Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware doctor, googleredirect, locked task manager


  • This topic is locked This topic is locked
16 replies to this topic

#1 Jdel

Jdel

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 20 May 2009 - 11:24 AM

Hi there, what once was just a browser-redirect a few weeks ago is getting more and more pervasive. malware doctor keeps popping up and malware bytes doesn't get rid of it. my task manager gets locked seemingly at random, and a random program boots up on restart and uses 100% of my cpu until I can cancel the processes if I can get into my task manager. here's my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:50 PM, on 5/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.geneseo.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56BB6D01-7BD5-4458-A4AE-F03DF643D6EE} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\AresUltra.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\466020000.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\466020000.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: Civilization Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshEvtSvc - Unknown owner - C:\WINDOWS\System32\AshEvtSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9860 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 21 May 2009 - 09:28 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Jdel

Jdel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 21 May 2009 - 12:46 PM

Thanks so much for the help! here's the OTListit Log:

OTListIt logfile created on: 5/21/2009 1:35:16 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.95 Gb Total Space | 18.68 Gb Free Space | 26.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELBELSO
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2004/08/04 08:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/25 02:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2004/04/11 12:43:44 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2003/09/17 11:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2004/04/11 21:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/03/15 02:04:00 | 00,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2003/08/06 17:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
PRC - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2008/10/07 14:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - File not found -- \?\globalroot\C:\WINDOWS\system32\rundll32.exe
PRC - [2009/05/07 14:33:21 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/07 14:33:21 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/07 14:33:21 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2004/08/10 11:37:28 | 00,061,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/05/07 14:33:21 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/07 14:33:21 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/21 13:34:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2003/08/06 17:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2005/03/30 17:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [On_Demand | Stopped])
SRV - [2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/10/07 14:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2008/12/25 15:22:42 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Stopped])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 08:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 02:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/03/21 21:48:30 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/04 08:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2005/01/10 18:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2004/08/22 17:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running])
DRV - [2004/08/22 17:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/06/16 15:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys -- (DcCam [System | Running])
DRV - [2005/03/31 08:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
DRV - [2005/03/31 08:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\dcfs2k.sys -- (DCFS2K [Auto | Running])
DRV - [2005/03/31 08:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys -- (DcLps [On_Demand | Stopped])
DRV - [2005/03/31 08:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys -- (DcPTP [On_Demand | Stopped])
DRV - [2004/02/13 04:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/02/27 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2003/03/04 13:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/03/31 09:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\exportit.sys -- (Exportit [System | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/02/10 13:17:06 | 00,681,469 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2005/05/20 16:00:36 | 00,013,056 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2005/05/20 16:01:32 | 00,025,600 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2005/05/20 16:01:00 | 00,036,480 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Running])
DRV - [2005/05/20 16:01:26 | 00,068,352 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2004/08/04 08:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/22 12:34:51 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2008/10/07 14:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2005/01/10 18:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2007/06/15 10:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/06 12:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/03/03 13:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/02/23 11:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 06:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2004/08/04 02:07:42 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2004/01/14 20:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/01/14 20:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2004/08/04 08:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/03/15 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2004/08/04 08:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004/08/04 02:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/01/10 18:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.geneseo.edu/
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "webmail.geneseo.edu"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {338101C0-2EEA-4865-8967-8A493C4611C6}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/15 21:29:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/15 21:29:05 | 00,000,000 | ---D | M]

