . 2008-08-06 18:58 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-04-02 19:30 . 2008-08-06 18:58 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-04-02 19:30 . 2008-08-09 19:42 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-29 01:17 . 2009-03-29 01:16 -------- d-----w c:\program files\AdorageI-GfxDatas
2009-03-29 01:16 . 2009-03-29 01:16 -------- d-----w c:\program files\AdorageI-SAL
2009-03-28 23:18 . 2009-03-28 23:18 -------- d-----w c:\program files\SmartSound Software
2009-03-28 01:36 . 2008-08-11 02:21 290816 ----a-w c:\windows\system32\TubeFinder.exe
2009-03-14 14:18 . 2009-03-14 14:09 -------- d-----w c:\program files\Rhapsody
2009-03-13 17:45 . 2008-05-10 01:57 -------- d-----w c:\program files\Trend Micro
2009-03-13 15:18 . 2009-03-13 15:18 -------- d-----w c:\program files\7-Zip
2009-03-09 10:19 . 2008-12-01 22:18 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 09:34 . 2003-03-31 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2003-03-31 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2003-03-31 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2003-03-31 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2003-03-31 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2003-03-31 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2003-03-31 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2003-03-31 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2003-03-31 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 02:17 . 2009-03-13 17:33 36368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2009-03-06 02:17 . 2009-03-13 17:33 205328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2009-03-06 02:17 . 2009-03-13 17:33 1195512 ----a-w c:\windows\system32\drivers\vsapint.sys
2009-03-03 23:12 . 2009-03-13 17:33 80400 ----a-w c:\windows\system32\drivers\tmtdi.sys
2009-02-26 20:25 . 2003-03-31 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-02-17 17:11 . 2009-02-17 17:11 24232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 . 2009-02-17 13:33 89256 ----a-w c:\windows\system32\ElbyCDIO.dll
2009-02-06 03:15 . 2009-02-06 03:15 0 ----a-w c:\program files\WMHelper.log
2008-12-12 18:46 . 2008-12-12 18:46 2698040 ----a-w c:\program files\UIXcontrols.dll
2008-12-12 18:45 . 2008-12-12 18:45 985912 ----a-w c:\program files\ZuneShell.dll
2008-12-12 18:45 . 2008-12-12 18:45 636728 ----a-w c:\program files\ZuneDBApi.dll
2008-12-12 18:45 . 2008-12-12 18:45 1682232 ----a-w c:\program files\UIX.dll
2008-12-12 18:45 . 2008-12-12 18:45 686904 ----a-w c:\program files\UIX.renderapi.dll
2008-12-12 18:40 . 2008-12-12 18:40 59008 ----a-w c:\program files\ZuneDXVA2.dll
2008-12-12 18:40 . 2008-12-12 18:40 50304 ----a-w c:\program files\ZuneCfg.dll
2008-12-12 18:40 . 2008-12-12 18:40 44160 ----a-w c:\program files\ZuneConfig.exe
2008-12-12 18:40 . 2008-12-12 18:40 43136 ----a-w c:\program files\ZuneShellExt.dll
2008-12-12 18:40 . 2008-12-12 18:40 39552 ----a-w c:\program files\ZuneEnc.exe
2008-12-12 18:40 . 2008-12-12 18:40 32384 ----a-w c:\program files\UIXsup.dll
2008-12-12 18:40 . 2008-12-12 18:40 21120 ----a-w c:\program files\ZunePS.dll
2008-12-12 18:40 . 2008-12-12 18:40 19072 ----a-w c:\program files\ZuneShare.exe
2008-11-10 18:15 . 2008-11-10 18:15 232448 ----a-w c:\program files\l3codecp.acm
2008-09-12 20:42 . 2008-09-12 20:42 802 ----a-w c:\program files\Zune.exe.config
2008-09-12 20:41 . 2008-09-12 20:41 1922 ----a-w c:\program files\TopBar.gif
2008-09-12 20:41 . 2008-09-12 20:41 1885 ----a-w c:\program files\ZuneLogo.gif
2008-09-12 20:41 . 2008-09-12 20:41 155552 ----a-w c:\program files\softwaremap_frc.png
2008-09-12 20:41 . 2008-09-12 20:41 54 ----a-w c:\program files\Arrow.gif
2008-09-12 20:41 . 2008-09-12 20:41 302 ----a-w c:\program files\Background.jpg
2008-09-12 20:41 . 2008-09-12 20:41 156314 ----a-w c:\program files\softwaremap_esm.png
2008-09-12 20:41 . 2008-09-12 20:41 152910 ----a-w c:\program files\softwaremap.png
2008-09-12 20:38 . 2008-09-12 20:38 382240 ----a-w c:\program files\WMHelper.dll
2007-08-27 21:56 . 2007-08-27 21:56 1089440 ----a-w c:\program files\msidcrl40.dll
2008-05-10 05:57 . 2008-05-10 05:49 48 --sh--w c:\windows\SD652A234.tmp
2008-06-26 19:17 . 2008-05-17 16:36 1264 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2009-04-20 01:51 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12 1540608 891CC147CC1EAA759A7DA3050E7446FF c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 00:12 1540608 891CC147CC1EAA759A7DA3050E7446FF c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-05-05 17:18 104960 8AE20893068F58D97EDE547B922D3505 c:\windows\system32\userinit.exe
[-] 2009-05-05 17:18 104960 8AE20893068F58D97EDE547B922D3505 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"Kernel and Hardware Abstraction Layer"="c:\windows\KHALMNPR.EXE" [2008-02-29 76304]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 258856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-06-20 16:09 10536 ------w c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ------w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ePad995.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ePad995.lnk
backup=c:\windows\pss\ePad995.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2008.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk
backup=c:\windows\pss\Event Planner Reminder 2008.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shawn^Start Menu^Programs^Startup^Sprint media monitor.lnk]
path=c:\documents and settings\Shawn\Start Menu\Programs\Startup\Sprint media monitor.lnk
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 cn2487;cn2487;c:\windows\system32\drivers\cn2487.sys [1/27/2008 9:26 AM 31744]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [5/9/2008 9:27 PM 13696]
R1 MemAlloc;MemAlloc;c:\windows\system32\drivers\MemAlloc.sys [3/28/2009 3:06 PM 5543]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 12:45 AM 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016]
R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [9/2/2003 4:06 PM 20064]
R2 OLE multi config;OLE multi config;c:\windows\system32\ole2.exe [4/19/2009 4:18 PM 221184]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/13/2009 12:45 PM 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/13/2009 12:33 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/13/2009 12:46 PM 677128]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2/5/2009 3:46 PM 1181040]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [5/16/2008 9:35 PM 3768]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;c:\windows\system32\drivers\LStone2k.sys [3/28/2009 3:06 PM 247936]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [3/10/2005 7:42 AM 227584]
S3 MovGDrv32;MovGDrv32;c:\windows\system32\drivers\MovGDrv32.sys [8/10/2008 6:02 PM 508544]
S3 Ndisusb;GeneLink Network Driver;c:\windows\system32\drivers\genelan.sys [1/28/2009 10:24 PM 11328]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [3/28/2009 3:01 PM 136352]
S3 PciCon;PciCon;\??\m:\pcicon.sys --> m:\PciCon.sys [?]
S3 PL2501NW;Hi-Speed USB-USB Network Adapter;c:\windows\system32\DRIVERS\PL2501NW.sys --> c:\windows\system32\DRIVERS\PL2501NW.sys [?]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [10/18/2008 7:31 AM 200704]
S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4c9bc6f-1dff-11dd-8050-806d6172696f}]
\Shell\AutoRun\command - I:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f671c19a-22b2-11dd-bb89-001b11bae529}]
\Shell\AutoRun\command - o:\wd_windows_tools\WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-05-07 c:\windows\Tasks\wrSpySweeper_L09904FA00C7A47AE89BA56DB640087F8.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-06 18:32]