[2009/04/06 01:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mozilla\Extensions
[2009/04/06 01:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/15 21:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mozilla\Firefox\Profiles\39r7dodh.default\extensions
[2008/05/18 19:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mozilla\Firefox\Profiles\39r7dodh.default\extensions\moveplayer@movenetworks.com
[2009/05/15 21:23:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 14:13:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{338101C0-2EEA-4865-8967-8A493C4611C6}
[2009/04/06 01:39:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/23 12:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/05/02 19:03:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/02 19:03:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/02 19:04:10 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/02 19:04:10 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/02 19:04:10 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/02 19:04:10 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/02 19:04:10 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 22:41:48 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/05/02 19:04:10 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/02 19:04:10 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305250 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10535 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper File not found
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\.DEFAULT..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 ( )
O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\466020000.exe ()
O4 - HKU\.DEFAULT..\Run: [SYS32DLL] SYS32DLL File not found
O4 - HKU\S-1-5-18..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 ( )
O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\466020000.exe ()
O4 - HKU\S-1-5-18..\Run: [SYS32DLL] SYS32DLL File not found
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [ares ultra] "C:\Program Files\Ares Ultra\AresUltra.exe" -h File not found
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [autochk] rundll32.exe C:\DOCUME~1\Jim\protect.dll,_IWMPEvents@16 ( )
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" File not found
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent File not found
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [Google Update] "C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (Microsoft Corp.)
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll ( )
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Civilization Registration.lnk = D:\ATR1.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\system32\zwebauth.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 13:58:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/21 13:34:36 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[14 C:\Documents and Settings\Jim\My Documents\*.tmp files]
[2009/05/21 13:34:32 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTListIt2.exe
[2009/05/20 23:13:20 | 00,023,552 | -HS- | C] ( ) -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/20 23:13:20 | 00,000,645 | -HS- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/20 23:13:15 | 00,023,552 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/20 23:13:14 | 00,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/20 22:56:32 | 00,689,873 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\r8gameminorversiongamemajorversiongameversion137.83535_041609_180238matchna.rec
[2009/05/19 20:52:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/19 20:20:20 | 00,675,187 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\2p_semois20090516015851.rec
[2009/05/19 18:00:04 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume4.doc
[2009/05/19 17:46:31 | 32,202,30144 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/19 17:15:11 | 00,001,954 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
[2009/05/19 17:15:11 | 00,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/05/19 17:15:11 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
[2009/05/19 17:15:11 | 00,000,514 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Civilization Registration.lnk
[2009/05/19 16:51:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/19 15:54:30 | 00,023,040 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwizi.exe
[2009/05/19 15:54:17 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2009/05/19 15:54:17 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup.exe
[2009/05/18 15:17:39 | 00,055,808 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\201syl_ver.doc
[2009/05/16 08:46:11 | 36,760,9856 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\ Battlestar Galactica 3x10 The Passage(2).avi
[2009/05/15 14:28:21 | 18,701,5936 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Stimvision05-09-09Postrevl.wmv.asx
[2009/05/15 14:05:22 | 10,594,6779 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Stimvision05-09-09.wmv.asx
[2009/05/15 07:28:57 | 00,000,190 | ---- | C] () -- C:\43214354.bat
[2009/05/14 10:33:34 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/14 10:11:13 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\JImISSjobresume.doc
[2009/05/14 10:10:57 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume.doc
[2009/05/13 18:30:45 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\hist391outline.doc
[2009/05/13 18:30:36 | 00,071,680 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\hist391finalfinal.doc
[2009/05/13 16:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/05/13 16:53:53 | 07,029,480 | ---- | C] () -- C:\WINDOWS\System32\8241_1.exe
[2009/05/13 00:15:08 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jim\Desktop\~$st391paperfinal2.doc
[2009/05/12 21:23:13 | 00,000,852 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\FrostWire 4.18.0.lnk
[2009/05/12 21:21:50 | 07,366,832 | ---- | C] (FrostWire, LLC) -- C:\Documents and Settings\Jim\Desktop\frostwire-4.18.0.windows.exe
[2009/05/11 09:49:15 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\hist391paperrevised.doc
[2009/05/10 20:03:30 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\span201-04 Spring2009.doc
[2009/05/10 09:07:05 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jim\My Documents\~$1outline.doc
[2009/05/09 19:17:42 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/05/09 16:04:03 | 01,557,461 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\_2.502_MorellooMix.rar
[2009/05/09 00:33:58 | 00,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/05/09 00:33:58 | 00,114,688 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/05/09 00:02:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/08 23:58:42 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/05/08 23:58:42 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/05/08 23:58:41 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/05/08 23:58:41 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/05/08 23:58:41 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/05/08 23:58:40 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/05/08 23:58:40 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/05/08 23:58:40 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/05/08 23:58:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/05/08 23:58:40 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/05/08 23:58:36 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/05/08 23:58:35 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/05/08 23:58:34 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/05/08 23:58:34 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/05/08 23:58:33 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/05/08 23:58:33 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/05/08 23:58:33 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/05/08 23:58:33 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/05/08 23:58:32 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/05/08 23:58:32 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/05/08 23:58:32 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/05/08 23:58:30 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/05/08 23:58:30 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/05/08 23:58:29 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/05/08 23:58:29 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/05/08 23:58:28 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/05/08 23:58:26 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/05/08 23:58:26 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/05/08 23:58:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/05/08 23:58:26 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/05/08 23:58:26 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/05/08 23:58:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/05/08 23:58:25 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/05/08 23:58:25 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/05/08 23:58:25 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/05/08 23:58:25 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/05/08 23:58:25 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/05/08 23:58:24 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/05/08 23:58:24 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/05/08 23:58:24 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/05/08 23:58:24 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/05/08 23:58:24 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/05/08 23:58:24 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/05/08 23:58:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/05/08 23:58:24 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2009/05/08 23:58:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/05/08 23:58:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/05/08 23:58:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/05/08 23:58:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/05/08 23:58:23 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/05/08 23:58:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/05/08 23:58:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/05/08 23:58:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/05/08 23:58:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/05/08 23:58:23 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/05/08 23:58:21 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/05/08 23:58:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/05/08 23:58:17 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2009/05/08 23:58:17 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/05/08 23:58:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/05/08 23:58:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2009/05/08 23:58:15 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/05/08 23:58:15 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/05/08 23:58:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/05/08 23:58:14 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/05/08 23:58:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/05/08 23:58:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/05/08 23:58:11 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/05/08 23:58:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/05/08 23:58:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/05/08 23:58:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/05/08 23:58:09 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/05/08 23:58:09 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/05/08 23:58:09 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/05/08 23:58:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/05/08 23:58:08 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/05/08 23:58:08 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/05/08 23:58:08 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/05/08 23:58:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/05/08 23:58:03 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/05/08 23:58:02 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/05/08 23:58:01 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/05/08 23:57:58 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/05/08 23:57:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/05/08 23:57:45 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/05/08 23:57:45 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/05/08 23:57:45 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/05/08 23:57:45 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/05/08 23:57:44 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/05/08 23:57:43 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/05/08 23:57:43 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/05/08 23:57:43 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/05/08 23:57:43 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/05/08 23:57:42 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/05/08 23:57:42 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/05/08 23:57:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/05/08 23:57:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/05/08 23:57:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/05/08 23:57:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/05/08 23:57:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/05/08 23:57:38 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/05/08 23:57:38 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/05/08 23:57:38 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/05/08 23:57:37 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/05/08 23:57:37 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/05/08 23:57:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/05/08 23:57:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/05/08 23:57:36 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/05/08 23:57:35 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/05/08 23:57:35 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/05/08 23:57:34 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/05/08 23:57:34 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/05/08 23:57:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/05/08 23:57:32 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/05/08 23:57:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/05/08 23:57:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/05/08 23:57:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/05/08 23:57:32 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/05/08 23:57:31 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/05/08 23:57:31 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/05/08 23:57:24 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/05/08 23:57:24 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/05/08 23:57:24 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/05/08 23:57:23 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/05/08 23:57:22 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/05/08 23:57:21 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/05/08 23:57:19 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/05/08 23:57:19 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/05/08 23:57:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/05/08 23:57:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/05/08 23:57:18 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/05/08 23:57:18 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/05/08 23:57:18 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/05/08 23:57:17 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/05/08 23:57:16 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/05/08 23:57:16 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/05/08 23:57:16 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/05/08 23:57:16 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/05/08 23:57:16 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/05/08 23:57:15 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/05/08 23:57:15 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/05/08 23:57:15 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/05/08 23:57:06 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/05/08 23:57:04 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/05/08 23:57:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/05/08 23:57:03 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/05/08 23:57:03 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/05/08 23:57:03 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/05/08 23:57:01 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/05/08 23:57:01 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/05/08 23:57:01 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/05/08 23:57:01 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/05/08 23:57:00 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/05/08 23:57:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/05/08 23:56:58 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/05/08 23:56:58 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/05/08 23:56:58 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/05/08 23:56:58 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/05/08 23:56:57 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/05/08 23:56:57 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/05/08 23:56:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/05/08 23:56:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/05/08 23:56:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/05/08 23:56:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/05/08 23:56:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/05/08 23:56:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/05/08 23:56:53 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/05/08 23:56:53 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/05/08 23:56:53 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/05/08 23:56:53 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/05/08 23:56:53 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/05/08 23:56:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/05/08 23:56:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/05/08 23:56:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/05/08 23:56:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/05/08 23:56:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/05/08 23:56:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/05/08 23:56:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/05/08 23:56:47 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/05/08 23:56:47 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/05/08 23:56:46 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/05/08 23:56:46 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/05/08 23:56:46 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/05/08 23:56:46 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/05/08 23:56:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/05/08 23:56:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/05/08 23:56:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/05/08 23:56:43 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/05/08 23:56:43 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/05/08 23:56:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/05/08 23:56:38 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/05/08 23:56:37 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/05/08 23:56:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/05/08 23:56:37 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/05/08 23:56:36 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2009/05/08 23:56:36 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/05/08 23:56:36 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/05/08 23:56:29 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/05/08 23:56:29 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/05/08 23:56:29 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/05/08 23:56:29 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/05/08 23:56:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/05/08 23:56:28 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/05/08 23:56:28 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/05/08 23:56:28 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/05/08 23:56:28 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/05/08 23:56:28 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/05/08 23:56:28 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2009/05/08 23:56:28 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/05/08 23:56:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/05/08 23:56:27 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/05/08 23:56:27 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/05/08 23:56:27 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/05/08 23:56:27 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/05/08 23:56:26 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/05/08 23:56:26 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/05/08 23:56:26 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/05/08 23:56:26 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/05/08 23:56:26 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/05/08 23:56:26 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/05/08 23:56:26 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/05/08 23:56:26 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/05/08 23:56:25 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/05/08 23:56:25 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/05/08 23:56:25 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/05/08 23:56:25 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/05/08 23:56:25 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/05/08 23:56:24 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/05/08 23:56:24 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/05/08 23:56:24 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/05/08 23:56:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/05/08 23:56:23 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/05/08 23:56:23 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/05/08 23:56:23 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/05/08 23:56:22 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/05/08 23:56:22 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/05/08 23:56:22 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/05/08 23:56:21 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/05/08 23:54:23 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/08 23:54:02 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/05/08 23:52:40 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/05/08 23:51:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/05/08 23:48:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV8201712.TMP
[2009/05/08 23:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/05/08 23:37:54 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/05/08 23:37:54 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/05/08 23:37:54 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/05/08 23:37:54 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/05/08 23:37:38 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/05/08 23:37:38 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/05/08 23:37:38 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/05/08 23:37:38 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/05/08 23:37:38 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/05/08 23:37:38 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/05/08 23:37:38 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/05/08 23:37:38 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/05/08 23:37:38 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/05/08 23:37:38 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/05/08 23:37:38 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/05/08 23:37:38 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/05/08 23:37:38 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/05/08 23:37:38 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/05/08 23:37:38 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/05/08 23:37:38 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/05/08 23:37:38 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/05/08 23:37:37 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/05/08 23:37:37 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/05/08 23:37:37 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/05/08 19:25:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/05/08 19:25:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/05/08 12:49:10 | 01,316,720 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\hobbits.JPG
[2009/05/07 07:01:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Downloads
[2009/05/07 06:07:10 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\Resumewegmans.doc
[2009/05/07 05:29:27 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/07 05:29:16 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\RSIT.exe
[2009/05/07 04:39:56 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/07 04:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/07 04:36:08 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\HijackThis.lnk
[2009/05/07 04:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/07 03:19:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/05/06 21:59:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/06 18:53:13 | 00,000,000 | ---D | C] -- C:\Ave
[2009/05/06 18:19:42 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Jim\Desktop\spybotsd162.exe
[2009/05/04 21:59:21 | 36,760,5760 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\ Battlestar Galactica 3x08 Hero.avi
[2009/05/01 16:49:56 | 00,001,564 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Diablo II - Lord of Destruction.lnk
[2009/05/01 16:39:57 | 00,035,468 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2009/05/01 16:39:55 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2009/05/01 16:39:55 | 00,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2009/04/30 12:00:10 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\GPS Studies of the Caribbean.doc
[2009/04/30 00:13:43 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jim\Desktop\~$omorph outline scarps.doc
[2009/04/29 22:41:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/29 22:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/04/29 18:59:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Malwarebytes
[2009/04/29 18:59:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/29 18:59:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 18:59:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/29 18:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 18:59:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/29 18:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/29 18:44:06 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/04/29 17:32:41 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\For my paper I was interested in researching the early Christian missions to the Indians.doc
[2009/04/29 16:04:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/29 14:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\My eBooks
[2009/04/28 04:52:22 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\hist391paperfinal.doc
[2009/04/27 17:13:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\vlc
[2009/04/25 07:30:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\FrostWire
[2009/04/25 07:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\filelib
[2009/04/21 17:00:44 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\ISSjobresume.doc
[2008/12/29 18:21:38 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/28 14:06:42 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/12/25 16:21:41 | 00,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/26 22:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/09/18 14:08:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/06/29 00:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 00:43:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 00:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 00:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 00:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/07 15:37:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/19 01:41:45 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/19 01:41:45 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/19 01:41:45 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/05/19 01:39:06 | 00,000,287 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/03/23 17:52:39 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/06/14 18:55:23 | 00,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/06/14 18:55:20 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2005/06/14 18:55:20 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\Fpxlib.dll
[2005/06/14 18:55:20 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\Jpeglib.dll
[2005/06/14 18:55:20 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/12/15 21:08:22 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2004/12/15 21:08:22 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2004/10/26 18:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/25 15:17:18 | 00,000,440 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/10/17 16:35:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/13 23:08:08 | 00,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/08/31 23:47:31 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/30 18:04:22 | 00,004,910 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/08/22 18:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/22 12:37:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/22 12:26:36 | 00,000,585 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/22 12:25:19 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/08/22 12:25:12 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/08/22 12:25:12 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/22 12:25:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2004/08/22 12:25:12 | 00,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/08/22 12:25:12 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/22 12:25:05 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/22 11:52:04 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 20:56:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/26 17:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 14:21:34 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 13:58:32 | 00,000,792 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/03/20 13:50:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/03/19 18:37:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/02/10 15:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 15:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2000/09/08 18:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[14 C:\Documents and Settings\Jim\My Documents\*.tmp files]
[2009/05/21 13:34:44 | 00,023,552 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/21 13:34:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTListIt2.exe
[2009/05/21 09:59:33 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2577716201-3331332355-4213860654-1006.job
[2009/05/21 07:13:15 | 00,028,672 | ---- | M] ( ) -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/21 04:39:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/20 23:13:20 | 00,023,552 | -HS- | M] ( ) -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/20 23:13:20 | 00,000,645 | -HS- | M] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/20 22:58:26 | 00,193,109 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/20 22:58:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\DESKTOP.INI
[2009/05/20 22:58:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/20 22:58:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/20 22:58:11 | 32,202,30144 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/20 22:56:38 | 00,689,873 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\r8gameminorversiongamemajorversiongameversion137.83535_041609_180238matchna.rec
[2009/05/19 20:20:22 | 00,675,187 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\2p_semois20090516015851.rec
[2009/05/19 18:00:04 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume4.doc
[2009/05/19 17:15:10 | 00,000,792 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/19 17:15:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/05/19 17:15:10 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/05/18 15:17:40 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\201syl_ver.doc
[2009/05/18 15:01:27 | 00,002,300 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/16 09:35:07 | 00,002,228 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Google Chrome.lnk
[2009/05/16 09:06:39 | 36,760,9856 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\ Battlestar Galactica 3x10 The Passage(2).avi
[2009/05/15 14:35:20 | 18,701,5936 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Stimvision05-09-09Postrevl.wmv.asx
[2009/05/15 14:08:02 | 10,594,6779 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Stimvision05-09-09.wmv.asx
[2009/05/15 07:28:57 | 00,000,190 | ---- | M] () -- C:\43214354.bat
[2009/05/14 10:37:36 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/14 10:11:13 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\JImISSjobresume.doc
[2009/05/14 10:10:58 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume.doc
[2009/05/13 18:32:21 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\hist391finalfinal.doc
[2009/05/13 18:30:46 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\hist391outline.doc
[2009/05/13 16:54:09 | 07,029,480 | ---- | M] () -- C:\WINDOWS\System32\8241_1.exe
[2009/05/13 01:12:11 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\391outline.doc
[2009/05/13 00:15:08 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\~$st391paperfinal2.doc
[2009/05/12 21:23:13 | 00,000,852 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\FrostWire 4.18.0.lnk
[2009/05/12 21:22:12 | 07,366,832 | ---- | M] (FrostWire, LLC) -- C:\Documents and Settings\Jim\Desktop\frostwire-4.18.0.windows.exe
[2009/05/12 04:15:48 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\hist391paperfinal.doc
[2009/05/11 09:55:17 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\hist391paperrevised.doc
[2009/05/10 20:03:30 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\span201-04 Spring2009.doc
[2009/05/10 09:07:05 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jim\My Documents\~$1outline.doc
[2009/05/09 16:04:06 | 01,557,461 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\_2.502_MorellooMix.rar
[2009/05/09 00:39:10 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/05/09 00:39:10 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/05/09 00:33:58 | 00,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/05/09 00:33:58 | 00,114,688 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/05/09 00:04:34 | 00,520,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/09 00:04:34 | 00,439,136 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/09 00:04:34 | 00,071,636 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/09 00:01:56 | 00,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/09 00:01:10 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/05/08 23:55:46 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
[2009/05/08 23:55:42 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/08 23:55:41 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/08 23:55:41 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/08 23:55:26 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/08 23:54:23 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/05/08 23:54:23 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/05/08 23:52:51 | 00,023,444 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/08 23:52:05 | 00,000,535 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2009/05/08 23:37:40 | 00,000,131 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\DESKTOP.INI
[2009/05/08 23:37:40 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2009/05/08 12:49:11 | 01,316,720 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\hobbits.JPG
[2009/05/07 06:55:13 | 00,000,585 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/07 06:07:11 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\Resumewegmans.doc
[2009/05/07 05:29:17 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\RSIT.exe
[2009/05/07 04:40:08 | 00,632,818 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/05/07 04:36:08 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\HijackThis.lnk
[2009/05/07 03:21:05 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/06 18:48:50 | 00,305,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/05/06 18:31:11 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Spybot - Search & Destroy.lnk
[2009/05/06 18:20:22 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Jim\Desktop\spybotsd162.exe
[2009/05/04 22:49:47 | 36,760,5760 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\ Battlestar Galactica 3x08 Hero.avi
[2009/05/03 21:58:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20090506-184850.backup
[2009/05/01 17:17:47 | 00,035,468 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2009/05/01 17:16:56 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/05/01 17:16:56 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/05/01 17:16:56 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/05/01 16:49:56 | 00,001,564 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Diablo II - Lord of Destruction.lnk
[2009/05/01 16:39:55 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2009/05/01 16:39:55 | 00,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2009/04/30 12:00:10 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\GPS Studies of the Caribbean.doc
[2009/04/30 00:13:43 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\~$omorph outline scarps.doc
[2009/04/29 19:49:58 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\forusiju
[2009/04/29 18:59:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 17:32:42 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\For my paper I was interested in researching the early Christian missions to the Indians.doc
[2009/04/29 14:18:20 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\sufuziwu.exe
[2009/04/25 07:24:58 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/21 17:47:35 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\ISSjobresume.doc
< End of report >


And here is the GMER log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-21 13:41:31
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 8A49C8C8 ZwEnumerateKey
Code 8A49CAA0 ZwFlushInstructionCache
Code 8A458A76 IofCallDriver
Code 8A458BAE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E3D45 5 Bytes JMP 8A458A7B
.text ntoskrnl.exe!IofCompleteRequest 804E418A 5 Bytes JMP 8A458BB3
PAGE ntoskrnl.exe!ZwEnumerateKey 8056F76A 5 Bytes JMP 8A49C8CC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 805769AB 5 Bytes JMP 8A49CAA4
? jpwugmx.sys The system cannot find the file specified. !
? iuuxtoic.sys The system cannot find the file specified. !
? aliewc.sys The system cannot find the file specified. !
? oauva.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [25, 00, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [25]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [25, 03, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [65, 00, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A5, 01, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes [E5, 01, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A5, 02, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [65, 01, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [65, 02, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes [E5, 02, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A5, 00, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes [E5, 00, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [25, 01, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [25, 02, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [65]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [65, 03, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [25, 00, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [25]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [25, 03, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [65, 00, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A5, 01, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes [E5, 01, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A5, 02, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [65, 01, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [65, 02, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes [E5, 02, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A5, 00, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes [E5, 00, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [25, 01, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [25, 02, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [65]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [65, 03, 16, 00]
.text C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8ACA50B8
Device \FileSystem\Fastfat \FatCdrom 8A989E38
Device \Driver\Cdrom \Device\CdRom0 8A97A858
Device \FileSystem\Rdbss \Device\FsWrap 8A787210
Device \Driver\Cdrom \Device\CdRom1 8A97A858
Device \Driver\atapi \Device\Ide\IdePort0 8A951B80
Device \Driver\atapi \Device\Ide\IdePort1 8A951B80
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A951B80
Device \FileSystem\Srv \Device\LanmanServer 8A74F8E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A73ED08
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A73ED08
Device \FileSystem\Npfs \Device\NamedPipe 8A724A78
Device \FileSystem\Msfs \Device\Mailslot 8A70D0F0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 8A97B008
Device \Driver\d347prt \Device\Scsi\d347prt1 8A97B008
Device \FileSystem\Fastfat \Fat 8A989E38
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A730208
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A730208
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A730208
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A730208
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A730208
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 8A768620
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module _________ F7456000-F746E000 (98304 bytes)

---- EOF - GMER 1.0.15 ----


I've been running Malwarebytes religiously, and I think I've gotten rid of Malware Doctor, and I can use my task manager normally. but I still get odd processes popping up on system restart using a lot of system resources, and MWB's keeps finding infected keys and files it can't seem to get rid of. Again, thank you so much for helping me out!

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 21 May 2009 - 12:56 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
    O4 - HKU\.DEFAULT..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 ( )
    O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\466020000.exe ()
    O4 - HKU\.DEFAULT..\Run: [SYS32DLL] SYS32DLL File not found
    O4 - HKU\S-1-5-18..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 ( )
    O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\466020000.exe ()
    O4 - HKU\S-1-5-18..\Run: [SYS32DLL] SYS32DLL File not found
    O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [ares ultra] "C:\Program Files\Ares Ultra\AresUltra.exe" -h File not found
    O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [autochk] rundll32.exe C:\DOCUME~1\Jim\protect.dll,_IWMPEvents@16 ( )
    O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" File not found
    O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent File not found
    O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll ( )
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    
    
    :Files
    C:\windows\system32\drivers\TDSS*.*
    C:\windows\system32\TDSS*.*
    C:\windows\system32\drivers\UACd*.*
    C:\windows\system32\UACd*.*
    C:\windows\system32\drivers\gaopdx*.*
    C:\windows\system32\gaopdx*.*
    C:\windows\system32\drivers\ovfsthx*.*
    C:\windows\system32\ovfsthx*.*
    C:\WINDOWS\Tasks\At*.job
    C:\WINDOWS\System32\*.tmp 
    C:\WINDOWS\*.tmp 
    C:\Documents and Settings\Jim\My Documents\*.tmp
    C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll
    C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk
    C:\WINDOWS\System32\autochk.dll
    C:\WINDOWS\System32\lmn_setup.exe
    C:\WINDOWS\System32\sufuziwu.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

=================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Jdel

Jdel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 21 May 2009 - 02:01 PM

Ok, ran the code, here's the output:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autochk deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\autochk.DLL
C:\WINDOWS\system32\autochk.DLL NOT unregistered.
C:\WINDOWS\system32\autochk.DLL moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\autochk deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\protect.dll
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\protect.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\protect.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager deleted successfully.
C:\WINDOWS\TEMP\466020000.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SYS32DLL deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\autochk not found.
File rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager not found.
File C:\WINDOWS\TEMP\466020000.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SYS32DLL not found.
Registry value HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ares ultra deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Windows\CurrentVersion\Run\\autochk deleted successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Jim\protect.dll
C:\Documents and Settings\Jim\protect.dll NOT unregistered.
C:\Documents and Settings\Jim\protect.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Windows\CurrentVersion\Run\\CurseClient deleted successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll NOT unregistered.
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
========== FILES ==========
File\Folder C:\windows\system32\drivers\TDSS*.* not found.
File\Folder C:\windows\system32\TDSS*.* not found.
File\Folder C:\windows\system32\drivers\UACd*.* not found.
File\Folder C:\windows\system32\UACd*.* not found.
File\Folder C:\windows\system32\drivers\gaopdx*.* not found.
File\Folder C:\windows\system32\gaopdx*.* not found.
File\Folder C:\windows\system32\drivers\ovfsthx*.* not found.
File\Folder C:\windows\system32\ovfsthx*.* not found.
File\Folder C:\WINDOWS\Tasks\At*.job not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\setb5.tmp moved successfully.
C:\WINDOWS\System32\setb7.tmp moved successfully.
C:\WINDOWS\002374_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\NV21561636.TMP moved successfully.
C:\WINDOWS\NV30323036.TMP moved successfully.
C:\WINDOWS\NV7201132.TMP moved successfully.
C:\WINDOWS\NV8201712.TMP moved successfully.
C:\WINDOWS\SETE4.tmp moved successfully.
C:\WINDOWS\SETE7.tmp moved successfully.
C:\WINDOWS\SETF3.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL0168.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL0185.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL0602.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL0645.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL0765.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL1090.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL1446.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL1893.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL2596.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL2703.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL3852.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL4023.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL4036.tmp moved successfully.
C:\Documents and Settings\Jim\My Documents\~WRL4101.tmp moved successfully.
File\Folder C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll not found.
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\autochk.dll
C:\WINDOWS\System32\autochk.dll NOT unregistered.
C:\WINDOWS\System32\autochk.dll moved successfully.
C:\WINDOWS\System32\lmn_setup.exe moved successfully.
C:\WINDOWS\System32\sufuziwu.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Jim\Local Settings\Temp\etilqs_j9metSoak7DAqGW scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\msb.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\nsrbgxod.bak scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05212009_144233

Files moved on Reboot...
File C:\Documents and Settings\Jim\Local Settings\Temp\etilqs_j9metSoak7DAqGW not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\msb.dll
C:\WINDOWS\temp\msb.dll NOT unregistered.
C:\WINDOWS\temp\msb.dll moved successfully.
C:\WINDOWS\temp\nsrbgxod.bak moved successfully.

Registry entries deleted on Reboot...




Not sure if you meant that log, or a new Scan log, so I ran a scan as well:


OTListIt logfile created on: 5/21/2009 2:48:14 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.95 Gb Total Space | 18.69 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELBELSO
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2004/08/04 08:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/08/06 17:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2008/10/07 14:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/12/25 15:22:42 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/09/25 02:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2004/04/11 12:43:44 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/04/11 21:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/03/15 02:04:00 | 00,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2003/08/19 02:01:00 | 00,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/09/04 17:56:18 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2000/06/28 22:15:10 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/05/07 14:33:21 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/07 14:33:21 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/21 13:34:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2003/08/06 17:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2005/03/30 17:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [On_Demand | Stopped])
SRV - [2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/10/07 14:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2008/12/25 15:22:42 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 08:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 02:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/03/21 21:48:30 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/04 08:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2005/01/10 18:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2004/08/22 17:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running])
DRV - [2004/08/22 17:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/06/16 15:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys -- (DcCam [System | Running])
DRV - [2005/03/31 08:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])
DRV - [2005/03/31 08:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\dcfs2k.sys -- (DCFS2K [Auto | Running])
DRV - [2005/03/31 08:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys -- (DcLps [On_Demand | Stopped])
DRV - [2005/03/31 08:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys -- (DcPTP [On_Demand | Stopped])
DRV - [2004/02/13 04:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/02/27 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2003/03/04 13:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/03/31 09:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\DRIVERS\exportit.sys -- (Exportit [System | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/02/10 13:17:06 | 00,681,469 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2005/05/20 16:00:36 | 00,013,056 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2005/05/20 16:01:32 | 00,025,600 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2005/05/20 16:01:00 | 00,036,480 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Running])
DRV - [2005/05/20 16:01:26 | 00,068,352 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2004/08/04 08:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/22 12:34:51 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2008/10/07 14:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2005/01/10 18:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2007/06/15 10:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/06 12:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 08:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/03/03 13:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/02/23 11:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 06:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2004/08/04 02:07:42 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2004/01/14 20:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/01/14 20:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2004/08/04 08:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2004/08/04 08:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/03/15 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/03/15 02:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2004/08/04 08:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004/08/04 02:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/01/10 18:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.geneseo.edu/
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "webmail.geneseo.edu"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {338101C0-2EEA-4865-8967-8A493C4611C6}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/15 21:29:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/15 21:29:05 | 00,000,000 | ---D | M]