2009-05-07 c:\windows\Tasks\wrSpySweeper_L09904FA00C7A47AE89BA56DB640087F8.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-06 18:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{EA9E386F-6607-4C2B-A682-90E0EAE442CE} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\gqp4fpd6.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\2123616880.exe
HKU-Default-Run-A00FEFAA7.exe - c:\windows\TEMP\_A00FEFAA7.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Shawn\Application Data\Mozilla\Firefox\Profiles\wkljzmxh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,7a,d9,85,de,e7,78,46,9d,a6,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,7a,d9,85,de,e7,78,46,9d,a6,92,\

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,bf,3d,c6,cd,0c,
70,d9,e4,2e,e8,e1,00,eb,16,2b,de,b1,a5,7b,7e,d7,0c,dd,64,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,5d,97,69,e5,12,
56,9e,ad,46,47,15,b0,92,4b,c7,ef,05,af,0a,5e,1e,df,6a,3a,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e6,76,82,38,8c,
c2,ed,47,7a,45,05,fd,91,e8,6f,31,46,8c,6f,70,61,30,93,20,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,da,39,d3,bb,
e6,42,eb,6b,65,49,6a,7e,99,74,f7,e4,8e,3c,38,b1,2b,c3,8a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,5c,99,7c,ce,2f,
73,ff,25,e9,02,6c,fa,fb,1d,47,57,e7,49,ae,25,d2,ec,4a,63,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f4,64,8d,5e,ca,
d3,56,cb,50,93,e5,ab,ec,6a,4e,ab,01,f4,02,9f,9e,f5,7e,a8,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,bc,6f,a9,4d,a0,
f0,36,0e,97,20,4e,9a,c7,f1,35,ee,79,13,fb,d9,f4,67,a5,9a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e5,24,09,c4,86,
a9,c0,a5,aa,52,c6,00,84,3c,26,64,f3,15,90,4b,02,f1,ac,3c,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,6d,eb,df,00,96,
36,28,52,b2,46,9a,e2,1b,fe,1b,94,6f,34,f5,0a,38,74,fd,1a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e9,00,a8,11,99,
1c,45,63,37,a4,aa,c3,a6,15,56,0a,19,55,22,1c,54,70,6c,8f,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,af,48,df,47,f8,
b2,18,3d,f8,31,0f,a9,5f,a0,ec,fb,34,cc,9b,83,e2,e4,90,ac,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,8f,dc,da,c7,0b,
17,92,73,05,73,21,dd,54,d8,4a,c5,2d,3d,cc,02,d5,5c,c5,71,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙À•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\SETUPAPI.dll
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2009-05-11 22:15
ComboFix-quarantined-files.txt 2009-05-11 03:15

Pre-Run: 382,052,884,480 bytes free
Post-Run: 382,036,238,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

494 --- E O F --- 2009-04-29 23:42

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 14 May 2009 - 11:52 AM

Hi swake13,

If you just reinstalled then you are likely to still be infected. Please do the following scan so I can see what remains.

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please also post your MBAM log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 swake13

swake13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 14 May 2009 - 03:13 PM

Here is the MBAM log file:

Malwarebytes' Anti-Malware 1.36
Database version: 2112
Windows 5.1.2600 Service Pack 3

5/14/2009 3:06:59 PM
mbam-log-2009-05-14 (15-06-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 238329
Time elapsed: 1 hour(s), 17 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the OTViewit.txt log:

OTViewIt logfile created on: 5/14/2009 12:39:04 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Shawn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.05% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 361.95 Gb Free Space | 77.71% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 451.19 Gb Free Space | 96.87% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 102.85 Gb Free Space | 92.01% Space Free | Partition Type: NTFS
Drive F: | 1.93 Gb Total Space | 1.03 Gb Free Space | 53.50% Space Free | Partition Type: FAT
Drive G: | 114.48 Gb Total Space | 113.86 Gb Free Space | 99.45% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHAWN-DESK
Current User Name: Shawn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/04/13 15:57:26 | 01,181,040 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
[2008/01/19 01:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfHost.exe
[2009/03/03 03:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2007/06/20 11:09:14 | 00,258,856 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
[2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/06/20 11:09:06 | 00,592,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
[2009/03/12 17:36:24 | 00,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
[2007/06/20 11:09:12 | 00,251,176 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
[2007/06/20 11:09:16 | 00,905,512 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
[2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2009/04/19 16:18:31 | 00,221,184 | ---- | M] () -- C:\WINDOWS\system32\ole2.exe
[2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
[2009/03/31 22:24:36 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2009/03/31 22:24:54 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2009/04/02 14:29:58 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[2009/03/31 22:24:58 | 00,995,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2004/12/20 17:12:36 | 00,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
[2006/03/20 17:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008/04/14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/04/06 13:32:48 | 06,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2009/05/09 19:12:58 | 04,021,184 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[2008/04/14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/12/12 13:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
[2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
[2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[2009/04/02 14:29:58 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
[2007/06/20 11:09:10 | 00,470,312 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
[2007/06/20 11:09:10 | 00,529,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2host.exe
[2007/06/20 11:09:12 | 00,440,104 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2printh.exe
[2007/06/20 11:09:08 | 00,341,800 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
[2009/05/14 12:37:33 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shawn\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Stopped])
[2008/09/16 12:03:18 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0 [Auto | Stopped])
[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2009/04/19 16:00:11 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/06/20 11:09:14 | 00,258,856 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC [Auto | Running])
[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2009/03/12 17:36:24 | 00,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32 [Auto | Running])
[2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2009/04/19 16:18:31 | 00,221,184 | ---- | M] () -- C:\WINDOWS\system32\ole2.exe -- (OLE multi config [Auto | Running])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
[2009/03/31 22:24:36 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/10/17 14:42:58 | 00,200,704 | ---- | M] (SoundMovieServer) -- C:\WINDOWS\system32\snmvtsvc.exe -- (SoundMovieServer [On_Demand | Stopped])
[2009/03/03 03:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2009/03/31 22:24:54 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2009/04/02 14:29:58 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2009/04/13 15:57:26 | 01,181,040 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService [Auto | Running])
[2008/12/12 13:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
[2008/12/12 13:41:18 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
[2008/12/12 13:41:08 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
[2006/05/10 11:27:00 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2007/04/16 21:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM [System | Stopped])
[2009/05/09 18:40:09 | 00,103,872 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
[2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [System | Running])
[2001/11/19 17:29:56 | 00,031,744 | ---- | M] (ACARD Technology Corp.) -- C:\WINDOWS\system32\drivers\cn2487.sys -- (cn2487 [Boot | Running])
[2008/01/11 01:15:28 | 00,018,838 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr [On_Demand | Stopped])
[2007/02/15 19:57:04 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2009/02/17 12:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
[2007/02/15 19:56:49 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2007/03/07 23:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2007/03/07 23:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2007/03/07 23:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2008/04/03 14:58:46 | 00,076,688 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2008/02/29 03:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
[2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2008/02/29 03:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
[2002/04/08 21:02:32 | 00,247,936 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\LStone2k.sys -- (LStone [System | Stopped])
[2005/03/10 07:42:00 | 00,227,584 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3 [On_Demand | Stopped])
[2004/06/21 16:03:22 | 00,078,976 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
[2002/01/29 11:16:00 | 00,005,543 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MemAlloc.sys -- (MemAlloc [System | Running])
[2003/09/02 16:06:38 | 00,020,064 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\system32\MLPTDR_B.SYS -- (MLPTDR_B [Auto | Running])
[2008/05/09 21:58:24 | 00,062,592 | ---- | M] (Chic Tech.) -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr [On_Demand | Stopped])
[2008/06/04 10:30:06 | 00,508,544 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\system32\drivers\MovGDrv32.sys -- (MovGDrv32 [On_Demand | Stopped])
[2008/10/17 14:53:40 | 00,003,768 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys -- (MovRVDrv32 [On_Demand | Running])
[2008/04/13 13:46:10 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2001/07/10 14:03:50 | 00,011,328 | ---- | M] (Genesys Logic) -- C:\WINDOWS\system32\drivers\genelan.sys -- (Ndisusb [On_Demand | Stopped])
[2001/12/03 12:55:12 | 00,026,560 | ---- | M] (Zoran Ltd.) -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2 [On_Demand | Stopped])
[2000/07/16 11:52:42 | 00,136,352 | ---- | M] (Nogatech Ltd.) -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NUVision [On_Demand | Stopped])
[2001/12/03 12:55:14 | 00,155,264 | ---- | M] (Zoran Ltd.) -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (nuvvid2 [On_Demand | Stopped])
[2007/12/05 01:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/08/18 03:52:06 | 00,093,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2005/04/12 22:32:42 | 00,053,376 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Running])
[2006/06/01 08:41:26 | 00,034,944 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])
[2006/06/01 08:41:28 | 00,013,184 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2005/04/12 22:34:02 | 00,414,464 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Running])
[2008/04/14 00:26:08 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2003/03/31 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2003/03/31 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2002/03/19 10:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/13 00:16:33 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/10/17 14:53:38 | 00,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Running])
[2002/10/15 22:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/07/03 19:54:24 | 00,080,552 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
[2007/07/03 19:57:24 | 00,011,944 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
[2007/07/03 19:58:20 | 00,106,792 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
[2007/07/03 19:59:10 | 00,086,824 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd [On_Demand | Stopped])
[2009/04/02 14:30:08 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
[2009/04/02 14:30:10 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (SSHRMD [Boot | Running])
[2009/04/02 14:30:12 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (SSIDRV [Boot | Running])
[2008/01/04 20:34:36 | 00,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD [On_Demand | Stopped])
[2009/04/02 18:08:54 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2009/04/02 18:08:48 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2009/04/02 18:08:52 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2009/03/05 21:17:48 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2009/03/03 18:12:44 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2009/03/05 21:17:48 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2009/03/05 21:17:48 | 01,195,512 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2008/03/27 17:27:46 | 00,503,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2006/11/02 08:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB [On_Demand | Running])
[2003/03/31 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2007/12/06 09:51:00 | 00,285,952 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
[2008/11/10 13:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (635 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{EA9E386F-6607-4C2B-A682-90E0EAE442CE} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" boot (JMicron Technology Corp.)
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon (Citrix Online, a division of Citrix Systems, Inc.)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" ()
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" (Logitech, Inc.)
"NvCplDaemon"="RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"="RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" (NVIDIA Corporation)
"nwiz"="nwiz.exe" /install ()
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray (Webroot Software, Inc.)
"StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" (r2 studios)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" (SlySoft, Inc.)
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer-Networking Ltd.)

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" (SlySoft, Inc.)
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer-Networking Ltd.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoLogoff"=0
"NoRecentDocsMenu"=01 00 00 00 [binary data]
"ClearRecentDocsOnExit"=01 00 00 00 [binary data]
"NoRecentDocsHistory"=01 00 00 00 [binary data]
"NoRecentDocsNetHood"=01 00 00 00 [binary data]
"NoSMMyDocs"=01 00 00 00 [binary data]
"NoSMMyPictures"=01 00 00 00 [binary data]
"NoNetworkConnections"=01 00 00 00 [binary data]
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoLogoff"=0
"NoRecentDocsMenu"=01 00 00 00 [binary data]
"ClearRecentDocsOnExit"=01 00 00 00 [binary data]
"NoRecentDocsHistory"=01 00 00 00 [binary data]
"NoRecentDocsNetHood"=01 00 00 00 [binary data]
"NoSMMyDocs"=01 00 00 00 [binary data]
"NoSMMyPictures"=01 00 00 00 [binary data]
"NoNetworkConnections"=01 00 00 00 [binary data]
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append Link Target to Existing PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation)
Open with WordPerfect: C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta [2005/06/21 15:54:18 | 00,002,506 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Append Link Target to Existing PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009/02/27 12:12:19 | 00,349,576 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation)
Open with WordPerfect: C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta [2005/06/21 15:54:18 | 00,002,506 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{38E51477-DDB4-4aed-9D61-D0C193E10749}: Button: Rip YouTube File -- %ProgramFiles%\SoundTaxi\YouTubeRipper.dll [2008/10/17 14:46:06 | 00,335,872 | ---- | M] ()
{38E51477-DDB4-4aed-9D61-D0C193E10749}: Menu: Rip YouTube file embedded in this page -- %ProgramFiles%\SoundTaxi\YouTubeRipper.dll [2008/10/17 14:46:06 | 00,335,872 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 range(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 range(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 range(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1210381608700 -- WUWebControl Class
{74C861A1-D548-4916-BC8A-FDE92EDFF62C}: http://mediaplayer.walmart.com/installer/install.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13

========== (O17) DNS Name Servers ==========

{165DA414-D0D5-49C7-88EF-B21528A031CD} (Servers: | Description: )
{2FDDE606-B20D-4BD0-B656-7EE45A24BA0E} (Servers: | Description: D-Link DGE-530T Gigabit Ethernet Adapter (rev.:thumbup2:)
{36E229C0-C6A5-4CC2-932B-C74B782E70DF} (Servers: | Description: 1394 Net Adapter)
{C20029A6-EAF3-4511-B060-6C796F3379D1} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\acaptuser32.dll
>[2009/02/27 12:55:21 | 00,111,992 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\system32\acaptuser32.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
GoToMyPC: "DllName" = C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll -- C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
LBTWlgn: "DllName" = c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/05/09 19:51:16 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4c9bc6f-1dff-11dd-8050-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4c9bc6f-1dff-11dd-8050-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4c9bc6f-1dff-11dd-8050-806d6172696f}\Shell\AutoRun\command]
""=I:\setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f671c19a-22b2-11dd-bb89-001b11bae529}\Shell\AutoRun\command]
""=O:\wd_windows_tools\WDSetup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2009/05/14 12:37:32 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shawn\Desktop\OTViewIt.exe
[2009/05/14 02:00:28 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/14 02:00:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/05/14 00:09:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/05/13 18:41:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Service
[2009/05/13 17:03:53 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/13 17:03:51 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/13 17:03:51 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/13 17:03:15 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/13 16:33:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/13 16:18:41 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/05/13 16:18:41 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/05/13 16:18:41 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/05/13 16:18:41 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/05/13 16:18:40 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/05/13 16:18:40 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/05/13 16:18:40 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/05/13 16:18:40 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/05/13 16:18:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/05/13 16:18:40 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/05/13 16:18:38 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/05/13 16:18:37 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/05/13 16:18:36 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/05/13 16:18:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/05/13 16:18:36 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/05/13 16:18:36 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/05/13 16:18:36 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/05/13 16:18:34 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/05/13 16:18:34 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/05/13 16:18:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/05/13 16:18:33 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/05/13 16:18:33 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/05/13 16:18:31 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/05/13 16:18:31 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/05/13 16:18:31 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/05/13 16:18:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/05/13 16:18:31 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/05/13 16:18:31 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/05/13 16:18:31 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/05/13 16:18:31 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/05/13 16:18:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/05/13 16:18:30 | 00,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/05/13 16:18:30 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/05/13 16:18:30 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/05/13 16:18:30 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/05/13 16:18:30 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/05/13 16:18:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/05/13 16:18:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/05/13 16:18:29 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/05/13 16:18:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/05/13 16:18:29 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/05/13 16:18:29 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/05/13 16:18:29 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/05/13 16:18:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/05/13 16:18:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/05/13 16:18:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/05/13 16:18:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/05/13 16:18:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/05/13 16:18:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/05/13 16:18:29 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/05/13 16:18:28 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/05/13 16:18:26 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/05/13 16:18:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/05/13 16:18:25 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/05/13 16:18:25 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/05/13 16:18:25 | 00,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/05/13 16:18:25 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/05/13 16:18:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/05/13 16:18:23 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/05/13 16:18:23 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/05/13 16:18:22 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/05/13 16:18:22 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/05/13 16:18:22 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/05/13 16:18:21 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/05/13 16:18:20 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/05/13 16:18:20 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/05/13 16:18:20 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/05/13 16:18:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/05/13 16:18:19 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/05/13 16:18:16 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/05/13 16:18:16 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/05/13 16:18:15 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/05/13 16:18:13 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/05/13 16:18:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/05/13 16:18:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/05/13 16:18:04 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/05/13 16:18:04 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/05/13 16:18:04 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/05/13 16:18:04 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/05/13 16:18:03 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/05/13 16:18:03 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/05/13 16:18:02 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/05/13 16:18:02 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/05/13 16:18:02 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/05/13 16:18:02 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/05/13 16:18:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/05/13 16:18:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/05/13 16:18:00 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/05/13 16:18:00 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/05/13 16:17:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/05/13 16:17:59 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/05/13 16:17:59 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/05/13 16:17:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/05/13 16:17:58 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/05/13 16:17:57 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/05/13 16:17:57 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/05/13 16:17:57 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/05/13 16:17:57 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/05/13 16:17:57 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/05/13 16:17:57 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/05/13 16:17:56 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/05/13 16:17:56 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/05/13 16:17:56 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/05/13 16:17:56 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/05/13 16:17:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/05/13 16:17:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/05/13 16:17:56 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/05/13 16:17:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/05/13 16:17:55 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/05/13 16:17:55 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/05/13 16:17:55 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/05/13 16:17:54 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/05/13 16:17:53 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/05/13 16:17:53 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/05/13 16:17:52 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/05/13 16:17:52 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/05/13 16:17:52 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2009/05/13 16:17:52 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/05/13 16:17:52 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/05/13 16:17:52 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/05/13 16:17:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/05/13 16:17:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/05/13 16:17:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/05/13 16:17:52 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/05/13 16:17:52 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/05/13 16:17:51 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/05/13 16:17:51 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/05/13 16:17:51 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2009/05/13 16:17:51 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2009/05/13 16:17:51 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/05/13 16:17:51 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/05/13 16:17:51 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/05/13 16:17:51 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/05/13 16:17:51 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/05/13 16:17:51 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/05/13 16:17:50 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/05/13 16:17:50 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/05/13 16:17:50 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/05/13 16:17:50 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/05/13 16:17:50 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/05/13 16:17:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/05/13 16:17:49 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/05/13 16:17:49 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/05/13 16:17:48 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/05/13 16:17:48 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/05/13 16:17:48 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/05/13 16:17:48 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/05/13 16:17:48 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/05/13 16:17:48 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/05/13 16:17:47 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/05/13 16:17:47 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/05/13 16:17:42 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/05/13 16:17:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/05/13 16:17:40 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/05/13 16:17:40 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/05/13 16:17:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/05/13 16:17:39 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/05/13 16:17:38 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/05/13 16:17:38 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/05/13 16:17:37 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/05/13 16:17:37 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/05/13 16:17:37 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/05/13 16:17:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/05/13 16:17:37 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/05/13 16:17:31 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/05/13 16:17:29 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/05/13 16:17:28 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/05/13 16:17:28 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/05/13 16:17:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/05/13 16:17:27 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/05/13 16:17:27 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/05/13 16:17:27 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/05/13 16:17:26 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/05/13 16:17:25 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/05/13 16:17:25 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/05/13 16:17:25 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/05/13 16:17:22 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/05/13 16:17:22 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/05/13 16:17:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/05/13 16:17:21 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/05/13 16:17:21 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/05/13 16:17:21 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/05/13 16:17:17 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/05/13 16:17:17 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/05/13 16:17:17 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/05/13 