[2009/04/06 01:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mozilla\Extensions
[2009/04/06 01:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/15 21:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mozilla\Firefox\Profiles\39r7dodh.default\extensions
[2008/05/18 19:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mozilla\Firefox\Profiles\39r7dodh.default\extensions\moveplayer@movenetworks.com
[2009/05/15 21:23:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 14:13:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{338101C0-2EEA-4865-8967-8A493C4611C6}
[2009/04/06 01:39:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/23 12:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/05/02 19:03:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/02 19:03:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/02 19:04:10 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/02 19:04:10 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/02 19:04:10 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/02 19:04:10 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/02 19:04:10 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 22:41:48 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/05/02 19:04:10 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/02 19:04:10 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305250 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10535 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper File not found
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [autochk] rundll32.exe C:\DOCUME~1\Jim\protect.dll,_IWMPEvents@16 ( )
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [Google Update] "C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (Microsoft Corp.)
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll ( )
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Civilization Registration.lnk = D:\ATR1.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2577716201-3331332355-4213860654-1006\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\system32\zwebauth.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 13:58:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/21 14:45:15 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/21 14:42:33 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/21 14:14:15 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\JamesDelbelsoResume.doc
[2009/05/21 14:13:03 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\JimResume.doc
[2009/05/21 14:11:34 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume4 (3).doc
[2009/05/21 13:38:32 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\7c2oc18g.exe
[2009/05/21 13:34:32 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTListIt2.exe
[2009/05/20 23:13:20 | 00,023,552 | -HS- | C] ( ) -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/20 23:13:20 | 00,000,645 | -HS- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/20 23:13:15 | 00,023,552 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/20 22:56:32 | 00,689,873 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\r8gameminorversiongamemajorversiongameversion137.83535_041609_180238matchna.rec
[2009/05/19 20:52:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/19 20:20:20 | 00,675,187 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\2p_semois20090516015851.rec
[2009/05/19 18:00:04 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume4.doc
[2009/05/19 17:46:31 | 32,202,30144 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/19 17:15:11 | 00,001,954 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
[2009/05/19 17:15:11 | 00,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/05/19 17:15:11 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
[2009/05/19 17:15:11 | 00,000,514 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Civilization Registration.lnk
[2009/05/19 16:51:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/19 15:54:30 | 00,023,040 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwizi.exe
[2009/05/19 15:54:17 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2009/05/19 15:54:17 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup.exe
[2009/05/18 15:17:39 | 00,055,808 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\201syl_ver.doc
[2009/05/16 08:46:11 | 36,760,9856 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\ Battlestar Galactica 3x10 The Passage(2).avi
[2009/05/15 14:28:21 | 18,701,5936 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Stimvision05-09-09Postrevl.wmv.asx
[2009/05/15 14:05:22 | 10,594,6779 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Stimvision05-09-09.wmv.asx
[2009/05/15 07:28:57 | 00,000,190 | ---- | C] () -- C:\43214354.bat
[2009/05/14 10:33:34 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/14 10:11:13 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\JImISSjobresume.doc
[2009/05/14 10:10:57 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume.doc
[2009/05/13 18:30:45 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\hist391outline.doc
[2009/05/13 18:30:36 | 00,071,680 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\hist391finalfinal.doc
[2009/05/13 16:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/05/13 16:53:53 | 07,029,480 | ---- | C] () -- C:\WINDOWS\System32\8241_1.exe
[2009/05/13 00:15:08 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jim\Desktop\~$st391paperfinal2.doc
[2009/05/12 21:23:13 | 00,000,852 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\FrostWire 4.18.0.lnk
[2009/05/12 21:21:50 | 07,366,832 | ---- | C] (FrostWire, LLC) -- C:\Documents and Settings\Jim\Desktop\frostwire-4.18.0.windows.exe
[2009/05/11 09:49:15 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\hist391paperrevised.doc
[2009/05/10 20:03:30 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\span201-04 Spring2009.doc
[2009/05/10 09:07:05 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jim\My Documents\~$1outline.doc
[2009/05/09 19:17:42 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/05/09 16:04:03 | 01,557,461 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\_2.502_MorellooMix.rar
[2009/05/09 00:33:58 | 00,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/05/09 00:33:58 | 00,114,688 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/05/09 00:02:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/08 23:58:42 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/05/08 23:58:42 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/05/08 23:58:41 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/05/08 23:58:41 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/05/08 23:58:41 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/05/08 23:58:40 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/05/08 23:58:40 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/05/08 23:58:40 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/05/08 23:58:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/05/08 23:58:40 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/05/08 23:58:36 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/05/08 23:58:35 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/05/08 23:58:34 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/05/08 23:58:34 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/05/08 23:58:33 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/05/08 23:58:33 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/05/08 23:58:33 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/05/08 23:58:33 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/05/08 23:58:32 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/05/08 23:58:32 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/05/08 23:58:32 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/05/08 23:58:30 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/05/08 23:58:30 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/05/08 23:58:29 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/05/08 23:58:29 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/05/08 23:58:28 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/05/08 23:58:26 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/05/08 23:58:26 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/05/08 23:58:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/05/08 23:58:26 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/05/08 23:58:26 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/05/08 23:58:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/05/08 23:58:25 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/05/08 23:58:25 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/05/08 23:58:25 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/05/08 23:58:25 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/05/08 23:58:25 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/05/08 23:58:24 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/05/08 23:58:24 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/05/08 23:58:24 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/05/08 23:58:24 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/05/08 23:58:24 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/05/08 23:58:24 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/05/08 23:58:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/05/08 23:58:24 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2009/05/08 23:58:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/05/08 23:58:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/05/08 23:58:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/05/08 23:58:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/05/08 23:58:23 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/05/08 23:58:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/05/08 23:58:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/05/08 23:58:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/05/08 23:58:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/05/08 23:58:23 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/05/08 23:58:21 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/05/08 23:58:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/05/08 23:58:17 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2009/05/08 23:58:17 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/05/08 23:58:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/05/08 23:58:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2009/05/08 23:58:15 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/05/08 23:58:15 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/05/08 23:58:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/05/08 23:58:14 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/05/08 23:58:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/05/08 23:58:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/05/08 23:58:11 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/05/08 23:58:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/05/08 23:58:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/05/08 23:58:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/05/08 23:58:09 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/05/08 23:58:09 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/05/08 23:58:09 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/05/08 23:58:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/05/08 23:58:08 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/05/08 23:58:08 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/05/08 23:58:08 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/05/08 23:58:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/05/08 23:58:03 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/05/08 23:58:02 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/05/08 23:58:01 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/05/08 23:57:58 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/05/08 23:57:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/05/08 23:57:45 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/05/08 23:57:45 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/05/08 23:57:45 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/05/08 23:57:45 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/05/08 23:57:44 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/05/08 23:57:43 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/05/08 23:57:43 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/05/08 23:57:43 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/05/08 23:57:43 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/05/08 23:57:42 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/05/08 23:57:42 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/05/08 23:57:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/05/08 23:57:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/05/08 23:57:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/05/08 23:57:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/05/08 23:57:40 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/05/08 23:57:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/05/08 23:57:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/05/08 23:57:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/05/08 23:57:38 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/05/08 23:57:38 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/05/08 23:57:38 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/05/08 23:57:37 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/05/08 23:57:37 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/05/08 23:57:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/05/08 23:57:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/05/08 23:57:36 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/05/08 23:57:35 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/05/08 23:57:35 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/05/08 23:57:34 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/05/08 23:57:34 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/05/08 23:57:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/05/08 23:57:32 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/05/08 23:57:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/05/08 23:57:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/05/08 23:57:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/05/08 23:57:32 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/05/08 23:57:31 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/05/08 23:57:31 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/05/08 23:57:24 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/05/08 23:57:24 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/05/08 23:57:24 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/05/08 23:57:23 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/05/08 23:57:22 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/05/08 23:57:21 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/05/08 23:57:19 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/05/08 23:57:19 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/05/08 23:57:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/05/08 23:57:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/05/08 23:57:18 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/05/08 23:57:18 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/05/08 23:57:18 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/05/08 23:57:17 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/05/08 23:57:16 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/05/08 23:57:16 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/05/08 23:57:16 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/05/08 23:57:16 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/05/08 23:57:16 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/05/08 23:57:15 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/05/08 23:57:15 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/05/08 23:57:15 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/05/08 23:57:06 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/05/08 23:57:04 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/05/08 23:57:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/05/08 23:57:03 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/05/08 23:57:03 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/05/08 23:57:03 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/05/08 23:57:01 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/05/08 23:57:01 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/05/08 23:57:01 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/05/08 23:57:01 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/05/08 23:57:00 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/05/08 23:57:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/05/08 23:56:58 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/05/08 23:56:58 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/05/08 23:56:58 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/05/08 23:56:58 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/05/08 23:56:57 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/05/08 23:56:57 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/05/08 23:56:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/05/08 23:56:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/05/08 23:56:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/05/08 23:56:56 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/05/08 23:56:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/05/08 23:56:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/05/08 23:56:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/05/08 23:56:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/05/08 23:56:53 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/05/08 23:56:53 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/05/08 23:56:53 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/05/08 23:56:53 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/05/08 23:56:53 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/05/08 23:56:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/05/08 23:56:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/05/08 23:56:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/05/08 23:56:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/05/08 23:56:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/05/08 23:56:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/05/08 23:56:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/05/08 23:56:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/05/08 23:56:47 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/05/08 23:56:47 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/05/08 23:56:46 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/05/08 23:56:46 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/05/08 23:56:46 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/05/08 23:56:46 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/05/08 23:56:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/05/08 23:56:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/05/08 23:56:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/05/08 23:56:43 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/05/08 23:56:43 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/05/08 23:56:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/05/08 23:56:38 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/05/08 23:56:37 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/05/08 23:56:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/05/08 23:56:37 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/05/08 23:56:36 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2009/05/08 23:56:36 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/05/08 23:56:36 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/05/08 23:56:29 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/05/08 23:56:29 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/05/08 23:56:29 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/05/08 23:56:29 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/05/08 23:56:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/05/08 23:56:28 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/05/08 23:56:28 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/05/08 23:56:28 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/05/08 23:56:28 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/05/08 23:56:28 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/05/08 23:56:28 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2009/05/08 23:56:28 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/05/08 23:56:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/05/08 23:56:27 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/05/08 23:56:27 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/05/08 23:56:27 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/05/08 23:56:27 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/05/08 23:56:26 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/05/08 23:56:26 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/05/08 23:56:26 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/05/08 23:56:26 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/05/08 23:56:26 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/05/08 23:56:26 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/05/08 23:56:26 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/05/08 23:56:26 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/05/08 23:56:25 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/05/08 23:56:25 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/05/08 23:56:25 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/05/08 23:56:25 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/05/08 23:56:25 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/05/08 23:56:24 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/05/08 23:56:24 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/05/08 23:56:24 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/05/08 23:56:24 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/05/08 23:56:23 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/05/08 23:56:23 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/05/08 23:56:23 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/05/08 23:56:22 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/05/08 23:56:22 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/05/08 23:56:22 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/05/08 23:56:21 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/05/08 23:54:23 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/08 23:54:02 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/05/08 23:52:40 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/05/08 23:51:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/05/08 23:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/05/08 23:37:54 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/05/08 23:37:54 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/05/08 23:37:54 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/05/08 23:37:54 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/05/08 23:37:38 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/05/08 23:37:38 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/05/08 23:37:38 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/05/08 23:37:38 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/05/08 23:37:38 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/05/08 23:37:38 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/05/08 23:37:38 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/05/08 23:37:38 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/05/08 23:37:38 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/05/08 23:37:38 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/05/08 23:37:38 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/05/08 23:37:38 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/05/08 23:37:38 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/05/08 23:37:38 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/05/08 23:37:38 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/05/08 23:37:38 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/05/08 23:37:38 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/05/08 23:37:37 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/05/08 23:37:37 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/05/08 23:37:37 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/05/08 19:25:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/05/08 19:25:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/05/08 12:49:10 | 01,316,720 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\hobbits.JPG
[2009/05/07 07:01:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Downloads
[2009/05/07 06:07:10 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\Resumewegmans.doc
[2009/05/07 05:29:27 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/07 05:29:16 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\RSIT.exe
[2009/05/07 04:39:56 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/07 04:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/07 04:36:08 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\HijackThis.lnk
[2009/05/07 04:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/07 03:19:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/05/06 21:59:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/06 18:53:13 | 00,000,000 | ---D | C] -- C:\Ave
[2009/05/06 18:19:42 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Jim\Desktop\spybotsd162.exe
[2009/05/04 21:59:21 | 36,760,5760 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\ Battlestar Galactica 3x08 Hero.avi
[2009/05/01 16:49:56 | 00,001,564 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Diablo II - Lord of Destruction.lnk
[2009/05/01 16:39:57 | 00,035,468 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2009/05/01 16:39:55 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2009/05/01 16:39:55 | 00,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2009/04/30 12:00:10 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\GPS Studies of the Caribbean.doc
[2009/04/30 00:13:43 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jim\Desktop\~$omorph outline scarps.doc
[2009/04/29 22:41:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/29 22:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/04/29 18:59:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Malwarebytes
[2009/04/29 18:59:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/29 18:59:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 18:59:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/29 18:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 18:59:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/29 18:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/29 18:44:06 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/04/29 17:32:41 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\For my paper I was interested in researching the early Christian missions to the Indians.doc
[2009/04/29 16:04:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/29 14:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\My eBooks
[2009/04/28 04:52:22 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\hist391paperfinal.doc
[2009/04/27 17:13:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\vlc
[2009/04/25 07:30:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\FrostWire
[2009/04/25 07:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\filelib
[2009/04/21 17:00:44 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\ISSjobresume.doc
[2008/12/29 18:21:38 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/28 14:06:42 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/12/25 16:21:41 | 00,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/26 22:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/09/18 14:08:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/06/29 00:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 00:43:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 00:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 00:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 00:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/07 15:37:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/19 01:41:45 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/05/19 01:41:45 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/05/19 01:41:45 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/05/19 01:39:06 | 00,000,287 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/03/23 17:52:39 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/06/14 18:55:23 | 00,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/06/14 18:55:20 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2005/06/14 18:55:20 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\Fpxlib.dll
[2005/06/14 18:55:20 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\Jpeglib.dll
[2005/06/14 18:55:20 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/12/15 21:08:22 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2004/12/15 21:08:22 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2004/10/26 18:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/25 15:17:18 | 00,000,440 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/10/17 16:35:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/13 23:08:08 | 00,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/08/31 23:47:31 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/30 18:04:22 | 00,004,910 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/08/22 18:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/22 12:37:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/22 12:26:36 | 00,000,585 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/22 12:25:19 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/08/22 12:25:12 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/08/22 12:25:12 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/22 12:25:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2004/08/22 12:25:12 | 00,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/08/22 12:25:12 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/22 12:25:05 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/22 11:52:04 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 20:56:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/26 17:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 14:21:34 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 13:58:32 | 00,000,792 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/03/20 13:50:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/03/19 18:37:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/02/10 15:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 15:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2000/09/08 18:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[2009/05/21 14:45:23 | 00,193,109 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/21 14:45:14 | 00,023,552 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/21 14:44:40 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Jim\Local Settings\DESKTOP.INI
[2009/05/21 14:44:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/21 14:44:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/21 14:44:30 | 32,202,30144 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/21 14:42:41 | 00,023,552 | -HS- | M] ( ) -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/21 14:42:41 | 00,000,645 | -HS- | M] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/21 14:14:15 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\JamesDelbelsoResume.doc
[2009/05/21 14:13:38 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\JimResume.doc
[2009/05/21 14:11:34 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume4 (3).doc
[2009/05/21 13:38:36 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\7c2oc18g.exe
[2009/05/21 13:34:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTListIt2.exe
[2009/05/21 09:59:33 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2577716201-3331332355-4213860654-1006.job
[2009/05/21 04:39:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/20 22:56:38 | 00,689,873 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\r8gameminorversiongamemajorversiongameversion137.83535_041609_180238matchna.rec
[2009/05/19 20:20:22 | 00,675,187 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\2p_semois20090516015851.rec
[2009/05/19 18:00:04 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume4.doc
[2009/05/19 17:15:10 | 00,000,792 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/19 17:15:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/05/19 17:15:10 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/05/18 15:17:40 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\201syl_ver.doc
[2009/05/18 15:01:27 | 00,002,300 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/16 09:35:07 | 00,002,228 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Google Chrome.lnk
[2009/05/16 09:06:39 | 36,760,9856 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\ Battlestar Galactica 3x10 The Passage(2).avi
[2009/05/15 14:35:20 | 18,701,5936 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Stimvision05-09-09Postrevl.wmv.asx
[2009/05/15 14:08:02 | 10,594,6779 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Stimvision05-09-09.wmv.asx
[2009/05/15 07:28:57 | 00,000,190 | ---- | M] () -- C:\43214354.bat
[2009/05/14 10:37:36 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/14 10:11:13 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\JImISSjobresume.doc
[2009/05/14 10:10:58 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\JImISSjobresume.doc
[2009/05/13 18:32:21 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\hist391finalfinal.doc
[2009/05/13 18:30:46 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\hist391outline.doc
[2009/05/13 16:54:09 | 07,029,480 | ---- | M] () -- C:\WINDOWS\System32\8241_1.exe
[2009/05/13 01:12:11 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\391outline.doc
[2009/05/13 00:15:08 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\~$st391paperfinal2.doc
[2009/05/12 21:23:13 | 00,000,852 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\FrostWire 4.18.0.lnk
[2009/05/12 21:22:12 | 07,366,832 | ---- | M] (FrostWire, LLC) -- C:\Documents and Settings\Jim\Desktop\frostwire-4.18.0.windows.exe
[2009/05/12 04:15:48 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\hist391paperfinal.doc
[2009/05/11 09:55:17 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\hist391paperrevised.doc
[2009/05/10 20:03:30 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\span201-04 Spring2009.doc
[2009/05/10 09:07:05 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jim\My Documents\~$1outline.doc
[2009/05/09 16:04:06 | 01,557,461 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\_2.502_MorellooMix.rar
[2009/05/09 00:39:10 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/05/09 00:39:10 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/05/09 00:33:58 | 00,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/05/09 00:33:58 | 00,114,688 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/05/09 00:04:34 | 00,520,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/09 00:04:34 | 00,439,136 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/09 00:04:34 | 00,071,636 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/09 00:01:56 | 00,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/09 00:01:10 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/05/08 23:55:46 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
[2009/05/08 23:55:42 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/08 23:55:41 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/08 23:55:41 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/08 23:55:26 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/08 23:54:23 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/05/08 23:54:23 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/08 23:54:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/05/08 23:52:51 | 00,023,444 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/08 23:52:05 | 00,000,535 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2009/05/08 23:37:40 | 00,000,131 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\DESKTOP.INI
[2009/05/08 23:37:40 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2009/05/08 12:49:11 | 01,316,720 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\hobbits.JPG
[2009/05/07 06:55:13 | 00,000,585 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/07 06:07:11 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\Resumewegmans.doc
[2009/05/07 05:29:17 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\RSIT.exe
[2009/05/07 04:40:08 | 00,632,818 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/05/07 04:36:08 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\HijackThis.lnk
[2009/05/07 03:21:05 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/06 18:48:50 | 00,305,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/05/06 18:31:11 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Spybot - Search & Destroy.lnk
[2009/05/06 18:20:22 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Jim\Desktop\spybotsd162.exe
[2009/05/04 22:49:47 | 36,760,5760 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\ Battlestar Galactica 3x08 Hero.avi
[2009/05/03 21:58:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20090506-184850.backup
[2009/05/01 17:17:47 | 00,035,468 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2009/05/01 17:16:56 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/05/01 17:16:56 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/05/01 17:16:56 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/05/01 16:49:56 | 00,001,564 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Diablo II - Lord of Destruction.lnk
[2009/05/01 16:39:55 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2009/05/01 16:39:55 | 00,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2009/04/30 12:00:10 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\GPS Studies of the Caribbean.doc
[2009/04/30 00:13:43 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jim\Desktop\~$omorph outline scarps.doc
[2009/04/29 19:49:58 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\forusiju
[2009/04/29 18:59:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 17:32:42 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\For my paper I was interested in researching the early Christian missions to the Indians.doc
[2009/04/25 07:24:58 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/21 17:47:35 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\ISSjobresume.doc
< End of report >


And here's the MWB log:


Malwarebytes' Anti-Malware 1.36
Database version: 2163
Windows 5.1.2600 Service Pack 2

5/21/2009 2:57:10 PM
mbam-log-2009-05-21 (14-57-10).txt

Scan type: Quick Scan
Objects scanned: 87002
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\autochk.dll (Spyware.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jim\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\autochk.dll (Spyware.Agent) -> Delete on reboot.
C:\Documents and Settings\LocalService\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.


This seems to be working, its the first time in a long time no Registry Keys came up infected. :thumbup2:

#6 Jdel

Jdel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 May 2009 - 07:32 AM

Hrmm, guess I didn't get rid of malware doctor after all. or at least am infected with something similar. came back to my computer this morning to find my background changed and a window open telling me to buy antivirus xp pro. running MWB now, hopefully that should at least get rid of it for now.

Here's the MWB log of that, in case you need it:

Malwarebytes' Anti-Malware 1.36
Database version: 2163
Windows 5.1.2600 Service Pack 2

5/22/2009 8:30:33 AM
mbam-log-2009-05-22 (08-30-33).txt

Scan type: Quick Scan
Objects scanned: 87042
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 19

Memory Processes Infected:
c:\program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\frmwrk32.exe (Trojan.FakeAlert) -> Failed to unload process.

Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Spyware.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svc (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Jim\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\autochk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lmn_setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\CONFIG\SystemProfile\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\msb.dll (Spyware.Agent) -> Delete on reboot.
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\frmwrk32.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\loader49.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\service-466.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Upon reboot from that, I ran MWB again and it came up clean, but there was still a process running in my task manager called Avast!Antivirus using a lot of system resources, that I had to terminate.

Edited by Jdel, 22 May 2009 - 07:44 AM.