16:17:17 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/05/13 16:17:17 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/05/13 16:17:17 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/05/13 16:17:16 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/05/13 16:17:16 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/05/13 16:17:16 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/05/13 16:17:16 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/05/13 16:17:16 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2009/05/13 16:17:16 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/05/13 16:17:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/05/13 16:17:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/05/13 16:17:15 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/05/13 16:17:15 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/05/13 16:17:15 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/05/13 16:17:15 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/05/13 16:17:15 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/05/13 16:17:15 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/05/13 16:17:15 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/05/13 16:17:14 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/05/13 16:17:14 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/05/13 16:17:14 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/05/13 16:17:14 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/05/13 16:17:14 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/05/13 16:17:14 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/05/13 16:17:14 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/05/13 16:17:14 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/05/13 16:17:14 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/05/13 16:17:13 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/05/13 16:17:13 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/05/13 16:17:13 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/05/13 16:17:13 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/05/13 16:17:12 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/05/13 16:17:11 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/05/13 16:17:11 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/05/13 16:17:11 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/05/13 16:17:11 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/05/13 16:17:11 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/05/13 16:17:10 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/05/13 16:14:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/05/13 16:10:33 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/05/13 15:43:17 | 00,159,458 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2009/05/13 15:43:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV8801644.TMP
[2009/05/13 15:39:10 | 00,061,440 | ---- | C] (Pinnacle Systems) -- C:\WINDOWS\System32\pclepim1.dll
[2009/05/13 15:39:10 | 00,046,592 | ---- | C] (Pinnacle Systems) -- C:\WINDOWS\System32\vdrcodec.dll
[2009/05/13 15:32:53 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/05/13 15:32:36 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/05/13 15:32:36 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/05/13 15:32:36 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/05/13 15:32:36 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/05/13 15:32:22 | 01,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2009/05/13 15:32:22 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/13 15:32:22 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/05/13 15:32:22 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/05/13 15:32:22 | 00,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/05/13 15:32:22 | 00,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/05/13 15:32:22 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/05/13 15:32:22 | 00,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/05/13 15:32:22 | 00,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/05/13 15:32:22 | 00,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/05/13 15:32:22 | 00,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/05/13 15:32:22 | 00,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/05/13 15:32:22 | 00,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/05/13 15:32:22 | 00,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/05/13 15:32:22 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/05/13 15:32:22 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/05/13 15:32:22 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/05/13 15:32:21 | 02,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/05/13 15:32:21 | 00,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/05/13 13:18:38 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/05/13 02:02:09 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/11 11:54:52 | 00,010,102 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2009/05/11 07:34:46 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/10 21:52:57 | 00,000,211 | -HS- | C] () -- C:\Boot.bak
[2009/05/10 21:52:54 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/10 21:52:52 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/10 21:51:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/10 21:51:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/10 21:51:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/10 21:51:10 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/10 21:51:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/10 21:51:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/10 21:51:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/10 21:51:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/10 21:51:05 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/10 21:46:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/10 21:45:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/09 18:40:09 | 00,103,872 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2009/05/08 21:18:17 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/08 10:14:42 | 00,119,708 | ---- | C] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090508_101440.reg
[2009/05/08 07:20:52 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\lds.exe
[2009/05/07 19:56:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Application Data\r2 Studios
[2009/05/07 19:56:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2009/05/07 19:56:08 | 00,000,000 | ---D | C] -- C:\Program Files\r2 Studios
[2009/05/06 10:53:00 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
[2009/05/05 23:21:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Application Data\Download Manager
[2009/05/05 21:21:58 | 00,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/05 20:02:11 | 00,013,042 | ---- | C] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090505_200209.reg
[2009/05/05 12:59:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Application Data\Malwarebytes
[2009/05/05 12:59:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 12:59:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 12:59:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/05 12:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/05 11:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Update Engine
[2009/05/02 20:24:33 | 00,228,048 | ---- | C] () -- C:\Documents and Settings\Shawn\My Documents\Your Invoice at EverythingO...pdf
[2009/05/01 23:45:11 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfcfiles.dll
[2009/05/01 23:36:58 | 02,775,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2009/05/01 23:06:49 | 00,000,000 | ---D | C] -- C:\Program Files\nLite
[2009/05/01 22:47:56 | 00,000,000 | ---D | C] -- C:\bbie
[2009/05/01 22:36:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/01 21:14:31 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/05/01 21:10:31 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPCLOCK.sys
[2009/05/01 21:03:36 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/05/01 21:03:36 | 00,000,000 | ---D | C] -- C:\Drivers
[2009/04/30 21:35:00 | 00,042,911 | ---- | C] () -- C:\Documents and Settings\Shawn\My Documents\633492556345304408-cowbell.jpg
[2009/04/29 18:39:02 | 00,014,376 | ---- | C] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090429_183859.reg
[2009/04/28 09:59:23 | 00,003,176 | ---- | C] () -- C:\WINDOWS\System32\gafilter.sti
[2009/04/28 09:59:22 | 00,004,808 | ---- | C] () -- C:\WINDOWS\System32\gaeffect.sti
[2009/04/28 08:16:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/28 08:16:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/26 10:48:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/04/26 09:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Local Settings\Application Data\Walmart MP3 Music Downloads
[2009/04/26 09:51:52 | 00,000,000 | ---D | C] -- C:\Program Files\Walmart MP3 Music Downloads
[2009/04/24 22:50:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2009/04/24 22:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\Stardock
[2009/04/24 22:46:40 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/04/24 22:46:34 | 01,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2009/04/24 22:46:34 | 00,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2009/04/24 22:13:39 | 00,087,992 | ---- | C] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090424_221337.reg
[2009/04/23 21:07:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Application Data\proDAD
[2009/04/23 21:06:56 | 00,000,000 | ---D | C] -- C:\Program Files\LooksBuilderSE
[2009/04/23 21:05:43 | 00,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/04/23 21:05:43 | 00,049,152 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\CvoAPI.dll
[2009/04/23 21:05:43 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BFXSrcFilter.ax
[2009/04/23 21:05:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009/04/23 21:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\Boris FX, Inc
[2009/04/23 21:00:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle
[2009/04/23 21:00:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Local Settings\Application Data\Downloaded Installations
[2009/04/23 21:00:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2009/04/23 20:55:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2009/04/23 20:55:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Pinnacle
[2009/04/23 20:55:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Projects
[2009/04/23 20:55:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2009/04/23 20:55:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2009/04/22 09:28:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Application Data\Red Chair Software
[2009/04/22 09:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\My Documents\3dsMax
[2009/04/22 09:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\My Documents\3ds Max 2010 Tutorials
[2009/04/22 08:56:09 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/04/22 08:56:09 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/04/22 08:56:07 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/04/22 08:56:05 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/04/22 08:56:05 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/04/22 08:56:03 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/04/22 08:56:00 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/04/22 08:56:00 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/04/22 08:55:55 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/04/22 08:55:54 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/04/22 08:55:52 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/04/21 22:13:55 | 00,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2009/04/21 22:12:45 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/04/21 22:12:45 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/04/21 22:12:43 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/04/21 22:12:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/04/21 12:08:00 | 00,000,000 | ---D | C] -- C:\Program Files\caws
[2009/04/20 21:28:45 | 00,111,992 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\acaptuser32.dll
[2009/04/20 19:16:31 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/04/20 19:14:50 | 00,000,000 | ---D | C] -- C:\Program Files\Easy Icon Maker
[2009/04/19 21:25:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Desktop\Torrents
[2009/04/19 18:18:09 | 00,045,392 | ---- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2009/04/19 16:18:32 | 00,000,151 | ---- | C] () -- C:\WINDOWS\System32\dxcombin.inf
[2009/04/19 16:18:31 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\ole2.exe
[2009/04/19 16:09:55 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/04/19 16:02:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/04/19 12:07:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Application Data\Creative Home
[2009/04/19 09:36:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative Home
[2009/04/19 09:07:06 | 00,135,844 | ---- | C] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090419_090659.reg
[2009/04/19 08:54:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets & Trips 2009
[2009/04/19 00:29:18 | 00,000,000 | ---D | C] -- C:\CompChecker
[2009/04/19 00:26:43 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/04/19 00:10:44 | 00,000,000 | ---D | C] -- C:\Program Files\gBurner
[2009/04/17 14:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\My Documents\My Received Files
[2009/04/17 13:42:07 | 00,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2009/04/17 13:32:33 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.copy
[2009/04/17 13:24:33 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/04/17 13:24:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Application Data\uTorrent
[2009/04/16 22:30:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Application Data\Publish Providers
[2009/04/16 22:30:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Local Settings\Application Data\Sony
[2009/04/16 22:24:51 | 00,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2009/04/15 20:45:12 | 00,000,000 | ---D | C] -- C:\Bookmarks
[2009/04/15 15:27:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 12:43:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shawn\Local Settings\Application Data\Identities
[2009/04/15 09:38:12 | 00,000,000 | ---D | C] -- C:\Program Files\SuperNZB
[2009/04/14 21:32:13 | 00,000,000 | ---D | C] -- C:\Program Files\FLAC

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2009/05/14 12:37:33 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shawn\Desktop\OTViewIt.exe
[2009/05/14 02:00:29 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/14 02:00:04 | 00,001,768 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L09904FA00C7A47AE89BA56DB640087F8.job
[2009/05/13 19:35:14 | 00,000,124 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/05/13 18:46:01 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/13 18:46:01 | 00,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/13 18:46:01 | 00,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/13 18:42:44 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 18:41:23 | 02,571,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/13 18:41:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 18:41:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 18:29:14 | 00,000,151 | ---- | M] () -- C:\WINDOWS\System32\dxcombin.inf
[2009/05/13 18:28:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/13 16:53:00 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
[2009/05/13 16:53:00 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uxtheme.dll
[2009/05/13 16:39:42 | 00,000,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/13 16:38:02 | 00,164,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/13 16:37:44 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Shawn\My Documents\desktop.ini
[2009/05/13 16:21:11 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/05/13 16:16:48 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/05/13 16:16:45 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/13 16:16:44 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/13 16:16:44 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/13 16:16:32 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/13 16:15:11 | 00,000,592 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/13 16:13:17 | 00,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/13 16:11:21 | 00,000,282 | -HS- | M] () -- C:\boot.ini
[2009/05/13 16:10:33 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/05/13 15:32:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/13 15:32:23 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/05/13 15:32:23 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/05/13 13:06:21 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Shawn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/13 02:02:09 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/12 17:05:17 | 00,010,102 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/05/11 22:03:05 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\Shawn\Application Data\mcs.rma
[2009/05/11 22:03:05 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Shawn\Application Data\E72F05
[2009/05/11 17:48:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/10 22:04:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/05/09 18:40:09 | 00,103,872 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2009/05/08 21:44:35 | 00,000,683 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/08 10:15:22 | 00,119,708 | ---- | M] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090508_101440.reg
[2009/05/08 07:20:53 | 00,066,048 | ---- | M] () -- C:\WINDOWS\System32\lds.exe
[2009/05/07 23:30:15 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/07 22:17:11 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/05/07 21:13:10 | 00,183,032 | ---- | M] () -- C:\Documents and Settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/07 18:44:30 | 00,000,026 | ---- | M] () -- C:\WINDOWS\zip995.ini
[2009/05/07 02:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/05 20:02:15 | 00,013,042 | ---- | M] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090505_200209.reg
[2009/05/02 20:24:36 | 00,228,048 | ---- | M] () -- C:\Documents and Settings\Shawn\My Documents\Your Invoice at EverythingO...pdf
[2009/05/01 23:45:11 | 01,614,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfcfiles.dll
[2009/05/01 23:44:53 | 00,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll
[2009/05/01 23:44:53 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/05/01 23:44:53 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/05/01 23:44:53 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/05/01 23:44:53 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/05/01 23:44:53 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2009/05/01 23:44:53 | 00,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/05/01 23:44:53 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2009/05/01 23:44:53 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2009/05/01 23:44:53 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/05/01 23:44:53 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2009/05/01 23:44:53 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/05/01 23:44:53 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/05/01 23:44:53 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsapi.dll
[2009/05/01 23:44:53 | 00,052,224 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmutil.dll
[2009/05/01 23:44:53 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2009/05/01 23:44:53 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cnbjmon.dll
[2009/05/01 23:44:53 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2009/05/01 23:44:53 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2009/05/01 23:44:53 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2009/05/01 23:44:53 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2009/05/01 23:44:53 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2009/05/01 23:44:53 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pid.dll
[2009/05/01 23:44:53 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2009/05/01 23:44:53 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2009/05/01 23:44:53 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2009/05/01 23:44:53 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2009/05/01 23:44:53 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv
[2009/05/01 23:44:53 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2009/05/01 23:44:53 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/05/01 23:44:53 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hid.dll
[2009/05/01 23:44:53 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/05/01 23:44:53 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2009/05/01 23:44:53 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2009/05/01 23:44:53 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pjlmon.dll
[2009/05/01 23:44:53 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2009/05/01 23:44:53 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2009/05/01 23:44:53 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2009/05/01 23:44:53 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2009/05/01 23:44:53 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/05/01 23:44:53 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2009/05/01 23:44:53 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2009/05/01 23:44:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2009/05/01 23:44:53 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/05/01 23:43:36 | 00,323,641 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrdtea.dll
[2009/05/01 23:43:36 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys
[2009/05/01 23:43:36 | 00,157,696 | ---- | M] () -- C:\WINDOWS\System32\paqsp.dll
[2009/05/01 23:43:36 | 00,147,968 | ---- | M] (RioPort) -- C:\WINDOWS\System32\mdwmdmsp.dll
[2009/05/01 23:43:36 | 00,102,457 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrv42a.dll
[2009/05/01 23:43:36 | 00,086,073 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrfaxa.dll
[2009/05/01 23:43:36 | 00,077,891 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrmlnka.exe
[2009/05/01 23:43:36 | 00,077,890 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrdpa.dll
[2009/05/01 23:43:36 | 00,077,883 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrrtosa.dll
[2009/05/01 23:43:36 | 00,072,192 | ---- | M] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\sprio800.dll
[2009/05/01 23:43:36 | 00,070,656 | ---- | M] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\sprio600.dll
[2009/05/01 23:43:36 | 00,069,700 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrshuta.exe
[2009/05/01 23:43:36 | 00,069,699 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrcoina.dll
[2009/05/01 23:43:36 | 00,069,632 | ---- | M] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\spnike.dll
[2009/05/01 23:43:36 | 00,061,508 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrprbda.exe
[2009/05/01 23:43:36 | 00,061,500 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrcntra.dll
[2009/05/01 23:43:36 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys
[2009/05/01 23:43:36 | 00,055,296 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe
[2009/05/01 23:43:36 | 00,053,305 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrlbva.dll
[2009/05/01 23:43:36 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys
[2009/05/01 23:43:36 | 00,049,211 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrvpa.dll
[2009/05/01 23:43:36 | 00,049,211 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrsdpia.dll
[2009/05/01 23:43:36 | 00,049,209 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrv80a.dll
[2009/05/01 23:43:36 | 00,045,116 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrvoica.dll
[2009/05/01 23:43:36 | 00,041,019 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrsvpia.dll
[2009/05/01 23:43:36 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys
[2009/05/01 23:43:36 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wowfaxui.dll
[2009/05/01 23:43:36 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/05/01 23:43:36 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys
[2009/05/01 23:43:36 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys
[2009/05/01 23:43:36 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys
[2009/05/01 23:43:36 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys
[2009/05/01 23:43:36 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys
[2009/05/01 23:43:36 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\streamci.dll
[2009/05/01 23:43:36 | 00,003,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wowfax.dll
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/30 21:35:00 | 00,042,911 | ---- | M] () -- C:\Documents and Settings\Shawn\My Documents\633492556345304408-cowbell.jpg
[2009/04/29 18:39:06 | 00,014,376 | ---- | M] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090429_183859.reg
[2009/04/28 09:59:53 | 00,000,427 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2009/04/28 09:59:23 | 00,003,176 | ---- | M] () -- C:\WINDOWS\System32\gafilter.sti
[2009/04/28 09:59:22 | 00,004,808 | ---- | M] () -- C:\WINDOWS\System32\gaeffect.sti
[2009/04/24 22:13:43 | 00,087,992 | ---- | M] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090424_221337.reg
[2009/04/22 08:57:00 | 00,007,241 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2009/04/20 19:16:31 | 00,034,308 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/19 17:24:15 | 00,001,665 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090428-093923.backup
[2009/04/19 17:24:15 | 00,001,665 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090428-092055.backup
[2009/04/19 16:18:31 | 00,221,184 | ---- | M] () -- C:\WINDOWS\System32\ole2.exe
[2009/04/19 09:07:10 | 00,135,844 | ---- | M] () -- C:\Documents and Settings\Shawn\My Documents\cc_20090419_090659.reg
< End of report >