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 22 May 2009 - 03:55 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Jdel

Jdel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 May 2009 - 07:18 PM

Upon reboot from running Combofix, Malware Doctor popped up and started running, hopefully the log wasn't affected by that. Also I notice it logs all new folders created in the last 30 days, I'm not sure when I started experiencing trouble, but it was around a month ago, so it might have started before 30 days ago. Not sure if that matters. anyway, here's the log:
ComboFix 09-05-22.05 - Jim 05/22/2009 19:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2743 [GMT -4:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jim\protect.dll
c:\documents and settings\Jim\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Jim\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\Application Data\916653139.exe
c:\documents and settings\LocalService\protect.dll
C:\kmd.exe
c:\program files\INSTALL.LOG
c:\windows\system32\8241_1.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthcfkkolxgdbxyhikrjbmmdnetxasrvdje.sys
c:\windows\system32\lmn_setup.exe
c:\windows\system32\ovfstheddaafcnpnlfomripjmsigqoxtsrsufe.dat
c:\windows\system32\ovfsthichxlwotyujcepdvxrfwmtkhetiocwpq.dat
c:\windows\system32\ovfsthjyddphrmawtbkgvolspobkolwcpqdjwy.dll
c:\windows\system32\ovfsthphfqqntstxwsiqtkaewekuqqeyvtfxuk.dll
c:\windows\system32\ovfsthxeppxgojinreoxaklsgilxowyviuofdj.dll
c:\windows\system32\sft.res
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthpjtaluuvjailqrsnpunvyouwrmoewpsn
-------\Legacy_ASHEVTSVC


((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-22 23:20 . 2009-05-22 23:20 40448 ----a-w c:\documents and settings\LocalService\Application Data\1055860099.exe
2009-05-22 11:16 . 2009-05-22 11:16 29184 ----a-w c:\windows\system32\jhxm32.dll
2009-05-22 11:15 . 2009-05-22 11:15 32768 ----a-w c:\windows\system32\avast!Antivirus.exe
2009-05-21 19:15 . 2009-05-21 19:15 136 ----a-w c:\windows\system32\vp_setup.exe.bat
2009-05-21 19:15 . 2009-05-21 19:15 61440 ----a-w c:\windows\system32\vp_setup.exe
2009-05-21 18:42 . 2009-05-21 18:42 -------- d-----w C:\_OTListIt
2009-05-20 00:52 . 2009-05-20 00:52 -------- d-----w c:\windows\system32\NtmsData
2009-05-19 19:54 . 2004-08-04 12:00 23040 --sh--r c:\windows\system32\accwizi.exe
2009-05-19 19:54 . 2004-08-04 12:00 23040 -c--a-w c:\windows\system32\dllcache\setup.exe
2009-05-19 19:54 . 2004-08-04 12:00 23040 ----a-w c:\windows\system32\setup.exe
2009-05-15 11:28 . 2009-05-15 11:28 190 ----a-w C:\43214354.bat
2009-05-13 20:54 . 2009-05-13 20:54 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Mozilla
2009-05-13 20:54 . 2009-05-13 20:54 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-09 23:17 . 2009-05-09 23:19 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-09 04:33 . 2009-05-09 04:33 409600 ----a-w c:\windows\system32\wrap_oal.dll
2009-05-09 04:33 . 2009-05-09 04:33 114688 ----a-w c:\windows\system32\OpenAL32.dll
2009-05-09 03:57 . 2004-08-04 12:00 111104 -c--a-w c:\windows\system32\dllcache\mtstocom.exe
2009-05-09 03:56 . 2004-08-04 12:00 9728 -c--a-w c:\windows\system32\dllcache\change.exe
2009-05-09 03:46 . 2009-05-09 03:46 -------- d-----w c:\program files\CONEXANT
2009-05-09 03:37 . 2004-08-04 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-09 03:37 . 2004-08-04 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 03:37 . 2004-08-04 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-09 03:37 . 2004-08-04 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-09 03:36 . 2009-05-09 03:36 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-08 23:25 . 2009-05-08 23:25 -------- d-----w c:\windows\java
2009-05-08 23:25 . 2009-05-08 23:25 -------- d-----w c:\windows\dell
2009-05-07 09:29 . 2009-05-07 09:29 -------- d-----w C:\rsit
2009-05-07 08:37 . 2009-05-07 08:37 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-07 08:36 . 2009-05-07 08:36 -------- d-----w c:\program files\Trend Micro
2009-05-07 07:19 . 2009-05-07 07:19 -------- d-----w c:\program files\MSXML 6.0
2009-05-07 01:59 . 2009-05-07 02:12 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-06 22:53 . 2009-05-17 17:01 -------- d-----w C:\Ave
2009-05-01 20:39 . 2009-05-01 21:17 35468 ----a-w c:\windows\DIIUnin.dat
2009-05-01 20:39 . 2009-05-01 20:39 94208 ----a-w c:\windows\DIIUnin.exe
2009-05-01 20:39 . 2009-05-01 20:39 2829 ----a-w c:\windows\DIIUnin.pif
2009-04-30 02:41 . 2009-04-30 02:41 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-30 02:41 . 2009-04-30 02:41 -------- d-----w c:\documents and settings\Jim\Local Settings\Application Data\Downloaded Installations
2009-04-30 02:40 . 2009-04-30 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\documents and settings\Jim\Application Data\Malwarebytes
2009-04-29 22:59 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 22:59 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 22:58 . 2009-04-30 02:40 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-29 22:44 . 2009-04-29 22:44 -------- d-----w c:\program files\microsoft frontpage
2009-04-29 20:04 . 2009-04-29 20:04 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-27 21:13 . 2009-04-27 21:13 -------- d-----w c:\documents and settings\Jim\Application Data\vlc
2009-04-25 11:26 . 2004-08-04 07:56 30749 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll
2009-04-25 11:26 . 2004-08-04 07:56 614429 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll
2009-04-25 11:26 . 2004-08-04 07:56 53279 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll
2009-04-25 11:26 . 2004-08-04 07:56 241693 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll
2009-04-25 11:26 . 2004-08-04 07:56 151583 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll
2009-04-25 11:26 . 2004-08-04 07:56 1507356 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll
2009-04-25 11:26 . 2004-08-04 07:56 102400 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll
2009-04-25 11:26 . 2004-08-04 07:56 57344 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll
2009-04-25 11:26 . 2004-08-04 07:56 536576 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll
2009-04-25 11:26 . 2004-08-04 07:56 380957 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll
2009-04-25 11:26 . 2004-08-04 07:56 200704 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll
2009-04-25 11:26 . 2004-03-01 18:52 358976 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 23:08 . 2009-05-22 23:08 29184 ----a-w c:\windows\system32\lklf32.dll
2009-05-22 20:04 . 2008-03-23 16:54 -------- d-----w c:\documents and settings\Jim\Application Data\FrostWire
2009-05-16 20:53 . 2007-06-08 21:30 -------- d-----w c:\program files\Diablo II
2009-05-16 13:30 . 2004-08-22 16:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-16 01:29 . 2004-08-22 16:27 -------- d-----w c:\program files\Common Files\Real
2009-05-16 01:27 . 2004-08-22 16:26 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-16 01:27 . 2004-08-22 16:26 -------- d-----w c:\program files\Common Files\AOL
2009-05-14 14:33 . 2007-01-17 06:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-13 01:23 . 2008-03-23 16:53 -------- d-----w c:\program files\FrostWire
2009-05-09 23:15 . 2007-01-28 22:22 -------- d-----w c:\documents and settings\Jim\Application Data\BitTorrent
2009-05-09 23:14 . 2007-11-24 21:38 -------- d-----w c:\program files\GameHouse
2009-05-09 23:14 . 2008-04-28 00:41 -------- d-----w c:\program files\Ares
2009-05-09 10:34 . 2004-03-20 17:57 89691 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-09 04:39 . 2004-08-22 16:37 62968 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 04:35 . 2004-08-22 16:24 -------- d-----w c:\program files\Creative
2009-05-09 03:52 . 2004-03-20 17:55 23444 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-07 08:37 . 2007-05-27 04:14 -------- d-----w c:\program files\Lavasoft
2009-05-06 22:32 . 2004-08-27 05:37 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-06 22:32 . 2004-08-27 05:37 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 21:16 . 2006-05-19 05:41 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-05-01 21:16 . 2006-05-19 05:41 17212 ----atw c:\windows\system32\SIntf32.dll
2009-05-01 21:16 . 2006-05-19 05:41 12067 ----atw c:\windows\system32\SIntf16.dll
2009-04-30 18:40 . 2004-08-22 16:31 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-30 17:14 . 2004-08-30 14:40 -------- d-----w c:\program files\Symantec
2009-04-29 22:44 . 2008-03-07 03:13 -------- d-----w c:\program files\7-Zip
2009-04-29 19:20 . 2008-11-04 20:01 -------- d-----w c:\documents and settings\Jim\Application Data\DNA
2009-04-25 11:25 . 2007-02-11 02:22 -------- d-----w c:\documents and settings\Jim\Application Data\Skype
2009-04-25 11:24 . 2008-03-28 01:05 -------- d-----w c:\documents and settings\Jim\Application Data\skypePM
2009-04-20 17:18 . 2009-04-20 17:18 0 ----a-w c:\documents and settings\Jim\ntuser.tmp
2009-04-04 08:21 . 2009-04-04 08:21 327680 ----a-w C:\zf5oeg.exe
2009-04-02 03:39 . 2009-04-02 03:26 1878984 ----a-w c:\documents and settings\Jim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2003-12-18 15:33 . 2006-05-21 04:21 20102 ----a-w c:\program files\Readme.txt
2003-09-03 11:46 . 2006-05-21 04:21 10960 ----a-w c:\program files\EULA.txt
2004-08-04 12:00 . 2009-05-19 19:54 23040 --sh--r c:\windows\SYSTEM32\accwizi.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]
2009-05-22 23:08 29184 ----a-w c:\windows\SYSTEM32\lklf32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"Google Update"="c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-06-29 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-02 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-06-29 28739]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2005-05-03 64512]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2004-08-04 53760]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darknetii@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darknetii@hotmail.com\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=

S3 bDMusicb;bDMusicb;\??\c:\docume~1\Jim\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Jim\LOCALS~1\Temp\bDMusicb.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AOL ACS
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - avast!Antivirus
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fax
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - iPod Service
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LexBceS
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sfsync02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssrtln
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - tfsnboio
*Deregistered* - tfsncofs
*Deregistered* - tfsndrct
*Deregistered* - tfsndres
*Deregistered* - tfsnifs
*Deregistered* - tfsnopio
*Deregistered* - tfsnpool
*Deregistered* - tfsnudf
*Deregistered* - tfsnudfa
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - w32time
*Deregistered* - Wanarp
*Deregistered* - wanatw
*Deregistered* - WANMiniportService
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMDM PMSP Service
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2577716201-3331332355-4213860654-1006.job
- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:56]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Malware Doctor - c:\documents and settings\LocalService\Application Data\916653139.exe
HKLM-Run-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
HKLM-Run-Malware Doctor - c:\documents and settings\LocalService\Application Data\916653139.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.geneseo.edu/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\39r7dodh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - webmail.geneseo.edu
FF - plugin: c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 19:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b6,91,dc,1f,39,f8,f5,e7,3d,5c,cc,8c,b3,3d,ee,27,f8,94,c9,81,7f,b6,aa,
28,2a,0d,63,28,bd,0c,4a,86,49,f7,36,68,fd,8f,a4,65,5f,e9,2f,65,71,1a,20,56,\
"??"=hex:3d,62,55,8c,27,44,10,72,6c,c7,ca,b8,7f,28,1c,a3

[HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\SecuROM\License information*]
"datasecu"=hex:5f,54,b0,85,75,36,8a,ce,4b,b5,95,4c,df,ab,7a,a5,5d,5b,80,bb,b4,
2e,be,04,57,80,b2,69,76,a9,ae,bd,ae,03,d9,ad,f4,aa,62,69,e9,67,02,06,a1,d8,\
"rkeysecu"=hex:b0,25,6c,11,65,91,c2,83,f4,72,b5,25,d8,a5,c1,58
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\browselc.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\lklf32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\avast!Antivirus.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\916653139.exe.vir84f1ff9
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\SYSTEM32\rundll32.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
.
**************************************************************************
.
Completion time: 2009-05-22 19:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 23:46

Pre-Run: 16,501,428,224 bytes free
Post-Run: 16,379,023,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=3 Default=3 Failed=0 LastKnownGood=2 Sets=1,2,3,4,5
369 --- E O F --- 2009-05-08 07:01

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 23 May 2009 - 01:45 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
bDMusicb

File::
c:\windows\SYSTEM32\avast!Antivirus.exe
c:\windows\system32\lklf32.dll
c:\docume~1\Jim\LOCALS~1\Temp\bDMusicb.sys
c:\windows\SYSTEM32\accwizi.exe
C:\zf5oeg.exe
c:\windows\system32\dllcache\setup.exe
c:\windows\system32\setup.exe
C:\43214354.bat
c:\documents and settings\LocalService\Application Data\1055860099.exe
c:\windows\system32\jhxm32.dll
c:\windows\system32\vp_setup.exe.bat
c:\windows\system32\vp_setup.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=-
"NoSetActiveDesktop"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Jdel

Jdel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 May 2009 - 04:03 PM

Ok did that. A few things came up while it was running, I'm not sure if either is important, but I figured I'd share. First, when I booted up combofix it prompted me to download an update, which I did. Secondly, while combofix was running a prompt came up twice which read something along the lines of "Files needed to run Windows have been replaced by unrecognized versions, please insert your Windows XP disc." However, I don't have my windows disc with me currently, so I couldn't do anything, but combofix continued to run anyway. Here's the log:

ComboFix 09-05-23.01 - Jim 05/23/2009 16:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2351 [GMT -4:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\CFScript.txt

FILE ::
C:\43214354.bat
c:\docume~1\Jim\LOCALS~1\Temp\bDMusicb.sys
c:\documents and settings\LocalService\Application Data\1055860099.exe
c:\windows\SYSTEM32\accwizi.exe
c:\windows\SYSTEM32\avast!Antivirus.exe
c:\windows\system32\dllcache\setup.exe
c:\windows\system32\jhxm32.dll
c:\windows\system32\lklf32.dll
c:\windows\system32\setup.exe
c:\windows\system32\vp_setup.exe
c:\windows\system32\vp_setup.exe.bat
C:\zf5oeg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\43214354.bat
c:\documents and settings\LocalService\Application Data\1055860099.exe
c:\windows\SYSTEM32\accwizi.exe
c:\windows\SYSTEM32\avast!Antivirus.exe
c:\windows\system32\dllcache\setup.exe
c:\windows\system32\jhxm32.dll
c:\windows\system32\lklf32.dll
c:\windows\system32\setup.exe
c:\windows\system32\vp_setup.exe.bat
C:\zf5oeg.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BDMUSICB
-------\Service_bDMusicb


((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.

2009-05-21 18:42 . 2009-05-21 18:42 -------- d-----w C:\_OTListIt
2009-05-20 00:52 . 2009-05-20 00:52 -------- d-----w c:\windows\system32\NtmsData
2009-05-13 20:54 . 2009-05-13 20:54 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Mozilla
2009-05-13 20:54 . 2009-05-13 20:54 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-09 23:17 . 2009-05-09 23:19 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-09 04:33 . 2009-05-09 04:33 409600 ----a-w c:\windows\system32\wrap_oal.dll
2009-05-09 04:33 . 2009-05-09 04:33 114688 ----a-w c:\windows\system32\OpenAL32.dll
2009-05-09 03:57 . 2004-08-04 12:00 111104 -c--a-w c:\windows\system32\dllcache\mtstocom.exe
2009-05-09 03:56 . 2004-08-04 12:00 9728 -c--a-w c:\windows\system32\dllcache\change.exe
2009-05-09 03:46 . 2009-05-09 03:46 -------- d-----w c:\program files\CONEXANT
2009-05-09 03:37 . 2004-08-04 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-09 03:37 . 2004-08-04 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 03:37 . 2004-08-04 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-09 03:37 . 2004-08-04 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-09 03:36 . 2009-05-09 03:36 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-08 23:25 . 2009-05-08 23:25 -------- d-----w c:\windows\java
2009-05-08 23:25 . 2009-05-08 23:25 -------- d-----w c:\windows\dell
2009-05-07 09:29 . 2009-05-07 09:29 -------- d-----w C:\rsit
2009-05-07 08:37 . 2009-05-07 08:37 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-07 08:36 . 2009-05-07 08:36 -------- d-----w c:\program files\Trend Micro
2009-05-07 07:19 . 2009-05-07 07:19 -------- d-----w c:\program files\MSXML 6.0
2009-05-07 01:59 . 2009-05-07 02:12 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-06 22:53 . 2009-05-17 17:01 -------- d-----w C:\Ave
2009-05-01 20:39 . 2009-05-01 21:17 35468 ----a-w c:\windows\DIIUnin.dat
2009-05-01 20:39 . 2009-05-01 20:39 94208 ----a-w c:\windows\DIIUnin.exe
2009-05-01 20:39 . 2009-05-01 20:39 2829 ----a-w c:\windows\DIIUnin.pif
2009-04-30 02:41 . 2009-04-30 02:41 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-30 02:41 . 2009-04-30 02:41 -------- d-----w c:\documents and settings\Jim\Local Settings\Application Data\Downloaded Installations
2009-04-30 02:40 . 2009-04-30 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\documents and settings\Jim\Application Data\Malwarebytes
2009-04-29 22:59 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 22:59 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 22:58 . 2009-04-30 02:40 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-29 22:44 . 2009-04-29 22:44 -------- d-----w c:\program files\microsoft frontpage
2009-04-29 20:04 . 2009-04-29 20:04 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-27 21:13 . 2009-04-27 21:13 -------- d-----w c:\documents and settings\Jim\Application Data\vlc
2009-04-25 11:26 . 2004-08-04 07:56 30749 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll
2009-04-25 11:26 . 2004-08-04 07:56 614429 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll
2009-04-25 11:26 . 2004-08-04 07:56 53279 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll
2009-04-25 11:26 . 2004-08-04 07:56 241693 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll
2009-04-25 11:26 . 2004-08-04 07:56 151583 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll
2009-04-25 11:26 . 2004-08-04 07:56 1507356 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll
2009-04-25 11:26 . 2004-08-04 07:56 102400 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll
2009-04-25 11:26 . 2004-08-04 07:56 57344 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll
2009-04-25 11:26 . 2004-08-04 07:56 536576 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll
2009-04-25 11:26 . 2004-08-04 07:56 380957 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll
2009-04-25 11:26 . 2004-08-04 07:56 200704 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll
2009-04-25 11:26 . 2004-03-01 18:52 358976 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 20:04 . 2008-03-23 16:54 -------- d-----w c:\documents and settings\Jim\Application Data\FrostWire
2009-05-16 20:53 . 2007-06-08 21:30 -------- d-----w c:\program files\Diablo II
2009-05-16 13:30 . 2004-08-22 16:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-16 01:29 . 2004-08-22 16:27 -------- d-----w c:\program files\Common Files\Real
2009-05-16 01:27 . 2004-08-22 16:26 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-16 01:27 . 2004-08-22 16:26 -------- d-----w c:\program files\Common Files\AOL
2009-05-14 14:33 . 2007-01-17 06:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-13 01:23 . 2008-03-23 16:53 -------- d-----w c:\program files\FrostWire
2009-05-09 23:15 . 2007-01-28 22:22 -------- d-----w c:\documents and settings\Jim\Application Data\BitTorrent
2009-05-09 23:14 . 2007-11-24 21:38 -------- d-----w c:\program files\GameHouse
2009-05-09 23:14 . 2008-04-28 00:41 -------- d-----w c:\program files\Ares
2009-05-09 10:34 . 2004-03-20 17:57 89691 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-09 04:39 . 2004-08-22 16:37 62968 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 04:35 . 2004-08-22 16:24 -------- d-----w c:\program files\Creative
2009-05-09 03:52 . 2004-03-20 17:55 23444 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-07 08:37 . 2007-05-27 04:14 -------- d-----w c:\program files\Lavasoft
2009-05-06 22:32 . 2004-08-27 05:37 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-06 22:32 . 2004-08-27 05:37 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 21:16 . 2006-05-19 05:41 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-05-01 21:16 . 2006-05-19 05:41 17212 ----atw c:\windows\system32\SIntf32.dll
2009-05-01 21:16 . 2006-05-19 05:41 12067 ----atw c:\windows\system32\SIntf16.dll
2009-04-30 18:40 . 2004-08-22 16:31 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-30 17:14 . 2004-08-30 14:40 -------- d-----w c:\program files\Symantec
2009-04-29 22:44 . 2008-03-07 03:13 -------- d-----w c:\program files\7-Zip
2009-04-29 19:20 . 2008-11-04 20:01 -------- d-----w c:\documents and settings\Jim\Application Data\DNA
2009-04-25 11:25 . 2007-02-11 02:22 -------- d-----w c:\documents and settings\Jim\Application Data\Skype
2009-04-25 11:24 . 2008-03-28 01:05 -------- d-----w c:\documents and settings\Jim\Application Data\skypePM
2009-04-20 17:18 . 2009-04-20 17:18 0 ----a-w c:\documents and settings\Jim\ntuser.tmp
2009-04-02 03:39 . 2009-04-02 03:26 1878984 ----a-w c:\documents and settings\Jim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2003-12-18 15:33 . 2006-05-21 04:21 20102 ----a-w c:\program files\Readme.txt
2003-09-03 11:46 . 2006-05-21 04:21 10960 ----a-w c:\program files\EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"Google Update"="c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-06-29 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-02 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-06-29 28739]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2005-05-03 64512]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2004-08-04 53760]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darknetii@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darknetii@hotmail.com\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2007 3:59 AM 24652]
S2 avast!Antivirus;avast!Antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2577716201-3331332355-4213860654-1006.job
- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.geneseo.edu/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\39r7dodh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - webmail.geneseo.edu
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 16:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b6,91,dc,1f,39,f8,f5,e7,3d,5c,cc,8c,b3,3d,ee,27,f8,94,c9,81,7f,b6,aa,
28,2a,0d,63,28,bd,0c,4a,86,49,f7,36,68,fd,8f,a4,65,5f,e9,2f,65,71,1a,20,56,\
"??"=hex:3d,62,55,8c,27,44,10,72,6c,c7,ca,b8,7f,28,1c,a3

[HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\SecuROM\License information*]
"datasecu"=hex:5f,54,b0,85,75,36,8a,ce,4b,b5,95,4c,df,ab,7a,a5,5d,5b,80,bb,b4,
2e,be,04,57,80,b2,69,76,a9,ae,bd,ae,03,d9,ad,f4,aa,62,69,e9,67,02,06,a1,d8,\
"rkeysecu"=hex:b0,25,6c,11,65,91,c2,83,f4,72,b5,25,d8,a5,c1,58
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\rundll32.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Digital Line Detect\DLG.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-05-23 16:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-23 20:30
ComboFix2.txt 2009-05-22 23:47