Here is the Extras.txt log:

OTViewIt Extras logfile created on: 5/14/2009 12:39:04 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Shawn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.05% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 361.95 Gb Free Space | 77.71% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 451.19 Gb Free Space | 96.87% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 102.85 Gb Free Space | 92.01% Space Free | Partition Type: NTFS
Drive F: | 1.93 Gb Total Space | 1.03 Gb Free Space | 53.50% Space Free | Partition Type: FAT
Drive G: | 114.48 Gb Total Space | 113.86 Gb Free Space | 99.45% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHAWN-DESK
Current User Name: Shawn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
"FirstRunDisabled"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2009/04/30 06:44:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2009/04/17 13:24:33 | 00,272,688 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/08/14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
[2008/09/05 20:05:40 | 00,614,400 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor
[2008/09/05 20:05:40 | 00,737,280 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager
[2008/09/05 20:05:40 | 00,323,584 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server
[2009/03/12 19:41:08 | 09,883,648 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit
[2009/03/12 17:36:24 | 00,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
[2009/03/12 17:36:08 | 10,812,928 | ---- | M] (mental images GmbH) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit
[2008/10/08 20:16:32 | 00,079,120 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager
[2008/10/08 20:46:44 | 06,268,176 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio
[2008/10/08 20:16:34 | 00,087,312 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/17 12:42:14 | 00,529,688 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}"=Zune Language Pack (FR)
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}"=Adobe Color NA Recommended Settings CS4
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}"=Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}"=Adobe Extension Manager CS4
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}"=kuler
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}"=Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}"=Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}"=Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}"=Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}"=Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}"=Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}"=AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1"=Spy Sweeper
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}"=Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 13
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}"=Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}"=Autodesk 3ds Max 2010 32-bit
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}"=MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{3294DF7D-9A5B-443E-85D3-A00486AA0A92}"=DGE-530T
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}"=PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}"=Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=JMB36X Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"=Adobe XMP Panels CS4
"{3C26E039-BE18-4B5E-A723-45390C451819}"=Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}"=Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}"=Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}"=Adobe WinSoft Linguistics Plugin
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}"=Spy Sweeper Core
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}"=Trend Micro AntiVirus
"{46D61287-50D4-46B9-B10B-B6DBCD023873}"=EASEUS Data Recovery Wizard 4.3.6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"=Adobe Service Manager Extension
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{4C643986-DE3C-4737-8472-CCEC36CCC267}"=Studio Content CD
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1"=Sothink Movie DVD Maker
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}"=WordPerfect Office X3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}"=VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}"=Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}"=AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}"=AutoCAD 2010 Language Pack - English
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}"=GoToMyPC
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{5EB90C06-964F-4195-B83E-BD7E55C88415}"=Pinnacle Video Driver
"{60A08432-00DD-0409-AC2C-143C75460878}"=Autodesk 3ds Max 2010 32-bit Components
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}"=Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}"=Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}"=Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}"=AdobeColorCommonSetCMYK
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}"=Sony Sound Forge 9.0
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}"=Trend Micro AntiVirus
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"=Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"=Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"=Suite Shared Configuration CS4
"{8912A802-1DD4-41F3-8450-B3209081BDB9}"=Sprint media manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}"=Ulead GIF Animator 5
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00D1-0409-0000-0000000FF1CE}"=Microsoft Office Access database engine 2007 (English)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}"=Adobe Linguistics CS4
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}"=Microsoft English TTS Engine
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"=Adobe CMaps CS4
"{96172E04-BB14-45F6-A77B-8EE7A421B903}"=SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}"=TTS Wrapper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}"=Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{A6264FF6-C49D-4533-AF42-4875C38BB24C}"=Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
"{AC76BA86-1033-F400-7761-000000000004}"=Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_911"=Adobe Acrobat 9.1.1 - CPSID_49013
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}"=Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}"=MSXML 6.0 Parser
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}"=DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}"=Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}"=Advertising Center
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}"=Adobe Photoshop CS4
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}"=Studio 9 Content CD/DVD
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}"=Adobe Output Module
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}"=Adobe Flash Player 9 ActiveX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}"=Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}"=Pinnacle Instant DVD Recorder
"{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}"=Hallmark Card Studio 2009 Deluxe
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}"=Adobe Default Language CS4
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}"=Microsoft Streets & Trips 2009
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}"=Adobe Photoshop Elements 7.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"=Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}"=Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}"=Pinnacle Studio 12 Ultimate Plugins
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}"=Nero 8
"{D7A6C517-11F2-419F-B5BB-27772B939698}"=NvMixer
"{E4848436-0345-47E2-B648-8B522FCDA623}"=Adobe Photoshop CS4
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}"=Autodesk 3ds Max 2010 Tutorials Files
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}"=Nero Installer
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}"=SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}"=Zune Language Pack (ES)
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"=Adobe Search for Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}"=Nero ControlCenter
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}"=Update Manager
"{F54AC413-D2C6-4A24-B324-370C223C6250}"=Adobe Photoshop Elements 6.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}"=Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}"=Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}"=Adobe Fonts All
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}"=Zune
"{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}"=Windows XP Winter Fun Pack for Windows Movie Maker 2
"344486de7ab185110bdf1c7532de8b59"=KONICA MINOLTA magicolor 2300 DL Printer Driver Software
"7-Zip"=7-Zip 4.65
"9E140F48C9836B9B78539C08FB2B17146BDB3F65"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6"=Adobe Photoshop Elements 6.0
"Adobe Photoshop Elements 7"=Adobe Photoshop Elements 7.0
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_acce07fd2c8fe7f9e3f26243e626578"=Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8"=Adobe Photoshop CS4
"AMP Font Viewer"=AMP Font Viewer
"Ant Renamer 2_is1"=Ant Renamer
"AnyDVD"=AnyDVD
"AutoCAD 2010 - English"=AutoCAD 2010 - English
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010"=Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Backup995"=Backup995
"CCleaner"=CCleaner (remove only)
"CDex"=CDex extraction audio
"CloneCD"=CloneCD
"CloneDVD2"=CloneDVD2
"CloneDVDmobile"=CloneDVDmobile
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"Complete Anonymous Web Surfing"=Complete Anonymous Web Surfing
"DVD Audio Extractor_is1"=DVD Audio Extractor 2.3.1
"Easy Icon Maker"=Easy Icon Maker
"ePad995"=ePad995
"ExpressRip"=Express Rip
"FairStars CD Ripper_is1"=FairStars CD Ripper 1.24
"FLAC"=FLAC 1.2.1b (remove only)
"Free CD Ripper_is1"=Free CD Ripper 3.1
"Free FLV Converter_is1"=Free FLV Converter V 6.23.0
"ftp995"=ftp995
"gBurner"=gBurner
"GeneLink Driver"=GeneLink Driver
"Hollywood FX 5.5 Additional Effects"=Hollywood FX 5.5 Additional Effects
"Hollywood FX Pack 26 - Extra FX"=Hollywood FX Pack 26 - Extra FX
"IconPackager"=IconPackager
"InstallShield_{3294DF7D-9A5B-443E-85D3-A00486AA0A92}"=DGE-530T
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}"=SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Karen's Directory Printer"=Karen's Directory Printer
"Magic Bullet Looks Studio"=Magic Bullet Looks Studio
"magicolor 2300 DL"=magicolor 2300 DL
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MediaMonkey_is1"=MediaMonkey 3.0
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)"=Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.19)"=Mozilla Thunderbird (2.0.0.19)
"nLite_is1"=nLite 1.4.9.1
"NVIDIA Drivers"=NVIDIA Drivers
"OfficeKB"=Media & Office Keyboard
"OmniFormat"=OmniFormat
"Pdf995"=Pdf995
"PdfEdit995"=PdfEdit995
"PeerGuardian_is1"=PeerGuardian 2.0
"PhotoEdit995"=PhotoEdit995
"Pinnacle Studio AV/DV"=Pinnacle Studio AV/DV
"Pinnacle Studio DC10plus"=Pinnacle Studio DC10plus
"Pinnacle Studio LINX"=Pinnacle Studio LINX
"proDAD-Heroglyph-1.0"=proDAD Heroglyph 1.0
"proDAD-Vitascene-1.0"=proDAD Vitascene 1.0
"PROR"=Microsoft Office Professional 2007
"RealPlayer 6.0"=RealPlayer
"Rhapsody"=Rhapsody
"SearchWithin"=SearchWithin
"Seven Remix XP"=Seven Remix XP 1.0.1
"ShapeCollage"=Shape Collage
"Signature995"=Signature995
"SoundTaxi_is1"=SoundTaxi 3.6.1
"Startup Delayer"=Startup Delayer v2.5 (build 138)
"SuperNZB_is1"=SuperNZB v3.2.1
"Tweak UI 2.10"=Tweak UI
"UltraPdf"=UltraPdf
"VLC media player"=VideoLAN VLC media player 0.8.6f
"Walmart MP3 Music Downloads"=Walmart MP3 Music Downloads
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WordBrowser995"=WordBrowser995
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger
"Zip995"=Zip995
"Zune"=Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-1770027372-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2009 11:22:23 AM | Computer Name = SHAWN-DESK | Source = ESENT | ID = 489
Description = wuauclt (5828) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/13/2009 11:22:23 AM | Computer Name = SHAWN-DESK | Source = ESENT | ID = 455
Description = wuaueng.dll (5828) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/13/2009 1:55:34 PM | Computer Name = SHAWN-DESK | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 1:55:57 PM | Computer Name = SHAWN-DESK | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 1:56:29 PM | Computer Name = SHAWN-DESK | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 2:00:13 PM | Computer Name = SHAWN-DESK | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 2:02:25 PM | Computer Name = SHAWN-DESK | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 2:02:58 PM | Computer Name = SHAWN-DESK | Source = Application Hang | ID = 1002
Description = Hanging application CloneDVD2.exe, version 2.9.2.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 2:06:47 PM | Computer Name = SHAWN-DESK | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 5:40:54 PM | Computer Name = SHAWN-DESK | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 5/13/2009 7:41:41 PM | Computer Name = SHAWN-DESK | Source = LStone | ID = 458753
Description = device not found - 0x0001.

Error - 5/13/2009 7:41:41 PM | Computer Name = SHAWN-DESK | Source = LStone | ID = 458753
Description = device not found - 0x0001.

Error - 5/13/2009 7:41:41 PM | Computer Name = SHAWN-DESK | Source = LStone | ID = 458753
Description = device not found - 0x0001.

Error - 5/13/2009 7:42:26 PM | Computer Name = SHAWN-DESK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Adobe Active File Monitor
V6 service to connect.

Error - 5/13/2009 7:42:26 PM | Computer Name = SHAWN-DESK | Source = Service Control Manager | ID = 7000
Description = The Adobe Active File Monitor V6 service failed to start due to the
following error: %%1053

Error - 5/13/2009 7:42:26 PM | Computer Name = SHAWN-DESK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Adobe Active File Monitor
V7 service to connect.

Error - 5/13/2009 7:42:26 PM | Computer Name = SHAWN-DESK | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/13/2009 7:42:31 PM | Computer Name = SHAWN-DESK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
LStone

Error - 5/14/2009 1:10:06 AM | Computer Name = SHAWN-DESK | Source = Print | ID = 22
Description = Failed to ugrade printer settings for printer \\SHAWN-DESK\Adobe PDF,0,LocalOnly
driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PS5UI.DLL error 1801.

Error - 5/14/2009 1:10:06 AM | Computer Name = SHAWN-DESK | Source = Print | ID = 22
Description = Failed to ugrade printer settings for printer Adobe PDF,0 driver Adobe
PDF Converter error 1801.


< End of report >


Thanks!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 15 May 2009 - 02:25 PM

Okay, your logs are clean. Good stuff! :thumbup2:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Here's a list of ways you can avoid problems in the future:


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

That's it swake13, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#9 swake13

swake13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 15 May 2009 - 02:41 PM

THANK YOU! THANK YOU! THANK YOU!

I'll follow your other directions about Java....thanks again!

swake13 :thumbup2:

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 15 May 2009 - 02:57 PM

You're welcome swake13.

The reinstall helped but make sure you update Java because that's a massive vulnerability for Vundo to exploit.

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 swake13

swake13
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 15 May 2009 - 03:10 PM

Just finished the update...thanks! :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users