Pre-Run: 17,402,880,000 bytes free
Post-Run: 17,377,140,736 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=2 Sets=1,2,3,4,5
248 --- E O F --- 2009-05-08 07:01




MWB log came up free. woooo! but it also scanned ~30,000 less objects than it usually does. Again, I'm not sure if that's important or not. Here's the log:

Malwarebytes' Anti-Malware 1.36
Database version: 2171
Windows 5.1.2600 Service Pack 2

5/23/2009 4:58:53 PM
mbam-log-2009-05-23 (16-58-53).txt

Scan type: Quick Scan
Objects scanned: 59741
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 24 May 2009 - 10:09 AM

Once more.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
avast!Antivirus

NetSvc::
avast!Antivirus
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Jdel

Jdel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 24 May 2009 - 11:58 AM

Heres that combofix log:

ComboFix 09-05-23.01 - Jim 05/24/2009 12:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2459 [GMT -4:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-21 18:42 . 2009-05-21 18:42 -------- d-----w C:\_OTListIt
2009-05-20 00:52 . 2009-05-20 00:52 -------- d-----w c:\windows\system32\NtmsData
2009-05-13 20:54 . 2009-05-13 20:54 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Mozilla
2009-05-13 20:54 . 2009-05-13 20:54 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-09 23:17 . 2009-05-09 23:19 -------- d-----w c:\program files\EsetOnlineScanner
2009-05-09 04:33 . 2009-05-09 04:33 409600 ----a-w c:\windows\system32\wrap_oal.dll
2009-05-09 04:33 . 2009-05-09 04:33 114688 ----a-w c:\windows\system32\OpenAL32.dll
2009-05-09 03:57 . 2004-08-04 12:00 111104 -c--a-w c:\windows\system32\dllcache\mtstocom.exe
2009-05-09 03:56 . 2004-08-04 12:00 9728 -c--a-w c:\windows\system32\dllcache\change.exe
2009-05-09 03:46 . 2009-05-09 03:46 -------- d-----w c:\program files\CONEXANT
2009-05-09 03:37 . 2004-08-04 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-09 03:37 . 2004-08-04 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 03:37 . 2004-08-04 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-09 03:37 . 2004-08-04 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-09 03:36 . 2009-05-09 03:36 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-08 23:25 . 2009-05-08 23:25 -------- d-----w c:\windows\java
2009-05-08 23:25 . 2009-05-08 23:25 -------- d-----w c:\windows\dell
2009-05-07 09:29 . 2009-05-07 09:29 -------- d-----w C:\rsit
2009-05-07 08:37 . 2009-05-07 08:37 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-07 08:36 . 2009-05-07 08:36 -------- d-----w c:\program files\Trend Micro
2009-05-07 07:19 . 2009-05-07 07:19 -------- d-----w c:\program files\MSXML 6.0
2009-05-07 01:59 . 2009-05-07 02:12 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-06 22:53 . 2009-05-17 17:01 -------- d-----w C:\Ave
2009-05-01 20:39 . 2009-05-01 21:17 35468 ----a-w c:\windows\DIIUnin.dat
2009-05-01 20:39 . 2009-05-01 20:39 94208 ----a-w c:\windows\DIIUnin.exe
2009-05-01 20:39 . 2009-05-01 20:39 2829 ----a-w c:\windows\DIIUnin.pif
2009-04-30 02:41 . 2009-04-30 02:41 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-30 02:41 . 2009-04-30 02:41 -------- d-----w c:\documents and settings\Jim\Local Settings\Application Data\Downloaded Installations
2009-04-30 02:40 . 2009-04-30 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\documents and settings\Jim\Application Data\Malwarebytes
2009-04-29 22:59 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 22:59 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 22:59 . 2009-04-29 22:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 22:58 . 2009-04-30 02:40 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-29 22:44 . 2009-04-29 22:44 -------- d-----w c:\program files\microsoft frontpage
2009-04-29 20:04 . 2009-04-29 20:04 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-27 21:13 . 2009-04-27 21:13 -------- d-----w c:\documents and settings\Jim\Application Data\vlc
2009-04-25 11:26 . 2004-08-04 07:56 30749 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll
2009-04-25 11:26 . 2004-08-04 07:56 614429 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll
2009-04-25 11:26 . 2004-08-04 07:56 53279 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll
2009-04-25 11:26 . 2004-08-04 07:56 241693 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll
2009-04-25 11:26 . 2004-08-04 07:56 151583 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll
2009-04-25 11:26 . 2004-08-04 07:56 1507356 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll
2009-04-25 11:26 . 2004-08-04 07:56 102400 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll
2009-04-25 11:26 . 2004-08-04 07:56 57344 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll
2009-04-25 11:26 . 2004-08-04 07:56 536576 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll
2009-04-25 11:26 . 2004-08-04 07:56 380957 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll
2009-04-25 11:26 . 2004-08-04 07:56 200704 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll
2009-04-25 11:26 . 2004-03-01 18:52 358976 ----a-w c:\documents and settings\Jim\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 16:37 . 2004-08-27 05:37 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-24 16:37 . 2004-08-22 16:26 -------- d-----w c:\program files\Common Files\AOL
2009-05-24 06:14 . 2007-02-11 02:22 -------- d-----w c:\documents and settings\Jim\Application Data\Skype
2009-05-24 04:02 . 2008-03-28 01:05 -------- d-----w c:\documents and settings\Jim\Application Data\skypePM
2009-05-23 21:05 . 2004-08-27 05:37 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 20:04 . 2008-03-23 16:54 -------- d-----w c:\documents and settings\Jim\Application Data\FrostWire
2009-05-16 20:53 . 2007-06-08 21:30 -------- d-----w c:\program files\Diablo II
2009-05-16 13:30 . 2004-08-22 16:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-16 01:29 . 2004-08-22 16:27 -------- d-----w c:\program files\Common Files\Real
2009-05-16 01:27 . 2004-08-22 16:26 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-14 14:33 . 2007-01-17 06:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-13 01:23 . 2008-03-23 16:53 -------- d-----w c:\program files\FrostWire
2009-05-09 23:15 . 2007-01-28 22:22 -------- d-----w c:\documents and settings\Jim\Application Data\BitTorrent
2009-05-09 23:14 . 2007-11-24 21:38 -------- d-----w c:\program files\GameHouse
2009-05-09 23:14 . 2008-04-28 00:41 -------- d-----w c:\program files\Ares
2009-05-09 10:34 . 2004-03-20 17:57 89691 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-09 04:39 . 2004-08-22 16:37 62968 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 04:35 . 2004-08-22 16:24 -------- d-----w c:\program files\Creative
2009-05-09 03:52 . 2004-03-20 17:55 23444 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-07 08:37 . 2007-05-27 04:14 -------- d-----w c:\program files\Lavasoft
2009-05-01 21:16 . 2006-05-19 05:41 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-05-01 21:16 . 2006-05-19 05:41 17212 ----atw c:\windows\system32\SIntf32.dll
2009-05-01 21:16 . 2006-05-19 05:41 12067 ----atw c:\windows\system32\SIntf16.dll
2009-04-30 18:40 . 2004-08-22 16:31 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-30 17:14 . 2004-08-30 14:40 -------- d-----w c:\program files\Symantec
2009-04-29 22:44 . 2008-03-07 03:13 -------- d-----w c:\program files\7-Zip
2009-04-29 19:20 . 2008-11-04 20:01 -------- d-----w c:\documents and settings\Jim\Application Data\DNA
2009-04-20 17:18 . 2009-04-20 17:18 0 ----a-w c:\documents and settings\Jim\ntuser.tmp
2009-04-02 03:39 . 2009-04-02 03:26 1878984 ----a-w c:\documents and settings\Jim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2003-12-18 15:33 . 2006-05-21 04:21 20102 ----a-w c:\program files\Readme.txt
2003-09-03 11:46 . 2006-05-21 04:21 10960 ----a-w c:\program files\EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"Google Update"="c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-06-29 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-02 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-06-29 28739]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2005-05-03 64512]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2004-08-04 53760]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darknetii@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\darknetii@hotmail.com\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/15/2007 3:59 AM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2577716201-3331332355-4213860654-1006.job
- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.geneseo.edu/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 12:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b6,91,dc,1f,39,f8,f5,e7,3d,5c,cc,8c,b3,3d,ee,27,f8,94,c9,81,7f,b6,aa,
28,2a,0d,63,28,bd,0c,4a,86,49,f7,36,68,fd,8f,a4,65,5f,e9,2f,65,71,1a,20,56,\
"??"=hex:3d,62,55,8c,27,44,10,72,6c,c7,ca,b8,7f,28,1c,a3

[HKEY_USERS\S-1-5-21-2577716201-3331332355-4213860654-1006\Software\SecuROM\License information*]
"datasecu"=hex:5f,54,b0,85,75,36,8a,ce,4b,b5,95,4c,df,ab,7a,a5,5d,5b,80,bb,b4,
2e,be,04,57,80,b2,69,76,a9,ae,bd,ae,03,d9,ad,f4,aa,62,69,e9,67,02,06,a1,d8,\
"rkeysecu"=hex:b0,25,6c,11,65,91,c2,83,f4,72,b5,25,d8,a5,c1,58
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\rundll32.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-05-24 12:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 16:48
ComboFix2.txt 2009-05-23 20:31
ComboFix3.txt 2009-05-22 23:47

Pre-Run: 11,950,026,752 bytes free
Post-Run: 11,924,725,760 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=2 Sets=1,2,3,4,5
220 --- E O F --- 2009-05-08 07:01



Computer seems to be running fine now, no random programs popping up taking up system resources, no malware doctor the last few reboots. My only concern is before the most recent running of combofix, I ran MWB and this came back in the log:

Malwarebytes' Anti-Malware 1.36
Database version: 2173
Windows 5.1.2600 Service Pack 2

5/24/2009 12:31:11 PM
mbam-log-2009-05-24 (12-31-11).txt

Scan type: Quick Scan
Objects scanned: 87415
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


which is something I haven't seen before. Also, there's a good number of files in the quarantine section of MWB, should I remove them?

After running combofix I ran MWB again and the log came up clean. I just don't know where that backdoor.bot could've come from. Other than that though, the machine is running much smoother.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 24 May 2009 - 01:00 PM

You had a pretty good dose of malware and the longer you have it the more of it sneaks onto your computer. As long as Malwarebytes took care of the issue, which was only a registry key left over from one of the infection that was removed previously, then I wouldn't be overly concerned about one particular item. That being said, you did have a serious infection and you need to take precautions and change passwords to any financial websites that you may have visited. Here are some other recommendations for you.



We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Jdel

Jdel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 24 May 2009 - 02:31 PM

Ok changed my passwords, followed all those instructions below. Thank you so much for your help! I was at a loss for a while there. One final question. I have about 70 files in my MWB quarantine, I assume I should delete them? Or should I keep them quarantined? MWB keeps coming up clean so hopefully its all gone. Again, thank you so much for everything!

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:35 AM

Posted 25 May 2009 - 09:05 AM

They're in quarantine so they won't cause any problems. I wouldn't clean it out for a week or so just to be absolutely certain that nothing was removed that shouldn't have been. Then if everything continues to run as it should you can go in and remove all those quarantined items.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users